Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
JSON query expressions using SQLite
This library will manage your database schema to store JSON documents. You get all the speed of a well-formed database schema without the schema migration headaches.
Significant updates to the supporting libraries has broken this code. It still works for the simple cases that require it
Jan 2024 - 118 of 334 tests ignored
pip install jx-sqlite
The smoke test, found in the tests
is a simple example of how to use this library.
import jx_sqlite
table = (
jx_sqlite
.Container(filename="my.db")
.get_or_create_facts("my_table")
.insert([{"os": "linux", "value": 42}])
.query({
"select": "os",
"where": {"gt": {"value": 0}}
})
)
This project is an attempt to store JSON documents in SQLite so that they are accessible via SQL. The hope is this will serve a basis for a general document-relational map (DRM), and leverage the database's query optimizer.
jx-sqlite
is responsible for expanding the schema dynamically as new JSON documents are encountered. It also strives to ensure old queries against the new schema have the same meaning; the same results.
The most interesting, and most important feature is that we query nested object arrays as if they were just another table. This is important for two reasons:
{"a": {"b": 0}}
are a shortcut for nested arrays {"a": [{"b": 0}]}
, plus{"a": [{"b": 0}, {"b": 1}]}
.JSON is a nice format to store data, and it has become quite prevalent. Unfortunately, databases do not handle it well, often a human is required to declare a schema that can hold the JSON before it can be queried. If we are not overwhelmed by the diversity of JSON now, we soon will be. There will be more JSON, of more different shapes, as the number of connected devices( and the information they generate) continues to increase.
Contributions are always welcome! The best thing to do is find a failing test, and try to fix it.
These instructions will get you a copy of the project up and running on your local machine for development and testing purposes.
$ git clone https://github.com/klahnakoski/jx-sqlite
$ cd jx-sqlite
There are over 300 tests used to confirm the expected behaviour: They test a variety of JSON forms, and the queries that can be performed on them. Most tests are further split into three different output formats ( list, table and cube).
The requirements.lock
file is the last successful combination that passed all tests, despite the version conflicts.
python.exe -m pip install --no-deps -r tests\requirements.lock
Linux
export PYTHONPATH=.:vendor
python -m unittest discover -v -s tests
Windows
set PYTHONPATH=.;vendor
python -m unittest discover -v -s tests
This project is licensed under Mozilla Public License, v. 2.0. If a copy of the MPL was not distributed with this file, You can obtain one at http://mozilla.org/MPL/2.0/.
Jan 2024 - Attempt to resurrect this project (118 of 334 tests ignored)
Sep 2018 - Upgrade libs, start refactoring to work with other libs
Dec 2017 - A number of tests were added, but they do not pass.
Sep 2017 - GSoC work completed, all but a few tests pass.
Good work by Rohit Kumar. You may see the end result on gsoc branch. Installation requires python2.7, and will require some version fixing to get running.
Work done up to the deadline of GSoC'17:
FAQs
JSON query expressions using SQLite
We found that jx-sqlite demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.