[Django] #35842: JSONField has_key, has_keys, has_any_keys lookups do not properly handle quotes on Oracle and SQLite
55 views
Skip to first unread message
Django
Oct 15, 2024, 12:11:40 PM10/15/24
to django-...@googlegroups.com
#35842: JSONField has_key, has_keys, has_any_keys lookups do not properly handle
quotes on Oracle and SQLite
-------------------------------------+-------------------------------------
Reporter: Simon Charette | Type: Bug
Status: new | Component: Database
| layer (models, ORM)
Version: 5.0 | Severity: Normal
Keywords: oracle sqlite json | Triage Stage:
key quote | Unreviewed
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
The following test reproduces issues on both Oracle and SQLite
{{{#!diff
diff --git a/tests/model_fields/test_jsonfield.py
b/tests/model_fields/test_jsonfield.py
index ff42b1a14c..b1090b30ac 100644
--- a/tests/model_fields/test_jsonfield.py
+++ b/tests/model_fields/test_jsonfield.py
@@ -636,6 +636,25 @@ def test_has_key_number(self):
[obj],
)
+ def test_has_key_special_chars(self):
+ value = {
+ 'double"': "",
+ "single'": "",
+ "dollar$": "",
+ "mixed$\"'.": "",
+ }
+ obj = NullableJSONModel.objects.create(
+ value=value
+ )
+ obj.refresh_from_db()
+ self.assertEqual(obj.value, value)
+ for key in value:
+ with self.subTest(key=key):
+ self.assertSequenceEqual(
+ NullableJSONModel.objects.filter(value__has_key=key),
+ [obj],
+ )
+
@skipUnlessDBFeature("supports_json_field_contains")
def test_contains(self):
tests = [
}}}
In the case of Oracle the issue arise because it doesn't supporting
binding variables in `JSON_EXISTS`
([https://github.com/django/django/pull/11452#issuecomment-510323462
original discussion]) so while the `json.dumps` of the key is believed to
protect from SQL injections it can still result in crashes if the key
contains a single quote character. Using the `PASSING` clause could
possibly allow us to [https://docs.oracle.com/en/database/oracle/oracle-
database/23/adjsn/clauses-used-in-functions-and-conditions-for-json.html
#GUID-DE9F29D3-1C23-4271-9DCD-E585866576D2 bypass this limitation] or
using
[https://docs.oracle.com/cd/B19306_01/server.102/b14200/sql_elements003.htm#i42617
a different escaping strategy] could possibly be used to adjust
[https://github.com/django/django/blob/ec7d69035a408b357f1803ca05a7c991cc358cfa/django/db/models/fields/json.py#L231-L237
the Oracle implementation].
---
In the case of SQLite the problem is with the double-quote character `"`
because escapes generated by `json.dumps`
[https://stackoverflow.com/questions/67993982/sqlite-with-special-
character-in-the-json-path/67994603#67994603 are not properly interpreted
by SQLite].
In other words `"foo\"bar"` is not properly interpreted as `'foo"bar` and
while SQLite allows you not to quote keys (e.g. `JSON_TYPE(%s,
'$.foo\"bar') IS NOT NULL`) the solution is not viable for keys that
contain both a double-quote and a symbol such as `.` as exemplified by the
''mixed'' key in the provide test.
