#36371: JSONField.from_db_value crashes when DB returns parsed JSON despite
KeyTransform guard
-------------------------------------+-------------------------------------
Reporter: Mason Pitts | Owner: (none)
Type: Bug | Status: closed
Component: Database layer | Version: 5.2
(models, ORM) | Resolution:
Severity: Normal | worksforme
Keywords: jsonfield, | Triage Stage:
from_db_value, double-decoding, | Unreviewed
psycopg3, cx_oracle, python- |
oracledb |
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
Changes (by Natalia Bidart):
* easy: 1 => 0
* has_patch: 1 => 0
* resolution: => worksforme
* status: new => closed
Comment:
Hello Mason Pitts, thank you for taking the time to create this report. I
can't reproduce what you are describing: I'm using Django `main`,
PostgreSQL 16.8 and psycopg version 3.2.3. Given this model:
{{{#!python
class VulnerableModel(models.Model):
data = models.JSONField()
}}}
And this test case:
{{{#!python
class Ticket36371TestCase(TestCase):
def test_try(self):
from django.db import connection
print(connection.connection)
from .models import VulnerableModel
self.assertEqual(VulnerableModel.objects.all().count(), 0)
VulnerableModel.objects.create(data={"test": 1})
self.assertEqual(VulnerableModel.objects.all().count(), 1)
VulnerableModel.objects.create(data=["my list", 1, 2])
self.assertEqual(VulnerableModel.objects.all().count(), 2)
VulnerableModel.objects.create(data="This is a plain string")
self.assertEqual(VulnerableModel.objects.all().count(), 3)
items = [i.data for i in VulnerableModel.objects.all()]
self.assertEqual(items, [{"test": 1}, ["my list", 1, 2], "This is
a plain string"])
}}}
Running the tests shows:
{{{
$ python -Wall manage.py test testapp.tests.Ticket36371TestCase
Found 1 test(s).
Creating test database for alias 'default'...
System check identified no issues (0 silenced).
<psycopg.Connection [INTRANS] (user=nessita database=test_djangotest) at
0x754ee7715f90>
.
----------------------------------------------------------------------
Ran 1 test in 0.003s
OK
Destroying test database for alias 'default'...
}}}
Given this, I think this report seems better suited to be a support
request. The best place to get answers to your issue is using any of the
user support channels from [https://docs.djangoproject.com/en/dev/faq/help
/#how-do-i-do-x-why-doesn-t-y-work-where-can-i-go-to-get-help this link].
Since the goal of this issue tracker is to track issues about Django
itself, and your issue seems, at first, to be located in your custom code,
I'll be closing this ticket following the
[https://docs.djangoproject.com/en/dev/internals/contributing/triaging-
tickets/#closing-tickets ticket triaging process]. If, after debugging,
you find out that this is indeed a bug in Django, please re-open with the
specific details and please be sure to include a small Django project to
reproduce or a failing test case.
--
Ticket URL: <https://code.djangoproject.com/ticket/36371#comment:1>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion visit
https://groups.google.com/d/msgid/django-updates/01070196a6f0e62e-28d27776-6a14-4f6d-8cc6-bc2cfca43dad-000000%40eu-central-1.amazonses.com.
