Prohibit null characters in CharField by default #6073
Conversation
|
Ready for review |
tests/test_fields.py
Outdated
| with pytest.raises(serializers.ValidationError) as exc_info: | ||
| field.run_validation(value) | ||
| assert exc_info.value.detail == [ | ||
| ProhibitNullCharactersValidator.message |
There was a problem hiding this comment.
I typically recommend testing against explicit expected values. e.g., the preceding test is:
assert exc_info.value.detail == ['This field may not be blank.']There was a problem hiding this comment.
Isn't that more prone to errors and random breakage eg. if Django decides to update the strings? Unlike the code itself, strings themselves aren't a reliable API with forward-compatibility for obvious reasons.
I wanted to test against the code (null_characters_not_allowed) but I don't think DRF exposes it, does it?
There was a problem hiding this comment.
It is more prone to breaking, but we're depending on the behavior that Django provides. If the behavior changes, it helps to know about it.
I wanted to test against the code (null_characters_not_allowed) but I don't think DRF exposes it, does it?
Hm. I'm not entirely sure how Django and DRF ValidationErrors interact at the moment in regards to the error code. I know some changes to ErrorDetail were made in #5785, but idk if this is easily testable at the field level, or if the error code is preserved.
|
Updated |
|
Adding to the 3.9 milestone for consideration. |
There was a problem hiding this comment.
OK. This looks good.
(@rpkilby: fancy adding the pop example to the release notes for 3.9?)
|
I've never been able to successfully update a PR's commits. Here's what I would add to the changelog: * Change `CharField` to disallow null bytes. [#6073][gh6073]
To revert to the old behavior, subclass `CharField` and remove `ProhibitNullCharactersValidator` from the validators.
```python
class NullableCharField(serializers.CharField):
def __init__(self, *args, **kwargs):
super().__init__(*args, **kwargs)
self.validators = [v for v in self.validators if not isinstance(v, ProhibitNullCharactersValidator)]
``` |
|
Any update on this? |
Codecov Report
@@ Coverage Diff @@
## master #6073 +/- ##
==========================================
+ Coverage 96.18% 96.18% +<.01%
==========================================
Files 128 128
Lines 17624 17637 +13
Branches 1459 1461 +2
==========================================
+ Hits 16951 16964 +13
Misses 465 465
Partials 208 208 |
|
Hi @jleclanche - sorry for the delay here. The changelog is in a slightly unusual place. You'd want to edit the release notes |
|
Not sure what to put in there anymore as it's been too long since the context switch. If someone can write something in that'd be great. |
|
It’s fine. This will go into 3.9 I’ll put something in the release notes for it. Thanks all. |
|
Thanks @jleclanche for putting this together. @carltongibson, notes in #6073 (comment) |
* Release notes to 5174a26 * Update version for v3.9.0 * Removed exclude_from_schema per deprecation policy. * Updated list_route() and detail_route() deprecations. * Weakened to PendingDeprecationWarning for `base_name` cc @rpkilby. * Add (beginning of) 3.9 release announcement. @tomchristie: Input on OpenAPI and What’s Next very welcome! :) * Add announcement section for Extra Actions in Browsable API * Update release notes and add deprecation note for Django Guardian backend. * Add release note for #6073 * Add release notes to dd19a44 * Adding release notes * Update 3.9 announcement * Add Oct 18 release date
* Implement an allow_null_bytes argument to CharField (default True) * Switch to using native ProhibitNullCharactersValidator instead
* Release notes to 5174a26 * Update version for v3.9.0 * Removed exclude_from_schema per deprecation policy. * Updated list_route() and detail_route() deprecations. * Weakened to PendingDeprecationWarning for `base_name` cc @rpkilby. * Add (beginning of) 3.9 release announcement. @tomchristie: Input on OpenAPI and What’s Next very welcome! :) * Add announcement section for Extra Actions in Browsable API * Update release notes and add deprecation note for Django Guardian backend. * Add release note for encode#6073 * Add release notes to dd19a44 * Adding release notes * Update 3.9 announcement * Add Oct 18 release date
Description
Followup on #6068.
I've left the first commit as a diff to the second one. Please feel free to squash.
I'd love if someone else could edit in the documentation example mentioned by @rpkilby because I've no idea how to achieve that :)