def test_sql_psycopg2_string_composition(sentry_init, capture_events, query): sentry_init( integrations=[DjangoIntegration()], send_default_pii=True, _experiments={"record_sql_params": True}, ) from django.db import connections if "postgres" not in connections: pytest.skip("postgres tests disabled") import psycopg2.sql sql = connections["postgres"].cursor() with configure_scope() as scope: scope.clear_breadcrumbs() events = capture_events() with pytest.raises(ProgrammingError): sql.execute(query(psycopg2.sql), {"my_param": 10}) capture_message("HI") (event, ) = events crumb = event["breadcrumbs"]["values"][-1] assert crumb["message"] == ('SELECT %(my_param)s FROM "foobar"') assert crumb["data"]["db.params"] == {"my_param": 10}
def test_sql_psycopg2_placeholders(sentry_init, capture_events): sentry_init(integrations=[DjangoIntegration()], send_default_pii=True) from django.db import connections if "postgres" not in connections: pytest.skip("postgres tests disabled") import psycopg2.sql sql = connections["postgres"].cursor() events = capture_events() with pytest.raises(DataError): names = ["foo", "bar"] identifiers = [psycopg2.sql.Identifier(name) for name in names] placeholders = [ psycopg2.sql.Placeholder(var) for var in ["first_var", "second_var"] ] sql.execute("create table my_test_table (foo text, bar date)") query = psycopg2.sql.SQL( "insert into my_test_table ({}) values ({})").format( psycopg2.sql.SQL(", ").join(identifiers), psycopg2.sql.SQL(", ").join(placeholders), ) sql.execute(query, {"first_var": "fizz", "second_var": "not a date"}) capture_message("HI") event, = events for crumb in event["breadcrumbs"]: del crumb["timestamp"] assert event["breadcrumbs"][-2:] == [ { "category": "query", "data": { "db.paramstyle": "format" }, "message": "create table my_test_table (foo text, bar date)", "type": "default", }, { "category": "query", "data": { "db.params": { "first_var": "fizz", "second_var": "not a date" }, "db.paramstyle": "format", }, "message": 'insert into my_test_table ("foo", "bar") values (%(first_var)s, ' "%(second_var)s)", "type": "default", }, ]
def test_sql_psycopg2_string_composition(sentry_init, capture_events, query): sentry_init(integrations=[DjangoIntegration()], send_default_pii=True) from django.db import connections if "postgres" not in connections: pytest.skip("postgres tests disabled") import psycopg2.sql sql = connections["postgres"].cursor() events = capture_events() with pytest.raises(ProgrammingError): sql.execute(query(psycopg2.sql), {"my_param": 10}) capture_message("HI") event, = events crumb, = event["breadcrumbs"] assert crumb["message"] == ('SELECT 10 FROM "foobar"')
def test_sql_queries_large_params(sentry_init, capture_events): sentry_init(integrations=[DjangoIntegration()], send_default_pii=True) from django.db import connection sql = connection.cursor() events = capture_events() with pytest.raises(OperationalError): # table doesn't even exist sql.execute("""SELECT count(*) FROM people_person WHERE foo = %s""", ["x" * 1000]) capture_message("HI") event, = events crumb, = event["breadcrumbs"] assert crumb["message"] == ( "SELECT count(*) FROM people_person WHERE foo = '%s..." % ("x" * 508, ))
def test_sql_psycopg2_placeholders(sentry_init, capture_events): sentry_init(integrations=[DjangoIntegration()], send_default_pii=True) from django.db import connections if "postgres" not in connections: pytest.skip("postgres tests disabled") import psycopg2.sql sql = connections["postgres"].cursor() events = capture_events() with pytest.raises(DataError): names = ["foo", "bar"] identifiers = [psycopg2.sql.Identifier(name) for name in names] placeholders = [ psycopg2.sql.Placeholder(var) for var in ["first_var", "second_var"] ] sql.execute("create table my_test_table (foo text, bar date)") query = psycopg2.sql.SQL( "insert into my_test_table ({}) values ({})").format( psycopg2.sql.SQL(", ").join(identifiers), psycopg2.sql.SQL(", ").join(placeholders), ) sql.execute(query, {"first_var": "fizz", "second_var": "not a date"}) capture_message("HI") event, = events crumb1, crumb2 = event["breadcrumbs"] assert crumb1["message"] == ( "create table my_test_table (foo text, bar date)") assert crumb2["message"] == ( """insert into my_test_table ("foo", "bar") values ('fizz', 'not a date')""" )