--
Ticket URL: <https://code.djangoproject.com/ticket/35842>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
quotes on Oracle and SQLite
-------------------------------------+-------------------------------------
Reporter: Simon Charette | Type: Bug
Status: new | Component: Database
| layer (models, ORM)
Version: 5.0 | Severity: Normal
Keywords: oracle sqlite json | Triage Stage:
key quote | Unreviewed
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
The following test reproduces issues on both Oracle and SQLite
{{{#!diff
diff --git a/tests/model_fields/test_jsonfield.py
b/tests/model_fields/test_jsonfield.py
index ff42b1a14c..b1090b30ac 100644
--- a/tests/model_fields/test_jsonfield.py
+++ b/tests/model_fields/test_jsonfield.py
@@ -636,6 +636,25 @@ def test_has_key_number(self):
[obj],
)
+ def test_has_key_special_chars(self):
+ value = {
+ 'double"': "",
+ "single'": "",
+ "dollar$": "",
+ "mixed$\"'.": "",
+ }
+ obj = NullableJSONModel.objects.create(
+ value=value
+ )
+ obj.refresh_from_db()
+ self.assertEqual(obj.value, value)
+ for key in value:
+ with self.subTest(key=key):
+ self.assertSequenceEqual(
+ NullableJSONModel.objects.filter(value__has_key=key),
+ [obj],
+ )
+
@skipUnlessDBFeature("supports_json_field_contains")
def test_contains(self):
tests = [
}}}
In the case of Oracle the issue arise because it doesn't supporting
binding variables in `JSON_EXISTS`
([https://github.com/django/django/pull/11452#issuecomment-510323462
original discussion]) so while the `json.dumps` of the key is believed to
protect from SQL injections it can still result in crashes if the key
contains a single quote character. Using the `PASSING` clause could
possibly allow us to [https://docs.oracle.com/en/database/oracle/oracle-
database/23/adjsn/clauses-used-in-functions-and-conditions-for-json.html
#GUID-DE9F29D3-1C23-4271-9DCD-E585866576D2 bypass this limitation] or
using
[https://docs.oracle.com/cd/B19306_01/server.102/b14200/sql_elements003.htm#i42617
a different escaping strategy] could possibly be used to adjust
[https://github.com/django/django/blob/ec7d69035a408b357f1803ca05a7c991cc358cfa/django/db/models/fields/json.py#L231-L237
the Oracle implementation].
---
In the case of SQLite the problem is with the double-quote character `"`
because escapes generated by `json.dumps`
[https://stackoverflow.com/questions/67993982/sqlite-with-special-
character-in-the-json-path/67994603#67994603 are not properly interpreted
by SQLite].
In other words `"foo\"bar"` is not properly interpreted as `'foo"bar` and
while SQLite allows you not to quote keys (e.g. `JSON_TYPE(%s,
'$.foo\"bar') IS NOT NULL`) the solution is not viable for keys that
contain both a double-quote and a symbol such as `.` as exemplified by the
''mixed'' key in the provide test.
--
Ticket URL: <https://code.djangoproject.com/ticket/35842>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
Django
Oct 15, 2024, 12:15:45 PM10/15/24
to django-...@googlegroups.com
#35842: JSONField has_key, has_keys, has_any_keys lookups do not properly handle
quotes on Oracle and SQLite
-------------------------------------+-------------------------------------
Reporter: Simon Charette | Owner: (none)
quotes on Oracle and SQLite
-------------------------------------+-------------------------------------
Type: Bug | Status: new
Component: Database layer | Version: 5.0
(models, ORM) |
Severity: Normal | Resolution:
Keywords: oracle sqlite json | Triage Stage:
key quote | Unreviewed
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
Comment (by Mariusz Felisiak):
key quote | Unreviewed
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
It's related to the #32213.
--
Ticket URL: <https://code.djangoproject.com/ticket/35842#comment:1>
Django
Oct 15, 2024, 12:24:13 PM10/15/24
to django-...@googlegroups.com
#35842: JSONField has_key, has_keys, has_any_keys lookups do not properly handle
quotes on Oracle and SQLite
-------------------------------------+-------------------------------------
Reporter: Simon Charette | Owner: (none)
Type: Bug | Status: new
Component: Database layer | Version: 5.0
(models, ORM) |
Severity: Normal | Resolution:
Keywords: oracle sqlite json | Triage Stage: Accepted
quotes on Oracle and SQLite
-------------------------------------+-------------------------------------
Reporter: Simon Charette | Owner: (none)
Type: Bug | Status: new
Component: Database layer | Version: 5.0
(models, ORM) |
Severity: Normal | Resolution:
key quote |
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
Changes (by Natalia Bidart):
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
* stage: Unreviewed => Accepted
--
Ticket URL: <https://code.djangoproject.com/ticket/35842#comment:2>
Django
Nov 17, 2024, 8:22:29 AM11/17/24
to django-...@googlegroups.com
