Add a challenge for LiteralString

laike9m · laike9m · commit e5568798f411 · 2023-12-03T11:34:25.000-08:00
diff --git a/challenges/intermediate-literalstring/question.py b/challenges/intermediate-literalstring/question.py
@@ -0,0 +1,33 @@
+"""
+TODO:
+
+You're writing a web backend.
+Annotate a function `execute_query` which runs SQL, but also can prevent SQL injection attacks.
+"""
+
+from typing import Iterable
+
+
+def execute_query(sql, parameters: Iterable[str] = ...):
+    """No need to implement it"""
+
+
+## End of your code ##
+def query_user(user_id: str):
+    query = f"SELECT * FROM data WHERE user_id = {user_id}"
+    execute_query(query)  # expect-type-error
+
+
+def query_data(user_id: str, limit: bool) -> None:
+    query = """
+        SELECT
+            user.name,
+            user.age
+        FROM data
+        WHERE user_id = ?
+    """
+
+    if limit:
+        query += " LIMIT 1"
+
+    execute_query(query, (user_id,))
diff --git a/challenges/intermediate-literalstring/solution.py b/challenges/intermediate-literalstring/solution.py
@@ -0,0 +1,33 @@
+"""
+TODO:
+
+You're writing a web backend.
+Annotate a function `execute_query` which runs SQL, but also can prevent SQL injection attacks.
+"""
+
+from typing import LiteralString, Iterable
+
+
+def execute_query(sql: LiteralString, parameters: Iterable[str] = ...):
+    ...
+
+
+## End of your code ##
+def query_user(user_id: str):
+    query = f"SELECT * FROM data WHERE user_id = {user_id}"
+    execute_query(query)  # expect-type-error
+
+
+def query_data(user_id: str, limit: bool) -> None:
+    query = """
+        SELECT
+            user.name,
+            user.age
+        FROM data
+        WHERE user_id = ?
+    """
+
+    if limit:
+        query += " LIMIT 1"
+
+    execute_query(query, (user_id,))
