Commit Graph

88 Commits

Author SHA1 Message Date
Mariusz Felisiak 93cae5cb2f Fixed CVE-2022-28346 -- Protected QuerySet.annotate(), aggregate(), and extra() against SQL injection in column aliases.
Thanks Splunk team: Preston Elder, Jacob Davis, Jacob Moore,
Matt Hanson, David Briggs, and a security researcher: Danylo Dmytriiev
(DDV_UA) for the report.
2022-04-11 08:59:33 +02:00
Luke Plant 40b8a6174f Fixed #33397 -- Corrected resolving output_field for DateField/DateTimeField/TimeField/DurationFields.
This includes refactoring of CombinedExpression._resolve_output_field()
so it no longer uses the behavior inherited from Expression of guessing
same output type if argument types match, and instead we explicitly
define the output type of all supported operations.

This also makes nonsensical operations involving dates
(e.g. date + date) raise a FieldError, and adds support for
automatically inferring output_field for cases such as:
* date - date
* date + duration
* date - duration
* time + duration
* time - time
2022-03-31 11:05:23 +02:00
Carlton Gibson bb61f0186d Refs #32365 -- Removed internal uses of utils.timezone.utc alias.
Remaining test case ensures that uses of the alias are mapped
canonically by the migration writer.
2022-03-24 06:29:50 +01:00
Nick Pope 847f46e9bf
Removed redundant QuerySet.all() calls in docs and tests.
Most QuerySet methods are mapped onto the Manager and, in general,
it isn't necessary to call .all() on the manager.
2022-02-22 10:29:38 +01:00
Mariusz Felisiak 7119f40c98 Refs #33476 -- Refactored code to strictly match 88 characters line length. 2022-02-07 20:37:05 +01:00
django-bot 9c19aff7c7 Refs #33476 -- Reformatted code with Black. 2022-02-07 20:37:05 +01:00
Mariusz Felisiak 71e7c8e737
Fixed #33468 -- Fixed QuerySet.aggregate() after annotate() crash on aggregates with default.
Thanks Adam Johnson for the report.
2022-01-31 11:33:24 +01:00
Simon Charette e5a92d400a Fixed #33282 -- Fixed a crash when OR'ing subquery and aggregation lookups.
As a QuerySet resolves to Query the outer column references grouping logic
should be defined on the latter and proxied from Subquery for the cases where
get_group_by_cols is called on unresolved expressions.

Thanks Antonio Terceiro for the report and initial patch.
2021-12-02 07:23:33 +01:00
David Wobrock ad36a198a1 Fixed #33141 -- Renamed Expression.empty_aggregate_value to empty_result_set_value. 2021-09-29 12:58:01 +02:00
David Wobrock 691486a5cf Fixed #33073 -- Fixed queryset crash with aggregation and empty/extra queryset annotation. 2021-09-01 20:59:16 +02:00
Tim Graham 022d29c934
Refs #10929 -- Allowed NowUTC SQL customization for third-party backends. 2021-08-24 08:28:03 +02:00
Nick Pope 501a8db465 Fixed #10929 -- Added default argument to aggregates.
Thanks to Simon Charette and Adam Johnson for the reviews.
2021-07-19 13:04:27 +02:00
Simon Charette 9f3cce172f Refs #26430 -- Re-introduced empty aggregation optimization.
The introduction of the Expression.empty_aggregate_value interface
allows the compilation stage to enable the EmptyResultSet optimization
if all the aggregates expressions implement it.

This also removes unnecessary RegrCount/Count.convert_value() methods.
Disabling the empty result set aggregation optimization when it wasn't
appropriate prevented None returned for a Count aggregation value.

Thanks Nick Pope for the review.
2021-07-02 07:25:42 +02:00
Simon Charette f3112fde98 Fixed #26430 -- Fixed coalesced aggregation of empty result sets.
Disable the EmptyResultSet optimization when performing aggregation as
it might interfere with coalescence.
2021-07-02 06:40:54 +02:00
Simon Charette 277eea8fcc Fixed #32478 -- Included nested columns referenced by subqueries in GROUP BY on aggregations.
Regression in fb3f034f1c.

Refs #31094, #31150.

Thanks Igor Pejic for the report.
2021-02-24 09:01:36 +01:00
Hasan Ramezani 275dd4ebba
Fixed #32178 -- Allowed database backends to skip tests and mark expected failures.
Co-authored-by: Tim Graham <timograham@gmail.com>
2020-12-10 18:00:57 +01:00
Ian Foote 8b040e3cbb Fixed #25534, Fixed #31639 -- Added support for transform references in expressions.
Thanks Mariusz Felisiak and Simon Charette for reviews.
2020-11-27 20:42:04 +01:00
Hasan Ramezani 3f7b327562 Fixed #31235 -- Made assertQuerysetEqual() compare querysets directly.
This also replaces assertQuerysetEqual() to
assertSequenceEqual()/assertCountEqual() where appropriate.

Co-authored-by: Peter Inglesby <peter.inglesby@gmail.com>
Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com>
2020-11-06 09:24:50 +01:00
Sicong 09e1ec71df
Fixed #32166 -- Removed redundant definition of Greatest in test_expression_on_aggregation. 2020-11-03 07:08:42 +01:00
Étienne Beaulé 509d9da26f Fixed #26390 -- Disabled grouping by Random().
Thanks to Tzu-ping Chung for the tests.
2020-10-21 20:54:53 +02:00
David Wobrock 058747b77a Fixed #31880 -- Made QuerySet.aggregate() raise FieldError when aggregating over aggregation aliases. 2020-09-29 09:04:25 +02:00
Ahmad A. Hussein 493b26bbfc Fixed #31888 -- Avoided module-level MySQL queries in tests. 2020-08-17 09:31:16 +02:00
Simon Charette 156a2138db Refs #30446 -- Removed unnecessary Value(..., output_field) in docs and tests. 2020-07-15 10:58:38 +02:00
Simon Charette 1e38f1191d Fixed #30446 -- Resolved Value.output_field for stdlib types.
This required implementing a limited form of dynamic dispatch to combine
expressions with numerical output. Refs #26355 should eventually provide
a better interface for that.
2020-07-15 10:58:29 +02:00
Hasan Ramezani 10866a10fe Fixed #31377 -- Disabled grouping by aliases on QuerySet.values()/values_list() when they collide with field names.
Regression in fb3f034f1c.

Thanks Holovashchenko Vadym for the report.
2020-03-25 09:13:46 +01:00
Mariusz Felisiak aee0bebc2f Refs #31331 -- Checked ONLY_FULL_GROUP_BY mode in AggregateTestCase.test_aggregation_subquery_annotation_multivalued(). 2020-03-03 11:25:37 +01:00
Mariusz Felisiak 7b8fa1653f Fixed #31150 -- Included subqueries that reference related fields in GROUP BY clauses.
Thanks Johannes Hoppe for the report.

Regression in fb3f034f1c.

Co-authored-by: Simon Charette <charette.s@gmail.com>
2020-03-03 11:25:37 +01:00
Nick Pope 335c9c94ac Simplified imports from django.db and django.contrib.gis.db. 2020-02-04 13:20:06 +01:00
Mariusz Felisiak 6b178a3e93
Fixed #31217 -- Made QuerySet.values()/values_list() group by not selected annotations with aggregations used in order_by().
Regression in 59b4e99dd0.

Thanks Jon Dufresne for the report and Simon Charette for the review.
2020-02-03 07:48:11 +01:00
Mariusz Felisiak 59b4e99dd0
Refs #31136 -- Made QuerySet.values()/values_list() group only by selected annotation.
Regression in 0f843fdd5b.
2020-01-15 09:32:42 +01:00
Mariusz Felisiak 0f843fdd5b
Fixed #31136 -- Disabled grouping by aliases on QuerySet.values()/values_list().
Regression in fb3f034f1c.

Thanks Sigurd Ljødal for the report.
2020-01-04 20:49:11 +01:00
Simon Charette 720de4d044 Fixed #31109 -- Disabled grouping by aliases on QuerySet.exists().
Clearing the SELECT clause in Query.has_results was orphaning GROUP BY
references to it.

Thanks Thierry Bastian for the report and Baptiste Mispelon for the
bisect.

Regression in fb3f034f1c.
2019-12-23 09:24:03 +01:00
Simon Charette 5a4d7285bd Fixed #31094 -- Included columns referenced by subqueries in GROUP BY on aggregations.
Thanks Johannes Hoppe for the report.

Regression in fb3f034f1c.

Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com>
2019-12-19 10:04:56 +01:00
Simon Charette a0f34d8fef Refs #31094 -- Added test for not using aliases in GROUP BY clauses. 2019-12-19 09:12:29 +01:00
Tim Graham 9100c664db Relaxed some query ordering assertions in tests.
It accounts for differences seen on cockroachdb.
2019-11-18 12:32:37 +01:00
Étienne Beaulé 5f24e7158e Fixed #30665 -- Added support for distinct argument to Avg() and Sum(). 2019-07-31 11:22:50 +02:00
Étienne Beaulé cb3c2da128 Moved test for distinct Count() to a separate test case. 2019-07-31 10:41:17 +02:00
CruxBox 34f8eeea4a Fixed #30548 -- Improved exception when expression contains mixed types. 2019-06-10 19:48:53 +02:00
Simon Charette fb3f034f1c Fixed #30158 -- Avoided unnecessary subquery group by on aggregation.
Subquery annotations can be omitted from the GROUP BY clause on aggregation
as long as they are not explicitly grouped against.

Thanks Jonny Fuller for the report.
2019-03-21 18:48:41 -04:00
Simon Charette 65858119d2 Fixed #30120 -- Fixed invalid SQL in distinct aggregate.
Regression in bc05547cd8 (refs #28658).
2019-01-21 09:24:32 -05:00
Nick Pope c690afb873 Refs #28643 -- Changed Avg() to use NumericOutputFieldMixin.
Keeps precision instead of forcing DecimalField to FloatField.
2019-01-14 14:35:41 -05:00
Simon Charette bc05547cd8 Fixed #28658 -- Added DISTINCT handling to the Aggregate class. 2019-01-09 17:52:36 -05:00
priyanshsaxena 83b04d4f88 Fixed #29048 -- Added **extra_context to database function as_vendor() methods. 2018-08-23 11:52:09 -04:00
Mariusz Felisiak 75e45a45e7 Simplified aggregation.tests. 2018-02-02 08:47:32 +01:00
Simon Charette 160969d970 Refs #24887 -- Stopped mutating a test expression during as_sql().
Also defined an explicit output_field as it was mixing an expression with an
IntegerField() with one with a DecimalField().
2017-07-21 00:23:01 -04:00
Sergey Fedoseev 29769a9942 Fixed #28382 -- Prevented BaseExpression._output_field from being set if _resolve_output_field() fails. 2017-07-11 08:29:08 -04:00
Mariusz Felisiak 6e228d0b65 Fixed #28277 -- Added validation of QuerySet.annotate() and aggregate() args.
Thanks Tim Graham and Nick Pope for reviews.
2017-06-29 18:25:36 +02:00
Jon Dufresne 2c69824e5a Refs #23968 -- Removed unnecessary lists, generators, and tuple calls. 2017-06-01 19:08:59 -04:00
chillaranand d6eaf7c018 Refs #23919 -- Replaced super(ClassName, self) with super(). 2017-01-25 12:23:46 -05:00
Claude Paroz d7b9aaa366 Refs #23919 -- Removed encoding preambles and future imports 2017-01-18 09:55:19 +01:00