#36996: Apps registry public API methods lack input validation
------------------------+------------------------------------------------
Reporter: atdash | Type: Cleanup/optimization
Status: new | Component: Core (Other)
Version: 6.0 | Severity: Normal
Keywords: | Triage Stage: Unreviewed
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
------------------------+------------------------------------------------
The Apps class in django.apps.registry accepts arbitrary argument types on
its public API methods. Passing a non-string or empty string produces
confusing errors deep in the call stack rather than clear messages at the
API boundary.
For example, apps.get_app_config(42) raises KeyError: 42 from the dict
lookup inside the method. With validation, it would raise TypeError:
app_label must be a string, not int. at the entry point.
Affected methods: get_app_config(), get_model(), register_model(),
is_installed(), lazy_model_operation().
I can submit a PR that already passed your tests, other than not having
created a ticket first! :)
Nicholas
--
Ticket URL: <https://code.djangoproject.com/ticket/36996>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion visit
https://groups.google.com/d/msgid/django-updates/0107019d0d0a849a-70ef8ca7-064f-4528-a6eb-eba16245cd1a-000000%40eu-central-1.amazonses.com.
