graphene-django

mirror of https://github.com/graphql-python/graphene-django.git synced 2025-02-20 13:30:35 +03:00

History

Brenton Partridge 7365ee3ec9 Prevent TypeError when bytes passed to cursor.execute in debug middleware If DjangoDebugMiddleware is installed, calling `cursor.execute(b)` where b is a `bytes` object causes the recording (and thus the entire database call) to throw a TypeError due to `775644b536/graphene_django/debug/sql/tracking.py (L126)` : ``` "is_select": sql.lower().strip().startswith("select"), ``` Calling execute with a bytes parameter, to my knowledge, is not currently done within the high-level abstractions in the Django ORM, but is very much supported by psycopg2, as evidenced by the use in psycopg2's own `execute_values` in https://github.com/psycopg/psycopg2/blob/2_9_3/lib/extras.py#L1270 : ``` cur.execute(b''.join(parts)) ``` This fix ensures that the sql parameter is safely decoded before scanning whether it begins with SELECT; since this is the only usage, the change is trivial. The only workaround if code calls execute_values is to disable the DjangoDebugMiddleware altogether, which is far from ideal.		2023-09-24 14:14:27 -04:00
..
exception	Django v4, python 3.10 support for graphene-django v3 (#1281 )	2022-01-07 20:26:07 +00:00
sql	Prevent TypeError when bytes passed to cursor.execute in debug middleware	2023-09-24 14:14:27 -04:00
tests	Use ruff in pre-commit (#1441 )	2023-08-06 01:47:00 +03:00
__init__.py	Reformatted files using black	2018-07-19 16:52:24 -07:00
middleware.py	Use ruff in pre-commit (#1441 )	2023-08-06 01:47:00 +03:00
types.py	Use ruff in pre-commit (#1441 )	2023-08-06 01:47:00 +03:00