summaryrefslogtreecommitdiff
path: root/tests/queries/tests.py
AgeCommit message (Collapse)Author
2026-04-27Moved QuerySet.extra() assertions to a separate test.Tim Graham
This allows backends that don't support extra() to skip it.
2026-04-02Fixed #20024 -- Fixed handling of __in lookups with None in exclude().Eddy Adegnandjou
Thanks Simon Charette and Tim Graham for reviews, and Jason Hall for a prior iteration.
2026-03-21Refs #36883 -- Split monolithic aggregation/lookup/queries tests.Tim Graham
2026-03-19Fixed #36795 -- Enforced quoting of all database object names.Simon Charette
This ensures all database identifiers are quoted independently of their orign and most importantly that user provided aliases through annotate() and alias() which paves the way for dropping the allow list of characters such aliases can contain. This will require adjustments to raw SQL interfaces such as RawSQL that might make reference to ORM managed annotations as these will now be quoted. The `SQLCompiler.quote_name_unless_alias` method is kept for now as an alias for the newly introduced `.quote_name` method but will be duly deprecated in a follow up commit.
2026-03-11Refs #28455 -- Implemented private API methods for preventing QuerySet cloning.Keryn Knight
Multiple calls are idempotent assuming they're balanced. Also, multiple calls to disable cloning followed by a single call to re-enable cloning will subsequently cause clones to occur - it is not a stack, just a toggle. @contextlib.contextmanager is intentionally not used for performance reasons: - decorator takes 1.1µs to execute, or 2µs if used correctly in a `with ...:` statement - custom class takes 300ns to execute, or 900ns if used correctly in a `with ...:` statement Based on work originally done by Anssi Kääriäinen and Tim Graham.
2026-02-03Fixed CVE-2026-1287 -- Protected against SQL injection in column aliases via ↵Jake Howard
control characters. Control characters in FilteredRelation column aliases could be used for SQL injection attacks. This affected QuerySet.annotate(), aggregate(), extra(), values(), values_list(), and alias() when using dictionary expansion with **kwargs. Thanks Solomon Kebede for the report, and Simon Charette, Jacob Walls, and Natalia Bidart for reviews.
2025-11-05Refs CVE-2025-64459 -- Avoided propagating invalid arguments to Q on ↵Jacob Walls
dictionary expansion.
2025-10-01Fixed CVE-2025-59681 -- Protected QuerySet.annotate(), alias(), aggregate(), ↵Mariusz Felisiak
and extra() against SQL injection in column aliases on MySQL/MariaDB. Thanks sw0rd1ight for the report. Follow up to 93cae5cb2f9a4ef1514cf1a41f714fef08005200.
2025-07-23Refs #36500 -- Rewrapped long docstrings and block comments via a script.django-bot
Rewrapped long docstrings and block comments to 79 characters + newline using script from https://github.com/medmunds/autofix-w505.
2025-04-11Fixed #36288 -- Addressed improper handling of duplicates in values_list().Simon Charette
Now that selected aliases are stored in sql.Query.selected: dict[str, Any] the values_list() method must ensures that duplicate field name references are assigned unique aliases. Refs #28900. Regression in 65ad4ade74dc9208b9d686a451cd6045df0c9c3a. Thanks Claude for the report.
2025-02-11Fixed #36149 -- Allowed subquery values against tuple exact and in lookups.Simon Charette
Non-tuple exact and in lookups have specialized logic for subqueries that can be adapted to properly assign select mask if unspecified and ensure the number of involved members are matching on both side of the operator.
2024-08-26Added supports_select_union skips in queries and aggregation tests.Tim Graham
2024-07-03Fixed #28900 -- Propagated all selected fields to combinator queries.Simon Charette
Previously, only the selected column aliases would be propagated and annotations were ignored.
