Giter Club home page Giter Club logo

Comments (4)

sparrowt avatar sparrowt commented on July 17, 2024 1

Repro steps: in a virtualenv for this project, run python manage.py shell and then paste the following simple query:

from django.db.models import F, Min
from testapp import models
models.Number.objects.values('integer').annotate(myannotation=Min(F('integer') % 3))

which fails with the following traceback:

Traceback (most recent call last):
  File "<console>", line 1, in <module>
  File "site-packages/django/db/models/query.py", line 374, in __repr__
    data = list(self[: REPR_OUTPUT_SIZE + 1])
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "site-packages/django/db/models/query.py", line 398, in __iter__
    self._fetch_all()
  File "site-packages/django/db/models/query.py", line 1881, in _fetch_all
    self._result_cache = list(self._iterable_class(self))
                         ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "site-packages/django/db/models/query.py", line 208, in __iter__
    for row in compiler.results_iter(
               ^^^^^^^^^^^^^^^^^^^^^^
  File "site-packages/django/db/models/sql/compiler.py", line 1513, in results_iter
    results = self.execute_sql(
              ^^^^^^^^^^^^^^^^^
  File "site-packages/django/db/models/sql/compiler.py", line 1562, in execute_sql
    cursor.execute(sql, params)
  File "site-packages/django/db/backends/utils.py", line 102, in execute
    return super().execute(sql, params)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "site-packages/django/db/backends/utils.py", line 67, in execute
    return self._execute_with_wrappers(
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "site-packages/django/db/backends/utils.py", line 80, in _execute_with_wrappers
    return executor(sql, params, many, context)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "site-packages/django/db/backends/utils.py", line 89, in _execute
    return self.cursor.execute(sql, params)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "mssql-django/mssql/base.py", line 671, in execute
    sql = self.format_sql(sql, params)
          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "mssql-django/mssql/base.py", line 616, in format_sql
    sql = sql % tuple('?' * len(params))
          ~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~
TypeError: not enough arguments for format string

At the point of failure the variable sql contains the following, so there are 2 % signs (one meaning "MOD") despite only being 1 param, so then the python string formatting fails:

'DECLARE @var0 INT = %s  
SELECT TOP 21 [testapp_number].[the_integer], MIN(([testapp_number].[the_integer] % @var0)) AS [myannotation] FROM [testapp_number] GROUP BY [testapp_number].[the_integer]'

This is somewhat contrived, but we hit this bug in real code and it is blocking us from upgrading to mssql-django==1.4.2. In the mean time we have had to manually patch in the fix for GHSA-vmqv-47j8-gwv8 (CVE-2024-26164) on top of 1.3.

from mssql-django.

dauinsight avatar dauinsight commented on July 17, 2024 1

Thanks for your responses.

It appears the bug stems from performing an additional string formatting operation using %. Doing so removes the extra % used for escaping the modulo operator.

Example:

'%% %s' -> '% (value)' After the first string format.
'% (value)' -> Error After the second string format. Here python expects to insert a parameter but it can't find it.

from mssql-django.

dauinsight avatar dauinsight commented on July 17, 2024

Hi @henrikek,

This makes sense to me, but you could also provide us with a test case to expedite our investigation process. Thank you.

from mssql-django.

henrikek avatar henrikek commented on July 17, 2024

I have tried to reproduce this with a normal django query but I have not succeeded. I saw this problem before in combination with Django rest framework and SearchFilter, but I'm sorry but I haven't been able to reproduce this, so maybe it's not a problem. But at the same time, I know that if you format a string in two parts as the new code looks like, problems with the percent sign can cause it.

from mssql-django.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.