execsql2 2.0.1__py3-none-any.whl → 2.1.2__py3-none-any.whl

execsql/types.py

@@ -84,7 +84,7 @@ class DataType:
         # This method may be overridden in child classes.
         if data is None:
             raise DataTypeError(self.data_type_name, self._CONV_ERR % "NULL")
-        if type(data) == self.data_type:
+        if type(data) is self.data_type:
             return data
         try:
             i = self.data_type(data)
@@ -115,10 +115,8 @@ class DT_TimestampTZ(DataType):
     def _is_match(self, data: object) -> bool:
         if data is None:
             return False
-        if type(data) == datetime.datetime:
-            if data.tzinfo is not None and data.tzinfo.utcoffset(data) is not None:
-                return True
-            return False
+        if isinstance(data, datetime.datetime):
+            return bool(data.tzinfo is not None and data.tzinfo.utcoffset(data) is not None)
         if not isinstance(data, str):
             return False
         try:
@@ -183,17 +181,20 @@ class DT_Date(DataType):
     data_type_name = "date"
     data_type = datetime.date
 
+    def __init__(self) -> None:
+        self._date_fmts = collections.deque(date_fmts)
+
     def __repr__(self) -> str:
         return "DT_Date()"
 
     def _from_data(self, data: object) -> object:
         if data is None:
             raise DataTypeError(self.data_type_name, self._CONV_ERR % "NULL")
-        if type(data) == self.data_type:
+        if type(data) is self.data_type:
             return data
         if not isinstance(data, str):
             raise DataTypeError(self.data_type_name, self._CONV_ERR % data)
-        for i, f in enumerate(date_fmts):
+        for i, f in enumerate(self._date_fmts):  # noqa: B007
             try:
                 dt = datetime.datetime.strptime(data, f)
                 dtt = datetime.date(dt.year, dt.month, dt.day)
@@ -203,8 +204,8 @@ class DT_Date(DataType):
         else:
             raise DataTypeError(self.data_type_name, self._CONV_ERR % data)
         if i:
-            del date_fmts[i]
-            date_fmts.appendleft(f)
+            del self._date_fmts[i]
+            self._date_fmts.appendleft(f)
         return dtt
 
 
@@ -232,9 +233,9 @@ class DT_Time(DataType):
     def _from_data(self, data: object) -> object:
         if data is None:
             raise DataTypeError(self.data_type_name, self._CONV_ERR % "NULL")
-        if type(data) == self.data_type:
+        if type(data) is self.data_type:
             return data
-        if type(data) == datetime.datetime:
+        if isinstance(data, datetime.datetime):
             return datetime.time(data.hour, data.minute, data.second, data.microsecond)
         if not isinstance(data, str):
             raise DataTypeError(self.data_type_name, self._CONV_ERR % data)
@@ -250,48 +251,11 @@ class DT_Time(DataType):
         return t
 
 
-class DT_Time_Oracle(DataType):
-    data_type_name = "time"
-    data_type = datetime.time
+class DT_Time_Oracle(DT_Time):
+    """Oracle-specific time type stored as VARCHAR2 with length specification."""
+
     lenspec = True
     varlen = True
-    time_fmts = (
-        "%H:%M",
-        "%H%M:%S",
-        "%H%M:%S.%f",
-        "%H:%M:%S",
-        "%H:%M:%S.%f",
-        "%I:%M%p",
-        "%I:%M:%S%p",
-        "%I:%M:%S.%f%p",
-        "%I:%M %p",
-        "%I:%M:%S %p",
-        "%I:%M:%S.%f %p",
-        "%X",
-    )
-
-    def __repr__(self) -> str:
-        return "DT_Time()"
-
-    def _from_data(self, data: object) -> object:
-        if data is None:
-            raise DataTypeError(self.data_type_name, self._CONV_ERR % "NULL")
-        if type(data) == self.data_type:
-            return data
-        if type(data) == datetime.datetime:
-            return datetime.time(data.hour, data.minute, data.second, data.microsecond)
-        if not isinstance(data, str):
-            raise DataTypeError(self.data_type_name, self._CONV_ERR % data)
-        for f in self.time_fmts:
-            try:
-                dt = datetime.datetime.strptime(data, f)
-                t = datetime.time(dt.hour, dt.minute, dt.second, dt.microsecond)
-            except Exception:
-                continue
-            break
-        else:
-            raise DataTypeError(self.data_type_name, self._CONV_ERR % data)
-        return t
 