#35842: JSONField has_key, has_keys, has_any_keys lookups do not properly handle
quotes on Oracle and SQLite
-------------------------------------+-------------------------------------
Reporter: Simon Charette | Owner: (none)
Type: Bug | Status: new
Component: Database layer | Version: 5.0
(models, ORM) |
Severity: Normal | Resolution:
Keywords: oracle sqlite json | Triage Stage: Accepted
key quote |
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
Changes (by Sage Abdullah):
quotes on Oracle and SQLite
-------------------------------------+-------------------------------------
Reporter: Simon Charette | Owner: (none)
Type: Bug | Status: new
Component: Database layer | Version: 5.0
(models, ORM) |
Severity: Normal | Resolution:
Keywords: oracle sqlite json | Triage Stage: Accepted
key quote |
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
* cc: Sage Abdullah (added)
--
Ticket URL: <https://code.djangoproject.com/ticket/35842#comment:3>
Django
Nov 22, 2024, 11:54:07 AM11/22/24
to django-...@googlegroups.com
#35842: JSONField has_key, has_keys, has_any_keys lookups do not properly handle
quotes on Oracle and SQLite
-------------------------------------+-------------------------------------
Reporter: Simon Charette | Owner: Sage
quotes on Oracle and SQLite
-------------------------------------+-------------------------------------
| Abdullah
Type: Bug | Status: assigned
Component: Database layer | Version: 5.0
(models, ORM) |
Severity: Normal | Resolution:
Keywords: oracle sqlite json | Triage Stage: Accepted
key quote |
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
Changes (by Sage Abdullah):
* owner: (none) => Sage Abdullah
(models, ORM) |
Severity: Normal | Resolution:
Keywords: oracle sqlite json | Triage Stage: Accepted
key quote |
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
Changes (by Sage Abdullah):
* status: new => assigned
--
Ticket URL: <https://code.djangoproject.com/ticket/35842#comment:4>
Django
Nov 24, 2024, 3:29:12 PM11/24/24
to django-...@googlegroups.com
#35842: JSONField has_key, has_keys, has_any_keys lookups do not properly handle
quotes on Oracle and SQLite
-------------------------------------+-------------------------------------
Reporter: Simon Charette | Owner: Sage
| Abdullah
Type: Bug | Status: assigned
Component: Database layer | Version: dev
quotes on Oracle and SQLite
-------------------------------------+-------------------------------------
Reporter: Simon Charette | Owner: Sage
| Abdullah
Type: Bug | Status: assigned
(models, ORM) |
Severity: Normal | Resolution:
Keywords: oracle sqlite json | Triage Stage: Accepted
key quote |
Has patch: 1 | Needs documentation: 0
Severity: Normal | Resolution:
Keywords: oracle sqlite json | Triage Stage: Accepted
key quote |
Needs tests: 0 | Patch needs improvement: 1
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
Changes (by Sage Abdullah):
* has_patch: 0 => 1
-------------------------------------+-------------------------------------
Changes (by Sage Abdullah):
* needs_better_patch: 0 => 1
* version: 5.0 => dev
Comment:
[https://github.com/django/django/pull/18845 PR, with more explanation in
the PR description]. Marking as needs improvement, I still need to write
some more tests for the `KeyTransform` as I'm pretty sure it has the same
issue.
Thanks Simon for such detailed description and suggestions!
--
Ticket URL: <https://code.djangoproject.com/ticket/35842#comment:5>
Django
Nov 25, 2024, 11:35:57 AM11/25/24
to django-...@googlegroups.com
#35842: JSONField has_key, has_keys, has_any_keys lookups do not properly handle
quotes on Oracle and SQLite
-------------------------------------+-------------------------------------
Reporter: Simon Charette | Owner: Sage
| Abdullah
Type: Bug | Status: assigned
Component: Database layer | Version: dev
(models, ORM) |
Severity: Normal | Resolution:
Keywords: oracle sqlite json | Triage Stage: Accepted
key quote |
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
quotes on Oracle and SQLite
-------------------------------------+-------------------------------------
Reporter: Simon Charette | Owner: Sage
| Abdullah
Type: Bug | Status: assigned
Component: Database layer | Version: dev
(models, ORM) |
Severity: Normal | Resolution:
Keywords: oracle sqlite json | Triage Stage: Accepted
key quote |
Has patch: 1 | Needs documentation: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
Changes (by Sage Abdullah):
* needs_better_patch: 1 => 0
-------------------------------------+-------------------------------------
Changes (by Sage Abdullah):
Comment:
I can confirm that `KeyTransform` is affected by the same issue, and I've
added the tests in the PR.
I think #32213 is a different issue, though. That one is about the
deserialization of the values, whereas the issue in this ticket is about
the escaping of function parameters.