2024-07-03Refs #28900 -- Made SELECT respect the order specified by values(*selected).Simon Charette
Previously the order was always extra_fields + model_fields + annotations with respective local ordering inferred from the insertion order of *selected. This commits introduces a new `Query.selected` propery that keeps tracks of the global select order as specified by on values assignment. This is crucial feature to allow the combination of queries mixing annotations and table references. It also allows the removal of the re-ordering shenanigans perform by ValuesListIterable in order to re-map the tuples returned from the database backend to the order specified by values_list() as they'll be in the right order at query compilation time. Refs #28553 as the initially reported issue that was only partially fixed for annotations by d6b6e5d0fd4e6b6d0183b4cf6e4bd4f9afc7bf67. Thanks Mariusz Felisiak and Sarah Boyce for review.
2024-02-07Fixed #35099 -- Prevented mutating queryset when combining with & and | ↵Hisham Mahmood
operators. Thanks Alan for the report. Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com>
2023-12-06Refs #34986 -- Avoided implementation-specific unpickleable types.Nick Pope
The implementation of some core types differ between CPython and PyPy and this may affect the way that pickling works such that errors are raised in differing locations in the interpreter or not at all. Use our own custom non-pickleable type instead to avoid these quirks.
2023-08-10Fixed non-deterministic order in SubqueryTests.test_slice_subquery_and_query.Mariusz Felisiak
Slice on unordered subquery may be non-deterministic in some databases.
2023-06-14Refs #32143 -- Removed superflous constraints on excluded query.Simon Charette
The outer query reference is not necessary when alias can be reused and can even be harmful by confusing query planers. Refs #34597.
2023-01-17Refs #31486 -- Removed ability to pass unsaved model instances to related ↵Mariusz Felisiak
filters. Per deprecation timeline.
2022-12-21Removed unnecessary commas in tests.Mariusz Felisiak
2022-11-07Refs #33374 -- Adjusted full match condition handling.Simon Charette
Adjusting WhereNode.as_sql() to raise an exception when encoutering a full match just like with empty matches ensures that all case are explicitly handled.
2022-10-08Refs #33990 -- Renamed TransactionTestCase.assertQuerysetEqual() to ↵Gregor Gärtner
assertQuerySetEqual(). Co-Authored-By: Michael Howitz <mh@gocept.com>
2022-10-07Replaced assertQuerysetEqual() to assertSequenceEqual()/assertCountEqual() ↵Mariusz Felisiak
where appropriate. Follow up to 3f7b3275627385f8f7531fca01cdda50d4ec6b6e.
2022-09-22Refs #34012 -- Added test for ordering by transform of related fields.Mariusz Felisiak
2022-09-22Fixed #34015 -- Allowed filtering by transforms on relation fields.Mariusz Felisiak
2022-08-30Fixed #21204 -- Tracked field deferrals by field instead of models.Simon Charette
This ensures field deferral works properly when a model is involved more than once in the same query with a distinct deferral mask.
2022-07-27Used AND, OR, XOR constants instead of hard-coded values.Nick Pope
2022-04-14Relaxed some query ordering assertions in various tests.Mariusz Felisiak
It accounts for differences seen on MySQL with MyISAM storage engine.
2022-04-12Fixed #24296 -- Made QuerySet.exists() clear selected columns for not sliced ↵mgaligniana
distinct querysets.
2022-04-12Refs #18414 -- Added tests for selected columns of sliced distinct querysets.mgaligniana
2022-04-11Fixed CVE-2022-28346 -- Protected QuerySet.annotate(), aggregate(), and ↵Mariusz Felisiak
extra() against SQL injection in column aliases. Thanks Splunk team: Preston Elder, Jacob Davis, Jacob Moore, Matt Hanson, David Briggs, and a security researcher: Danylo Dmytriiev (DDV_UA) for the report.