 
 class DT_Boolean(DataType):
@@ -322,13 +286,14 @@ class DT_Boolean(DataType):
         if data is None:
             return False
         self.set_bool_matches()
-        if type(data) == bool:
-            return True
-        elif conf.boolean_int and type(data) == int and data in (0, 1):
-            return True
-        elif isinstance(data, str) and data.lower() in self.bool_repr:
-            return True
-        return False
+        return bool(
+            isinstance(data, bool)
+            or conf.boolean_int
+            and type(data) is int
+            and data in (0, 1)
+            or isinstance(data, str)
+            and data.lower() in self.bool_repr,
+        )
 
     def _from_data(self, data: object) -> object:
         import execsql.state as _state
@@ -337,9 +302,9 @@ class DT_Boolean(DataType):
         if data is None:
             raise DataTypeError(self.data_type_name, self._CONV_ERR % "NULL")
         self.set_bool_matches()
-        if type(data) == bool:
+        if isinstance(data, bool):
             return data
-        elif conf.boolean_int and type(data) == int and data in (0, 1):
+        elif conf.boolean_int and type(data) is int and data in (0, 1):
             return data == 1
         elif isinstance(data, str) and data.lower() in self.bool_repr:
             return data.lower() in self.true
@@ -358,9 +323,9 @@ class DT_Integer(DataType):
         import execsql.state as _state
 
         conf = _state.conf
-        if type(data) == int:
+        if type(data) is int:
             return data <= conf.max_int and data >= -1 * conf.max_int - 1
-        elif type(data) == float:
+        elif isinstance(data, float):
             return False
         elif isinstance(data, str):
             if leading_zero_num(data):
@@ -378,9 +343,9 @@ class DT_Integer(DataType):
     def _from_data(self, data: object) -> object:
         if data is None:
             raise DataTypeError(self.data_type_name, self._CONV_ERR % "NULL")
-        if type(data) == int:
+        if type(data) is int:
             return data
-        if type(data) == float:
+        if isinstance(data, float):
             if int(data) == data:
                 return int(data)
             else:
@@ -408,16 +373,16 @@ class DT_Long(DataType):
 
         if data is None:
             raise DataTypeError(self.data_type_name, self._CONV_ERR % "NULL")
-        if type(data) == int:
+        if type(data) is int:
             return data
-        if type(data) == float:
+        if isinstance(data, float):
             if _math.isnan(data):
                 return None
             else:
                 if int(data) == data:
                     return int(data)
             raise DataTypeError(self.data_type_name, self._CONV_ERR % data)
-        if type(data) == Decimal:
+        if isinstance(data, Decimal):
             raise DataTypeError(self.data_type_name, self._CONV_ERR % data)
         if leading_zero_num(data):
             raise DataTypeError(self.data_type_name, self._CONV_ERR % data)
@@ -440,14 +405,14 @@ class DT_Float(DataType):
     def _is_match(self, data: object) -> bool:
         if data is None:
             return False
-        if type(data) == float:
+        if isinstance(data, float):
             return True
         if leading_zero_num(data):
             return False
         if isinstance(data, str) and not re.match(r"^[+-]?(\d+(\.\d*)?|\.\d+)([eE][+-]?\d+)?$", data):
             return False
         try:
-            i = float(data)
+            float(data)
         except Exception:
             return False
         return True
@@ -455,7 +420,7 @@ class DT_Float(DataType):
     def _from_data(self, data: object) -> object:
         if data is None:
             raise DataTypeError(self.data_type_name, self._CONV_ERR % "NULL")
-        if type(data) == float:
+        if isinstance(data, float):
             return data
         if leading_zero_num(data):
             raise DataTypeError(self.data_type_name, self._CONV_ERR % data)
@@ -491,7 +456,7 @@ class DT_Decimal(DataType):
             raise DataTypeError(self.data_type_name, self._CONV_ERR % "NULL")
         if leading_zero_num(data):
             raise DataTypeError(self.data_type_name, self._CONV_ERR % data)
-        if type(data) == Decimal:
+        if isinstance(data, Decimal):
             self.set_scale_prec(data)
             return data
         elif isinstance(data, str):
@@ -514,9 +479,9 @@ class DT_Character(DataType):
         return "DT_Character()"
 
