graphql-python/graphene-django
1
1
Fork 0
mirror of https://github.com/graphql-python/graphene-django.git synced 2025-02-18 04:20:34 +03:00
Code Issues Packages Projects Releases Wiki Activity
7365ee3ec9
graphene-django/graphene_django
History
Brenton Partridge 7365ee3ec9 Prevent TypeError when bytes passed to cursor.execute in debug middleware 
If DjangoDebugMiddleware is installed, calling `cursor.execute(b)` where b is a `bytes` object causes the recording (and thus the entire database call) to throw a TypeError due to 775644b536/graphene_django/debug/sql/tracking.py (L126) :

```
"is_select": sql.lower().strip().startswith("select"),
```

Calling execute with a bytes parameter, to my knowledge, is not currently done within the high-level abstractions in the Django ORM, but is very much supported by psycopg2, as evidenced by the use in psycopg2's own `execute_values` in https://github.com/psycopg/psycopg2/blob/2_9_3/lib/extras.py#L1270 :

```
cur.execute(b''.join(parts))
```

This fix ensures that the sql parameter is safely decoded before scanning whether it begins with SELECT; since this is the only usage, the change is trivial.

The only workaround if code calls execute_values is to disable the DjangoDebugMiddleware altogether, which is far from ideal.
2023-09-24 14:14:27 -04:00
..
debug Prevent TypeError when bytes passed to cursor.execute in debug middleware 2023-09-24 14:14:27 -04:00
filter Typo fixes (#1459) 2023-09-06 10:29:58 +03:00
forms Typo fixes (#1459) 2023-09-06 10:29:58 +03:00
management Miscellaneous CI fixes (#1447) 2023-08-09 20:48:42 +03:00
rest_framework adding optional_field in Serializermutation to enfore some fields to be optional (#1455) 2023-08-28 00:15:35 +03:00
static/graphene_django Support displaying deprecated input fields in GraphiQL docs (#1458) 2023-09-13 09:49:01 +03:00
templates/graphene Support displaying deprecated input fields in GraphiQL docs (#1458) 2023-09-13 09:49:01 +03:00
tests Typo fixes (#1459) 2023-09-06 10:29:58 +03:00
utils Fix test Client headers for Django 4.2 (#1465) 2023-09-18 23:23:53 +08:00
__init__.py Update __init__.py 2023-08-10 01:12:15 +03:00
compat.py fix: empty list is not an empty value for list filters even when a custom filtering method is provided (#1450) 2023-08-11 23:24:58 +08:00
conftest.py Make tests order independent (#932) 2020-04-20 13:23:20 +01:00
constants.py WIP: Merge master into v3 (#1086) 2020-12-30 15:37:57 -08:00
converter.py fix: foreign key nullable and custom resolver (#1446) 2023-08-09 20:28:26 +03:00
fields.py Use ruff in pre-commit (#1441) 2023-08-06 01:47:00 +03:00
registry.py Use ruff in pre-commit (#1441) 2023-08-06 01:47:00 +03:00
settings.py Support displaying deprecated input fields in GraphiQL docs (#1458) 2023-09-13 09:49:01 +03:00
types.py Miscellaneous CI fixes (#1447) 2023-08-09 20:48:42 +03:00
views.py Fix graphiql explorer styles by sending graphiql_plugin_explorer_css_sri param to render_graphiql function of the GraphQlView (#1418) (#1460) 2023-09-14 00:26:18 +08:00