--
Ticket URL: <https://code.djangoproject.com/ticket/35842#comment:6>
Django
Nov 25, 2024, 11:37:38 AM11/25/24
to django-...@googlegroups.com
#35842: JSONField has_key, has_keys, has_any_keys lookups do not properly handle
quotes on Oracle and SQLite
-------------------------------------+-------------------------------------
Reporter: Simon Charette | Owner: Sage
| Abdullah
Type: Bug | Status: assigned
Component: Database layer | Version: dev
(models, ORM) |
Severity: Normal | Resolution:
Keywords: oracle sqlite json | Triage Stage: Accepted
key quote |
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
Comment (by Simon Charette):
quotes on Oracle and SQLite
-------------------------------------+-------------------------------------
Reporter: Simon Charette | Owner: Sage
| Abdullah
Type: Bug | Status: assigned
Component: Database layer | Version: dev
(models, ORM) |
Severity: Normal | Resolution:
Keywords: oracle sqlite json | Triage Stage: Accepted
key quote |
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
Thanks for the patch Sage, I do agree that #32213 is a different issue.
--
Ticket URL: <https://code.djangoproject.com/ticket/35842#comment:7>
Django
Dec 1, 2024, 1:50:53 PM12/1/24
to django-...@googlegroups.com
#35842: JSONField has_key, has_keys, has_any_keys lookups do not properly handle
quotes on Oracle and SQLite
-------------------------------------+-------------------------------------
Reporter: Simon Charette | Owner: Sage
| Abdullah
Type: Bug | Status: assigned
Component: Database layer | Version: dev
(models, ORM) |
Severity: Normal | Resolution:
Keywords: oracle sqlite json | Triage Stage: Ready for
quotes on Oracle and SQLite
-------------------------------------+-------------------------------------
Reporter: Simon Charette | Owner: Sage
| Abdullah
Type: Bug | Status: assigned
Component: Database layer | Version: dev
(models, ORM) |
Severity: Normal | Resolution:
key quote | checkin
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
Changes (by Mariusz Felisiak):
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
* stage: Accepted => Ready for checkin
--
Ticket URL: <https://code.djangoproject.com/ticket/35842#comment:8>
Django
Dec 3, 2024, 5:20:05 AM12/3/24
to django-...@googlegroups.com
#35842: JSONField has_key, has_keys, has_any_keys lookups do not properly handle
quotes on Oracle and SQLite
-------------------------------------+-------------------------------------
Reporter: Simon Charette | Owner: Sage
| Abdullah
Type: Bug | Status: assigned
Component: Database layer | Version: dev
(models, ORM) |
Severity: Normal | Resolution:
Keywords: oracle sqlite json | Triage Stage: Ready for
key quote | checkin
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
Comment (by Sarah Boyce <42296566+sarahboyce@…>):
quotes on Oracle and SQLite
-------------------------------------+-------------------------------------
Reporter: Simon Charette | Owner: Sage
| Abdullah
Type: Bug | Status: assigned
Component: Database layer | Version: dev
(models, ORM) |
Severity: Normal | Resolution:
Keywords: oracle sqlite json | Triage Stage: Ready for
key quote | checkin
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
In [changeset:"b28438f379049e5ee1a89067e9cc14b7d0da07cf" b28438f]:
{{{#!CommitTicketReference repository=""
revision="b28438f379049e5ee1a89067e9cc14b7d0da07cf"
Refs #35842 -- Fixed handling of quotes in JSONField key lookups on
Oracle.
}}}
--
Ticket URL: <https://code.djangoproject.com/ticket/35842#comment:9>
Django
Dec 3, 2024, 5:20:22 AM12/3/24
to django-...@googlegroups.com
#35842: JSONField has_key, has_keys, has_any_keys lookups do not properly handle
quotes on Oracle and SQLite
-------------------------------------+-------------------------------------
Reporter: Simon Charette | Owner: Sage
| Abdullah
Type: Bug | Status: assigned
Component: Database layer | Version: dev
(models, ORM) |
Severity: Normal | Resolution:
quotes on Oracle and SQLite
-------------------------------------+-------------------------------------
Reporter: Simon Charette | Owner: Sage
| Abdullah
Type: Bug | Status: assigned
Component: Database layer | Version: dev
(models, ORM) |
Severity: Normal | Resolution:
Keywords: oracle sqlite json | Triage Stage: Accepted
key quote |
Has patch: 0 | Needs documentation: 0
key quote |
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
Changes (by Sarah Boyce):
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
* has_patch: 1 => 0
* stage: Ready for checkin => Accepted
--
Ticket URL: <https://code.djangoproject.com/ticket/35842#comment:10>
Django
Dec 3, 2024, 8:57:47 AM12/3/24
to django-...@googlegroups.com
#35842: JSONField has_key, has_keys, has_any_keys lookups do not properly handle
quotes on Oracle and SQLite
-------------------------------------+-------------------------------------
Reporter: Simon Charette | Owner: Sage
| Abdullah
Type: Bug | Status: assigned
Component: Database layer | Version: dev
(models, ORM) |
Severity: Normal | Resolution:
Keywords: oracle sqlite json | Triage Stage: Accepted
key quote |
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
Comment (by Sage Abdullah):
quotes on Oracle and SQLite
-------------------------------------+-------------------------------------
Reporter: Simon Charette | Owner: Sage
| Abdullah
Type: Bug | Status: assigned
Component: Database layer | Version: dev
(models, ORM) |
Severity: Normal | Resolution:
Keywords: oracle sqlite json | Triage Stage: Accepted
key quote |
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
Apparently it's fixed in SQLite 3.37.0 (released 2024-10-21)!