     def _is_match(self, data: object) -> bool:
-        if type(data) == bytearray:
+        if isinstance(data, bytearray):
             return False
-        return super(DT_Character, self)._is_match(data)
+        return super()._is_match(data)
 
     def _from_data(self, data: object) -> object:
         # data must be non-null.
@@ -544,9 +509,9 @@ class DT_Varchar(DataType):
         return "DT_Varchar()"
 
     def _is_match(self, data: object) -> bool:
-        if type(data) == bytearray:
+        if isinstance(data, bytearray):
             return False
-        return super(DT_Varchar, self)._is_match(data)
+        return super()._is_match(data)
 
     def _from_data(self, data: object) -> object:
         # This varchar data type is the same as the character data type.
@@ -570,9 +535,9 @@ class DT_Text(DataType):
         return "DT_Text()"
 
     def _is_match(self, data: object) -> bool:
-        if type(data) == bytearray:
+        if isinstance(data, bytearray):
             return False
-        return super(DT_Text, self)._is_match(data)
+        return super()._is_match(data)
 
     def _from_data(self, data: object) -> object:
         if data is None:
@@ -724,10 +689,10 @@ dbt_sqlite.name_datatype(DT_Text, "varchar")
 dbt_sqlite.name_datatype(DT_Binary, "blob")
 
 dbt_duckdb = DbType("DuckDB")
-dbt_duckdb.name_datatype(DT_TimestampTZ, "TEXT")
-dbt_duckdb.name_datatype(DT_Timestamp, "TEXT")
-dbt_duckdb.name_datatype(DT_Date, "TEXT")
-dbt_duckdb.name_datatype(DT_Time, "TEXT")
+dbt_duckdb.name_datatype(DT_TimestampTZ, "TIMESTAMPTZ")
+dbt_duckdb.name_datatype(DT_Timestamp, "TIMESTAMP")
+dbt_duckdb.name_datatype(DT_Date, "DATE")
+dbt_duckdb.name_datatype(DT_Time, "TIME")
 dbt_duckdb.name_datatype(DT_Integer, "INTEGER")
 dbt_duckdb.name_datatype(DT_Long, "BIGINT")
 dbt_duckdb.name_datatype(DT_Float, "REAL")

execsql/utils/auth.py

@@ -8,25 +8,121 @@ password on the terminal (via :func:`getpass.getpass`) or through the
 GUI console when running in GUI mode.  The last entered password is
 cached in ``_state.upass`` so that re-prompting is suppressed when
 the same password is needed again within the same session.
+
+When the ``keyring`` package is installed, :func:`get_password` checks
+the OS credential store first (macOS Keychain, Windows Credential
+Manager, or Linux SecretService).  If a stored password is found it is
+returned without prompting.  After a successful interactive prompt the
+password is offered for storage in the keyring for future use (console
+mode only; GUI mode stores silently).
+
+If the stored credential turns out to be stale (e.g. after a password
+change), callers should use :func:`password_from_keyring` to detect
+this, call :func:`clear_stored_password` to remove the bad entry, and
+re-prompt with ``skip_keyring=True``.
+
+Keyring service names follow the pattern
+``execsql/<db_type>/<server_or_file>/<database>``.
 """
 
