Skip to content

[+] Chusan events convert tool #143

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
noarchwastaken wants to merge 1 commit into
base: v1-dev
Choose a base branch
from
+57 −0
Open

[+] Chusan events convert tool #143

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
57 changes: 57 additions & 0 deletions tools/chusan-events.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,57 @@
import os
import sys
import xml.etree.ElementTree as ET
Copy link
Copy Markdown
Contributor

@sourcery-ai sourcery-ai bot Jun 28, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

security (opengrep-rules.python.lang.security.use-defused-xml): Python 文档建议使用 defusedxml 而不是 xml,因为原生 Python xml 库容易受到 XML 外部实体 (XXE) 攻击。这些攻击可能会泄露机密数据,“XML 炸弹”可能会导致拒绝服务。

Source: opengrep

Original comment in English

security (opengrep-rules.python.lang.security.use-defused-xml): The Python documentation recommends using defusedxml instead of xml because the native Python xml library is vulnerable to XML External Entity (XXE) attacks. These attacks can leak confidential data and "XML bombs" can cause denial of service.

Source: opengrep



def extract_id_type(xml_file):
tree = ET.parse(xml_file)
Copy link
Copy Markdown
Contributor

@sourcery-ai sourcery-ai bot Jun 28, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

security (opengrep-rules.python.lang.security.use-defused-xml-parse): 原生 Python xml 库容易受到 XML 外部实体 (XXE) 攻击。这些攻击可能会泄露机密数据,“XML 炸弹”可能会导致拒绝服务。不要使用此库来解析不受信任的输入。Python 文档建议使用 defusedxml

Suggested change
tree = ET.parse(xml_file)
tree = defusedxml.etree.ElementTree.parse(xml_file)

Source: opengrep

Original comment in English

security (opengrep-rules.python.lang.security.use-defused-xml-parse): The native Python xml library is vulnerable to XML External Entity (XXE) attacks. These attacks can leak confidential data and "XML bombs" can cause denial of service. Do not use this library to parse untrusted input. Instead the Python documentation recommends using defusedxml.

Suggested change
tree = ET.parse(xml_file)
tree = defusedxml.etree.ElementTree.parse(xml_file)

Source: opengrep

root = tree.getroot()

# Extract id from /EventData/name/id
id_element = root.find(".//name/id")

if id_element is None:
print("Error: /EventData/name/id element not found")
return

id_value = int(id_element.text)
Copy link
Copy Markdown
Contributor

@sourcery-ai sourcery-ai bot Jun 28, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

issue: 未检查 id/type 元素中是否存在非整数或缺失文本的情况。

如果 或 为空或包含非整数值,则会发生 ValueError。添加验证或异常处理以防止这种情况。

Original comment in English

issue: No check for non-integer or missing text in id/type elements.

If or are empty or contain non-integer values, a ValueError will occur. Add validation or exception handling to prevent this.


# Extract type from /EventData/substances/type
type_element = root.find(".//substances/type")

if type_element is None:
print("Error: /EventData/substances/type element not found")
return

type_value = int(type_element.text)

return (id_value, type_value)


if __name__ == "__main__":
lines = ["INSERT INTO chusan_game_event (id, type, end_date, start_date, enable)\nVALUES\n"]
Copy link
Copy Markdown
Contributor

@sourcery-ai sourcery-ai bot Jun 28, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

issue (bug_risk): 生成的 SQL 语句始终以多余的逗号结尾。

如果没有添加任何行,则切掉最后两个字符可能会生成无效的 SQL 语句。请处理空的情况以避免格式错误的语句。

Original comment in English

issue (bug_risk): The generated SQL will always end with an extra comma before the semicolon.

If no rows are added, slicing off the last two characters may produce invalid SQL. Please handle the empty case to avoid malformed statements.


if len(sys.argv) < 2:
print("Usage: python chusan-events.py <dir_name>...")
exit(1)

for dir_name in sys.argv[1:]:
event_dir = os.path.join(dir_name, "event")

if not os.path.exists(event_dir):
continue

for sub_dir in os.listdir(event_dir):
sub_dir_path = os.path.join(event_dir, sub_dir)

if os.path.isdir(sub_dir_path):
xml_path = os.path.join(sub_dir_path, "Event.xml")

if os.path.exists(xml_path):
try:
id_value, type_value = extract_id_type(xml_path)
Copy link
Copy Markdown
Contributor

@sourcery-ai sourcery-ai bot Jun 28, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

issue: 没有处理 extract_id_type 返回 None 的情况。

如果 extract_id_type 返回 None,则解包将失败并出现 TypeError。在解包之前添加对 None 的检查。

Original comment in English

issue: No handling for extract_id_type returning None.

Unpacking will fail with a TypeError if extract_id_type returns None. Add a check for None before unpacking.

lines.append(f" ({id_value},{type_value},'2029-01-01 00:00:00.000000','2019-01-01 00:00:00.000000',true),\n")
except Exception as e:
print(f"Error processing {xml_path}: {e}")

print("".join(lines)[:-2] + ";\n")