It's not in the [https://www.sqlite.org/changes.html release notes], but
you can see
[https://www3.sqlite.org/src/fdiff?v1=5b6a1d6015997b9e&v2=68a98c020c22127f
the changeset]. Looks like it was
[https://www3.sqlite.org/src/fdiff?v1=bf1b51e32158b3d0&v2=e60c9f5132c974ef
backported to the 3.36 branch too], but given that 3.37.0 and even 3.37.1
have been released, it looks like there won't be any more 3.36.x releases
(at least based on the [https://www.sqlite.org/chronology.html chronology
of past releases]).
I can confirm this by downloading a precompiled SQLite from
[https://www.sqlite.org/download.html the download page] and running the
following query:
{{{
select json_extract(json('{"foo\".bar": "ba\"z", "x": "y"}'),
'$."foo\".bar"');
}}}
I have yet to run the Django test, as updating the SQLite version is a bit
more complicated – I'll do that this weekend. Anyhow, if it works, I think
we should remove the expected test failure if the SQLite version is >=
3.37.0.
Not sure how to update it in CI, though. It's tricky because you need to
compile Python with the newer SQLite installed on the system so that the
resulting `libsqlite3.so.0` inside Python's `lib` directory is compiled
with the newer SQLite. Or, you can compile it separately and then replace
the lib file in the Python installation (or use the `LD_LIBRARY_PATH`
environment variable). Alternatively, we can just wait until the Python
that's distributed in the docker (?) image used in our Jenkins setup gets
updated.
--
Ticket URL: <https://code.djangoproject.com/ticket/35842#comment:11>
Django
Dec 4, 2024, 11:28:49 PM12/4/24
to django-...@googlegroups.com
#35842: JSONField has_key, has_keys, has_any_keys lookups do not properly handle
quotes on Oracle and SQLite
-------------------------------------+-------------------------------------
Reporter: Simon Charette | Owner: Sage
| Abdullah
Type: Bug | Status: assigned
Component: Database layer | Version: dev
(models, ORM) |
Severity: Normal | Resolution:
Keywords: oracle sqlite json | Triage Stage: Accepted
key quote |
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
Comment (by Simon Charette):
quotes on Oracle and SQLite
-------------------------------------+-------------------------------------
Reporter: Simon Charette | Owner: Sage
| Abdullah
Type: Bug | Status: assigned
Component: Database layer | Version: dev
(models, ORM) |
Severity: Normal | Resolution:
Keywords: oracle sqlite json | Triage Stage: Accepted
key quote |
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
> Apparently it's fixed in SQLite 3.37.0 (released 2024-10-21)!
against against SQLite 3.37.0 and on 3.46.0 on macOS (x86) and on Linux.
[https://github.com/orf/django-docker-box/issues/25#issuecomment-459990118
I built it from source] on both platform and used `set env
DYLD_INSERT_LIBRARIES` on macOS and `LD_PRELOAD` on Linux.
> I can confirm this by downloading a precompiled SQLite from the
download page and running the following query:
I get different results on my side
{{{
SQLite version 3.37.0 2021-12-09 01:34:53
Enter ".help" for usage hints.
Connected to a transient in-memory database.