 import getpass
-from typing import Optional
 
 import execsql.state as _state
 
+# Tracks whether the most recent get_password() call returned a keyring-stored value.
+_last_from_keyring: bool = False
+
+
+def _keyring_service(dbms_name: str, database_name: str, server_name: str | None) -> str:
+    """Build a keyring service name from connection parameters."""
+    server_part = server_name or "local"
+    return f"execsql/{dbms_name}/{server_part}/{database_name}"
+
+
+def _keyring_get(service: str, username: str) -> str | None:
+    """Try to retrieve a password from the OS keyring.  Returns None on failure."""
+    try:
+        import keyring
+
+        return keyring.get_password(service, username)
+    except Exception:
+        return None
+
+
+def _keyring_set(service: str, username: str, password: str) -> bool:
+    """Try to store a password in the OS keyring.  Returns True on success."""
+    try:
+        import keyring
+
+        keyring.set_password(service, username, password)
+        return True
+    except Exception:
+        return False
+
+
+def _keyring_delete(service: str, username: str) -> bool:
+    """Try to remove a password from the OS keyring.  Returns True on success."""
+    try:
+        import keyring
+
+        keyring.delete_password(service, username)
+        return True
+    except Exception:
+        return False
+
+
+def password_from_keyring() -> bool:
+    """Return True if the last :func:`get_password` call used a keyring-stored value."""
+    return _last_from_keyring
+
+
+def clear_stored_password(
+    dbms_name: str,
+    database_name: str,
+    user_name: str,
+    server_name: str | None = None,
+) -> bool:
+    """Remove a stored password from the OS keyring.  Returns True on success."""
+    service = _keyring_service(dbms_name, database_name, server_name)
+    return _keyring_delete(service, user_name)
+
 
 def get_password(
     dbms_name: str,
     database_name: str,
     user_name: str,
-    server_name: Optional[str] = None,
-    other_msg: Optional[str] = None,
+    server_name: str | None = None,
+    other_msg: str | None = None,
+    skip_keyring: bool = False,
 ) -> str:
-    """Prompt the user for a database password, using the GUI if available."""
+    """Prompt the user for a database password, using the GUI if available.
+
+    When ``keyring`` is installed the OS credential store is checked first.
+    If a stored credential is found it is returned immediately.
+
+    Parameters
+    ----------
+    skip_keyring:
+        If True, bypass the keyring lookup and always prompt interactively.
+        Useful when a previously stored password is known to be invalid.
+    """
+    global _last_from_keyring
     # Deferred imports to avoid circular dependencies at import time.
     from execsql.utils.errors import exit_now
 
+    _last_from_keyring = False
+
+    # --- Keyring lookup (before any prompting) ---
+    conf = _state.conf
+    use_keyring = conf is None or getattr(conf, "use_keyring", True)
+    service = _keyring_service(dbms_name, database_name, server_name)
+    if use_keyring and not skip_keyring:
+        stored = _keyring_get(service, user_name)
+        if stored is not None:
+            _last_from_keyring = True
+            _state.upass = stored
+            return stored
+
     script_name = ""
     prompt = f"The execsql script {script_name} wants the {dbms_name} password for"
     if server_name is not None:
@@ -50,7 +146,7 @@ def get_password(
             user_response = return_queue.get(block=True)
             use_gui = user_response["console_running"]
     except Exception:
-        pass
+        pass  # GUI query failed; fall back to non-GUI password prompt.
 
     conf = _state.conf
     if use_gui or (conf is not None and conf.gui_level > 0):
@@ -73,15 +169,14 @@ def get_password(
             user_response = return_queue.get(block=True)
             btn = user_response["button"]
             passwd = user_response["return_value"]
-            if not btn:
-                if _state.status and _state.status.cancel_halt:
-                    if _state.exec_log:
-                        _state.exec_log.log_exit_halt(
-                            script_name,
-                            0,
-                            f"Canceled on password prompt for {dbms_name} database {database_name}, user {user_name}",
-                        )
-                    exit_now(2, None)
+            if not btn and _state.status and _state.status.cancel_halt:
+                if _state.exec_log:
+                    _state.exec_log.log_exit_halt(
+                        script_name,
+                        0,
+                        f"Canceled on password prompt for {dbms_name} database {database_name}, user {user_name}",
+                    )
+                exit_now(2, None)
         except Exception:
             prompt_text = prompt.replace("\n", " ", 1).replace("\n", ", ") + " >"
             passwd = getpass.getpass(str(prompt_text))
@@ -90,4 +185,9 @@ def get_password(
         passwd = getpass.getpass(str(prompt_text))
 