2022-03-04Fixed #29865 -- Added logical XOR support for Q() and querysets.Ryan Heard
2022-02-25Fixed #31486 -- Deprecated passing unsaved objects to related filters.Albert Defler
Co-Authored-By: Hasan Ramezani <hasan.r67@gmail.com>
2022-02-22Removed redundant QuerySet.all() calls in docs and tests.Nick Pope
Most QuerySet methods are mapped onto the Manager and, in general, it isn't necessary to call .all() on the manager.
2022-02-07Refs #33476 -- Refactored code to strictly match 88 characters line length.Mariusz Felisiak
2022-02-07Refs #33476 -- Reformatted code with Black.django-bot
2022-02-03Refs #33476 -- Refactored problematic code before reformatting by Black.Mariusz Felisiak
In these cases Black produces unexpected results, e.g. def make_random_password( self, length=10, allowed_chars='abcdefghjkmnpqrstuvwxyz' 'ABCDEFGHJKLMNPQRSTUVWXYZ' '23456789', ): or cursor.execute(""" SELECT ... """, [table name], )
2021-12-08Fixed #33319 -- Fixed crash when combining with the | operator querysets ↵Ömer Faruk Abacı
with aliases that conflict.
2021-10-08Refs #25467 -- Added test for excluding one-to-one relation with unsaved ↵Jacob Walls
objects. Fixed in 58da81a5a372a69f0bac801c412b57f3cce5f188.
2021-09-30Fixed #33159 -- Reverted "Fixed #32970 -- Changed WhereNode.clone() to ↵Mariusz Felisiak
create a shallow copy of children." This reverts commit e441847ecae99dd1ccd0d9ce76dbcff51afa863c. A shallow copy is not enough because querysets can be reused and evaluated in nested nodes, which shouldn't mutate JOIN aliases. Thanks Michal Čihař for the report.
2021-07-15Refs #32508 -- Raised Type/ValueError instead of using "assert" in ↵Daniyal
django.db.models. Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com>
2021-05-13Fixed #32717 -- Fixed filtering of querysets combined with the | operator.Simon Charette
Address a long standing bug in a Where.add optimization to discard equal nodes that was surfaced by implementing equality for Lookup instances in bbf141bcdc31f1324048af9233583a523ac54c94. Thanks Shaheed Haque for the report.
2021-05-04Fixed #32693 -- Quoted and lowercased generated column aliases.Hasan Ramezani
2021-04-22Used assertCountEqual() in ExcludeTests.test_exclude_subquery().Mariusz Felisiak
2021-04-21Fixed #32650 -- Fixed handling subquery aliasing on queryset combination.Simon Charette
This issue started manifesting itself when nesting a combined subquery relying on exclude() since 8593e162c9cb63a6c0b06daf045bc1c21eb4d7c1 but sql.Query.combine never properly handled subqueries outer refs in the first place, see QuerySetBitwiseOperationTests.test_subquery_aliases() (refs #27149). Thanks Raffaele Salmaso for the report.
2021-03-10Refs #32508 -- Raised TypeError instead of using "assert" on unsupported ↵Mariusz Felisiak
operations for sliced querysets.
2021-01-14Refs #7098 -- Removed support for passing raw column aliases to order_by().Mariusz Felisiak
Per deprecation timeline.
2020-11-06Fixed #31235 -- Made assertQuerysetEqual() compare querysets directly.Hasan Ramezani
This also replaces assertQuerysetEqual() to assertSequenceEqual()/assertCountEqual() where appropriate. Co-authored-by: Peter Inglesby <peter.inglesby@gmail.com> Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com>
2020-10-28Fixed #32143 -- Used EXISTS to exclude multi-valued relationships.Simon Charette
As mentioned in the pre-existing split_exclude() docstring EXISTS is easier to optimize for query planers and circumvents the IN (NULL) handling issue.
2020-10-27Removed an obsolete query test that assumes serial pks.Tim Graham
The code from the original fix (922aba3def68e57c405a0e50d353a790af85b00a) was removed in 419de7b00daabf5e9be064198d370cdbf19b5f2d.