Use ".open FILENAME" to reopen on a persistent database.
sqlite> select json_extract(json('{"foo\".bar": "ba\"z", "x": "y"}'),
'$."foo\".bar"');
sqlite> select json_extract(json('{"foo\".bar": "ba\"z", "x": "y"}'),
'$."x"');
y
}}}
To make sure that the built library is used you access
`sqlite3.sqlite_version` in the Python terminal from the environment you
used to run your tests
{{{
>>> import sqlite3
>>> sqlite3.sqlite_version
'3.46.0'
}}}
--
Ticket URL: <https://code.djangoproject.com/ticket/35842#comment:12>
Django
Dec 5, 2024, 12:06:04 AM12/5/24
to django-...@googlegroups.com
#35842: JSONField has_key, has_keys, has_any_keys lookups do not properly handle
quotes on Oracle and SQLite
-------------------------------------+-------------------------------------
Reporter: Simon Charette | Owner: Sage
| Abdullah
Type: Bug | Status: assigned
Component: Database layer | Version: dev
(models, ORM) |
Severity: Normal | Resolution:
Keywords: oracle sqlite json | Triage Stage: Accepted
key quote |
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
Comment (by Simon Charette):
Re-reading your message and the release date (2024-10-21) I assume you
quotes on Oracle and SQLite
-------------------------------------+-------------------------------------
Reporter: Simon Charette | Owner: Sage
| Abdullah
Type: Bug | Status: assigned
Component: Database layer | Version: dev
(models, ORM) |
Severity: Normal | Resolution:
Keywords: oracle sqlite json | Triage Stage: Accepted
key quote |
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
Comment (by Simon Charette):
meant 3.47.0 and not 3.37.0. I also realized that my tests on macOS were
bogus [https://github.com/python/cpython/issues/87939 since SQLite is
statically linked on this platform].
I can confirm the issue is solved on 3.47.0
{{{
SQLite version 3.47.0 2024-10-21 16:30:22
Enter ".help" for usage hints.
Connected to a transient in-memory database.
Use ".open FILENAME" to reopen on a persistent database.
sqlite> select json_extract(json('{"foo\".bar": "ba\"z", "x": "y"}'),
'$."foo\".bar"');
ba"z
Connected to a transient in-memory database.
Use ".open FILENAME" to reopen on a persistent database.
sqlite> select json_extract(json('{"foo\".bar": "ba\"z", "x": "y"}'),
'$."foo\".bar"');
}}}
I guess this means we could conditionally include entries in
`django_test_expected_failures` based on `sqlite3.sqlite_version`?
--
Ticket URL: <https://code.djangoproject.com/ticket/35842#comment:13>
Django
Dec 5, 2024, 3:13:37 AM12/5/24
to django-...@googlegroups.com
#35842: JSONField has_key, has_keys, has_any_keys lookups do not properly handle
quotes on Oracle and SQLite
-------------------------------------+-------------------------------------
Reporter: Simon Charette | Owner: Sage
| Abdullah
Type: Bug | Status: assigned
Component: Database layer | Version: dev
(models, ORM) |
Severity: Normal | Resolution:
Keywords: oracle sqlite json | Triage Stage: Accepted
key quote |
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
Comment (by Sage Abdullah):
quotes on Oracle and SQLite
-------------------------------------+-------------------------------------
Reporter: Simon Charette | Owner: Sage
| Abdullah
Type: Bug | Status: assigned
Component: Database layer | Version: dev
(models, ORM) |
Severity: Normal | Resolution:
Keywords: oracle sqlite json | Triage Stage: Accepted
key quote |
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
Replying to [comment:13 Simon Charette]:
> Re-reading your message and the release date (2024-10-21) I assume you
meant 3.47.0 and not 3.37.0.
>
meant 3.47.0 and not 3.37.0.
>
> I guess this means we could conditionally include entries in
`django_test_expected_failures` based on `sqlite3.sqlite_version`?
Oops, yep! I meant 3.47.0, sorry. Thanks for figuring it out 😄
`django_test_expected_failures` based on `sqlite3.sqlite_version`?
I think so,
[https://github.com/django/django/blob/3d508ececbd3b7b652aedc66b0d3d2c7baa4795a/django/db/backends/sqlite3/features.py#L69-L70
we already have some conditionals in django_test_skips], so we should be
OK with changing `django_test_skips` into a `cached_property` and check
`Database.sqlite_version_info`.
Although it's going to be tricky to prove it in CI without adding/updating
one of the jobs to use a newer SQLite version, as you experienced
yourself.
I think it would still be useful to have at least one configurable SQLite
version though, so we can test with the latest SQLite independently of the
installed Python. That would be separate to this ticket, but I'd be happy
to make the PR if we want to have that.
--
Ticket URL: <https://code.djangoproject.com/ticket/35842#comment:14>
Django
Dec 5, 2024, 10:00:49 AM12/5/24
to django-...@googlegroups.com
#35842: JSONField has_key, has_keys, has_any_keys lookups do not properly handle
quotes on Oracle and SQLite
-------------------------------------+-------------------------------------
Reporter: Simon Charette | Owner: Sage
| Abdullah
Type: Bug | Status: assigned
Component: Database layer | Version: dev
(models, ORM) |
Severity: Normal | Resolution:
Keywords: oracle sqlite json | Triage Stage: Accepted
key quote |
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
Comment (by Simon Charette):
quotes on Oracle and SQLite
-------------------------------------+-------------------------------------
Reporter: Simon Charette | Owner: Sage
| Abdullah
Type: Bug | Status: assigned
Component: Database layer | Version: dev
(models, ORM) |
Severity: Normal | Resolution:
Keywords: oracle sqlite json | Triage Stage: Accepted
key quote |
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
> I think it would still be useful to have at least one configurable
SQLite version though, so we can test with the latest SQLite independently
of the installed Python. That would be separate to this ticket, but I'd be
happy to make the PR if we want to have that.
docker-box` would [https://github.com/django/django-docker-box/issues/11
be certainly valuable] and since it's Linux based `LD_PRELOAD` should work
just fine.
--
Ticket URL: <https://code.djangoproject.com/ticket/35842#comment:15>
Django
Dec 8, 2024, 2:28:42 PM12/8/24
to django-...@googlegroups.com
#35842: JSONField has_key, has_keys, has_any_keys lookups do not properly handle
quotes on Oracle and SQLite
-------------------------------------+-------------------------------------
Reporter: Simon Charette | Owner: Sage
| Abdullah
Type: Bug | Status: assigned
Component: Database layer | Version: dev
(models, ORM) |
Severity: Normal | Resolution:
Keywords: oracle sqlite json | Triage Stage: Accepted
key quote |
Has patch: 1 | Needs documentation: 0
quotes on Oracle and SQLite
-------------------------------------+-------------------------------------
Reporter: Simon Charette | Owner: Sage
| Abdullah
Type: Bug | Status: assigned
Component: Database layer | Version: dev
(models, ORM) |
Severity: Normal | Resolution:
Keywords: oracle sqlite json | Triage Stage: Accepted
key quote |
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
Changes (by Sage Abdullah):
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
* has_patch: 0 => 1
Comment:
I did manage to hack it on `django-docker-box`, but I'm not familiar
enough with the docker setup to add a clean way to customise the SQLite
version, so I added a GitHub Actions job in django/django instead.
- [https://github.com/django/django/pull/18899 PR to add a CI scheduled
job to test against the latest SQLite release.]
- [https://github.com/django/django/pull/18900 PR to update the expected
failure.]
--
Ticket URL: <https://code.djangoproject.com/ticket/35842#comment:16>
Django
Dec 13, 2024, 6:07:49 PM12/13/24
to django-...@googlegroups.com
#35842: JSONField has_key, has_keys, has_any_keys lookups do not properly handle
quotes on Oracle and SQLite
-------------------------------------+-------------------------------------
Reporter: Simon Charette | Owner: Sage
| Abdullah
Type: Bug | Status: assigned
Component: Database layer | Version: dev
(models, ORM) |
Severity: Normal | Resolution:
quotes on Oracle and SQLite
-------------------------------------+-------------------------------------
Reporter: Simon Charette | Owner: Sage
| Abdullah
Type: Bug | Status: assigned
Component: Database layer | Version: dev
(models, ORM) |
Severity: Normal | Resolution:
Keywords: oracle sqlite json | Triage Stage: Ready for
key quote | checkin
key quote | checkin
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
Changes (by Mariusz Felisiak):
* stage: Accepted => Ready for checkin
--
* stage: Accepted => Ready for checkin
Ticket URL: <https://code.djangoproject.com/ticket/35842#comment:17>
Django
Dec 16, 2024, 6:34:37 AM12/16/24
to django-...@googlegroups.com
#35842: JSONField has_key, has_keys, has_any_keys lookups do not properly handle
quotes on Oracle and SQLite
-------------------------------------+-------------------------------------
Reporter: Simon Charette | Owner: Sage
| Abdullah
Type: Bug | Status: assigned
Component: Database layer | Version: dev
(models, ORM) |
Severity: Normal | Resolution:
Keywords: oracle sqlite json | Triage Stage: Ready for
key quote | checkin
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
quotes on Oracle and SQLite
-------------------------------------+-------------------------------------
Reporter: Simon Charette | Owner: Sage
| Abdullah
Type: Bug | Status: assigned
Component: Database layer | Version: dev
(models, ORM) |
Severity: Normal | Resolution:
Keywords: oracle sqlite json | Triage Stage: Ready for
key quote | checkin
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
Comment (by Sarah Boyce <42296566+sarahboyce@…>):
In [changeset:"47eafd139bf5ffafd41cdde40e6645165c92e297" 47eafd1]:
{{{#!CommitTicketReference repository=""
revision="47eafd139bf5ffafd41cdde40e6645165c92e297"
Refs #35842 -- Fixed test_lookups_special_chars_double_quotes on SQLite
3.47+.
}}}
--
Ticket URL: <https://code.djangoproject.com/ticket/35842#comment:18>
Django
Dec 17, 2024, 4:26:23 AM12/17/24
to django-...@googlegroups.com
#35842: JSONField has_key, has_keys, has_any_keys lookups do not properly handle
quotes on Oracle and SQLite
-------------------------------------+-------------------------------------
Reporter: Simon Charette | Owner: Sage
| Abdullah
Type: Bug | Status: assigned
Component: Database layer | Version: dev
(models, ORM) |
Severity: Normal | Resolution:
Keywords: oracle sqlite json | Triage Stage: Accepted
quotes on Oracle and SQLite
-------------------------------------+-------------------------------------
Reporter: Simon Charette | Owner: Sage
| Abdullah
Type: Bug | Status: assigned
Component: Database layer | Version: dev
(models, ORM) |
Severity: Normal | Resolution:
key quote |
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
Changes (by Sarah Boyce):
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
* stage: Ready for checkin => Accepted
Ticket URL: <https://code.djangoproject.com/ticket/35842#comment:19>
Django
Dec 18, 2024, 6:45:27 AM12/18/24
to django-...@googlegroups.com
#35842: JSONField has_key, has_keys, has_any_keys lookups do not properly handle
quotes on Oracle and SQLite
-------------------------------------+-------------------------------------
Reporter: Simon Charette | Owner: Sage
| Abdullah
Type: Bug | Status: assigned
Component: Database layer | Version: dev
(models, ORM) |
Severity: Normal | Resolution:
Keywords: oracle sqlite json | Triage Stage: Accepted
key quote |
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
Comment (by Sage Abdullah):
quotes on Oracle and SQLite
-------------------------------------+-------------------------------------
Reporter: Simon Charette | Owner: Sage
| Abdullah
Type: Bug | Status: assigned
Component: Database layer | Version: dev
(models, ORM) |
Severity: Normal | Resolution:
Keywords: oracle sqlite json | Triage Stage: Accepted
key quote |
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
May I ask what the expected next step is for this ticket?
As [https://github.com/django/django/pull/18899 demonstrated by my other
PR], this issue is fixed on SQLite 3.47+, and I see no way for Django to
fix this on our side for SQLite < 3.47. FWIW, I still think it's
worthwhile to have a CI job that tests against the latest SQLite release.
Happy to open a forum discussion if that's necessary to get the PR merged.
Is the intention to wait for now and close the ticket when we bump the
minimum version of SQLite to 3.47+?
--
Ticket URL: <https://code.djangoproject.com/ticket/35842#comment:20>
Django
Dec 18, 2024, 8:19:13 AM12/18/24
to django-...@googlegroups.com
#35842: JSONField has_key, has_keys, has_any_keys lookups do not properly handle
quotes on Oracle and SQLite
-------------------------------------+-------------------------------------
Reporter: Simon Charette | Owner: Sage
| Abdullah
Type: Bug | Status: closed
quotes on Oracle and SQLite
-------------------------------------+-------------------------------------
Reporter: Simon Charette | Owner: Sage
| Abdullah
Component: Database layer | Version: dev
(models, ORM) |
Severity: Normal | Resolution: fixed
(models, ORM) |
Keywords: oracle sqlite json | Triage Stage: Accepted
key quote |
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
Changes (by Mariusz Felisiak):
key quote |
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
* resolution: => fixed
* status: assigned => closed
Comment:
As for me, it's fixed.
--
Ticket URL: <https://code.djangoproject.com/ticket/35842#comment:21>
Reply all
Reply to author
Forward
0 new messages