     _state.upass = passwd
+
+    # --- Offer to store in keyring after interactive prompt ---
+    if use_keyring and passwd:
+        _keyring_set(service, user_name, passwd)
+
     return passwd

execsql/utils/crypto.py

@@ -1,12 +1,23 @@
 from __future__ import annotations
 
 """
-Simple reversible encryption for execsql configuration credentials.
+Simple reversible obfuscation for execsql configuration credentials.
+
+.. warning::
+
+   **This is obfuscation, not encryption.**
+
+   * The XOR keys are hardcoded in this source file; anyone with access to
+     the source code (or the installed package) can decode any password
+     produced by this module.
+   * Passwords stored via ``enc_password`` in ``execsql.conf`` should be
+     treated as **plaintext-equivalent**.
+   * For production deployments, prefer OS credential stores (e.g. macOS
+     Keychain, Windows Credential Manager, ``secret-tool`` on Linux) or
+     environment variables rather than relying on this obfuscation.
 
 Provides :class:`Encrypt` with ``encrypt()`` / ``decrypt()`` methods
 that use XOR against a fixed key table followed by base64 encoding.
-This is *not* cryptographically secure — it is intended only to prevent
-plaintext passwords from appearing verbatim in ``execsql.conf`` files.
 The monolith (line 2301) called this "SIMPLE ENCRYPTION".
 """
 
@@ -15,6 +26,21 @@ import uuid
 
 
 class Encrypt:
+    """Reversible XOR-based obfuscation for configuration file passwords.
+
+    .. warning::
+
+       This class provides **obfuscation only** — not real encryption.
+       The XOR keys are embedded in the source code, so any password
+       encrypted with this class can be trivially reversed by anyone who
+       can read the source or the installed package.  Passwords stored in
+       ``execsql.conf`` using ``enc_password`` should be considered
+       plaintext-equivalent.
+
+       For meaningful credential protection, use OS-level credential
+       stores or environment variables instead.
+    """
+
     ky: dict = {}
     ky["0"] = "6f2bba010bdf450a99c1c324ace5d765"
     ky["3"] = "4a69dd15b6304ed491f10d0ebc7498cf"
@@ -32,7 +58,8 @@ class Encrypt:
     def __init__(self) -> None:
         global itertools
         global base64
-        import itertools, base64
+        import itertools
+        import base64
 
     def xor(self, text: str, enckey: str) -> str:
         return "".join(chr(ord(t) ^ ord(k)) for t, k in zip(text, itertools.cycle(enckey)))

execsql/utils/datetime.py

@@ -14,7 +14,7 @@ scanning imported data for type inference.
 import collections
 import datetime
 import re
-from typing import Any, Optional
+from typing import Any
 
 
 dt_fmts = collections.deque(
@@ -95,8 +95,8 @@ dt_fmts = collections.deque(
 )
 
 
-def parse_datetime(datestr: Any) -> Optional[datetime.datetime]:
-    if type(datestr) == datetime.datetime:
+def parse_datetime(datestr: Any) -> datetime.datetime | None:
+    if isinstance(datestr, datetime.datetime):
         return datestr
     if not isinstance(datestr, str):
         try:
@@ -104,7 +104,7 @@ def parse_datetime(datestr: Any) -> Optional[datetime.datetime]:
         except Exception:
             return None
     dt = None
-    for i, f in enumerate(dt_fmts):
+    for i, f in enumerate(dt_fmts):  # noqa: B007
         try:
             dt = datetime.datetime.strptime(datestr, f)
         except Exception:
@@ -238,11 +238,11 @@ timestamptz_fmts = collections.deque(
 )
 
 
-def parse_datetimetz(data: Any) -> Optional[datetime.datetime]:
+def parse_datetimetz(data: Any) -> datetime.datetime | None:
     # Import Tz locally to avoid circular imports
     from execsql.types import Tz
 
-    if type(data) == type(datetime.datetime.now()):
+    if isinstance(data, datetime.datetime):
         if data.tzinfo is None or data.tzinfo.utcoffset(data) is None:
             return None
         return data
@@ -267,7 +267,7 @@ def parse_datetimetz(data: Any) -> Optional[datetime.datetime]:
         )
     except Exception:
         # Check for alphabetic timezone
-        for i, f in enumerate(timestamptz_fmts):
+        for i, f in enumerate(timestamptz_fmts):  # noqa: B007
             try:
                 dt = datetime.datetime.strptime(data, f)
             except Exception: