Static Code analysis and Security Scanning tools for Django Web Applications

2022-07-05 Thread Ram 
Hi,

We have tried Prospector tool: https://prospector.landscape.io/en/master/

and got the following result


Check Information
> =
>  Started: 2022-07-05 20:29:59.548372
> Finished: 2022-07-05 20:38:58.411776
>   Time Taken: 538.86 seconds
>Formatter: grouped
> Profiles: default, no_doc_warnings, no_test_warnings,
> strictness_medium, strictness_high, strictness_veryhigh, no_member_warnings
>   Strictness: None
>   Libraries Used: django, celery
>Tools Run: dodgy, mccabe, profile-validator, pycodestyle, pyflakes,
> pylint
>   Messages Found: 17186


but wondering if you guys use any other better tools than this. Our goal is
find out gaps and error from the following items:

1. Security scanning
2. Static code analysis
3. Vulnerabilities scanning

Best regards,
~Ram

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-users/CA%2BOi5F17JJhVcAa5WY3gGSLX%3Db5qOhbK%3D2LeRBngtKsxvKiogw%40mail.gmail.com.

Re: How to roll back related objects if any error happened.

2022-07-05 Thread Antonis Christofides 
I'm not really an expert, but it strikes me that this doesn't work. If you are 
using MySQL or SQLite, make sure you read the Database-specific notes on 
Database transactions 
 
in the Django documentation. If you want further help on this, please post your 
DATABASES setting.


Regards,

Antonis


On 05/07/2022 17.17, Sencer Hamarat wrote:


Hi Antonis,

The code that I tried is something like below:

with transaction.atomic():
    parent_data = {
        "foo": "bar",
        "baz": "bar"
    }

    parent_serializer = ParentSerializer(data=parent_data)
    if parent_serializer.is_valid():
        parent_obj = parent_serializer.save()

        child_data = {
            "parent_id": parent_obj.id ,
            "baz": "foo":
            "bar": "baz"
        }

        child_serializer = ChildSerializer(data=child_data)
        if child_serializer.is_valid():
            child_obj = child_serializer.save()


As I mentioned in the previous email;
If child_serializer.save() raises an exception, the db row created by 
parent_serializer.save() is not rolled back.


Actually, I changed the way I send the data to the db. I put the child data as 
a nested json,
wrote a create method in the serializer and pushed the data through a single 
serializer to the db.
Thus, any bad request at the serializer validation level is avoided and there 
is no need to go back.


Anyway, If you think that my claim above is false, I would like to hear your 
opinion.



Kind regards,
Sencer HAMARAT



On Tue, Jul 5, 2022 at 3:49 PM Antonis Christofides 
 wrote:


Could you show the code with your attempt to use atomic?

On 05/07/2022 14.45, Sencer Hamarat wrote:

Hi,

I tried that but, when child_serializer.save() throws an exception, the
row created by parent_serializer.save() at the database is not rolled back.

Kind regards,
Sencer HAMARAT



On Mon, Jul 4, 2022 at 7:59 PM Ryan Nowakowski  wrote:

You can use transaction.atomic:

https://docs.djangoproject.com/en/4.0/topics/db/transactions/#controlling-transactions-explicitly

On July 4, 2022 7:16:41 AM EDT, Sencer Hamarat
 wrote:

Hi,

Say I have a parent and a child model.

And also there is a view which is using DRF serializers to save
data into models.

The saving operation steps are:

First create parent parent object
Then, create child object with parent object relation.

The view code regarding the description above:

parent_data = {
    "foo": "bar",
    "baz": "bar"
}

parent_serializer = ParentSerializer(data=parent_data)
if parent_serializer.is_valid():
    parent_serializer.save()

    child_data = {
        "parent_id": parent_serializer.data['id'],
        "baz": "foo":
        "bar": "baz"
    }

    child_serializer = ChildSerializer(data=child_data)
    if child_serializer.is_valid():
        child_serializer.save()


if any exception is thrown while child_serializer saving, how to
roll back the parent object, too?

Is there any chance to make this happen in a transaction to roll
back any related record?


Kind regards,
Sencer HAMARAT

-- 
You received this message because you are subscribed to the Google

Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it,
send an email to django-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit

https://groups.google.com/d/msgid/django-users/BEE4B516-7426-4A07-B91B-9733537D4F92%40fattuba.com

.

-- 
You received this message because you are subscribed to the Google Groups

"Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to django-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit

https://groups.google.com/d/msgid/django-users/CACp8TZiN2bWGc6FKERxRm83_bbyaRZkhr%3DoG_scATQoxREzPJg%40mail.gmail.com

.
-- 
You received this message because you are subscribed to the Google Groups

"Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to django-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit

Re: Timeout error in send_mail function

2022-07-05 Thread Yeboah Dominic 
This is due to a poor network.

On Mon, 4 Jul 2022 at 22:29, K Wong  wrote:

> If you know that Django is trying to send the email then the problem lies
> in the local operating system and the network.
>
> If you are developing on windows then the windows firewall might be
> blocking you. If you are at home then your router might be blocking you. If
> you are trying to send outside your LAN then your ISP is almost certainly
> blocking you (or else it should be).
>
> Personally, I wouldn't worry about testing the email sending routine on a
> local dev machine. Just output the email contents to the runserver console.
> That's it.
>
> -k
>
> On Thursday, June 23, 2022 at 10:17:50 AM UTC-7 sonasiv...@gmail.com
> wrote:
>
>> Hi.
>> I'm working on a project with django and django rest framework.
>> In one of my views, I tried implementing a simple send_mail, but it gives
>> me a TimeOut error. I configured the settings (Email backend as smtp,
>> email host, password, ...), and also alowed my email to accept 'less
>> secured apps',  but it doesn't seem to work.
>> I also tried the port 25, 587 and 465. None of that seem to work.
>>
>> Here is the error:
>> [WinError 10060] A connection attempt failed because the connected party
>> did not properly respond after a period of time, or established connection
>> failed because connected host has failed to respond
>>
>> Can someone please help?
>> Thanks in advance.
>>
> --
> You received this message because you are subscribed to the Google Groups
> "Django users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to django-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/django-users/5583023c-d727-4473-b6f6-999f3bfc99edn%40googlegroups.com
> 
> .
>

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-users/CAPVAachby-gCytV0spAphqzBqw%3D8R1resVksmdnm2ZAaQLz5jw%40mail.gmail.com.

Re: How to roll back related objects if any error happened.

2022-07-05 Thread Sencer Hamarat 
Hi Antonis,

The code that I tried is something like below:

with transaction.atomic():
parent_data = {
"foo": "bar",
"baz": "bar"
}

parent_serializer = ParentSerializer(data=parent_data)
if parent_serializer.is_valid():
parent_obj = parent_serializer.save()

child_data = {
"parent_id": parent_obj.id,
"baz": "foo":
"bar": "baz"
}

child_serializer = ChildSerializer(data=child_data)
if child_serializer.is_valid():
child_obj = child_serializer.save()


As I mentioned in the previous email;
If child_serializer.save() raises an exception, the db row created by
parent_serializer.save() is not rolled back.

Actually, I changed the way I send the data to the db. I put the child data
as a nested json,
wrote a create method in the serializer and pushed the data through a
single serializer to the db.
Thus, any bad request at the serializer validation level is avoided and
there is no need to go back.

Anyway, If you think that my claim above is false, I would like to hear
your opinion.


Kind regards,
Sencer HAMARAT



On Tue, Jul 5, 2022 at 3:49 PM Antonis Christofides <
anto...@antonischristofides.com> wrote:

> Could you show the code with your attempt to use atomic?
>
> On 05/07/2022 14.45, Sencer Hamarat wrote:
>
> Hi,
>
> I tried that but, when child_serializer.save() throws an exception, the
> row created by parent_serializer.save() at the database is not rolled back.
>
> Kind regards,
> Sencer HAMARAT
>
>
>
> On Mon, Jul 4, 2022 at 7:59 PM Ryan Nowakowski  wrote:
>
>> You can use transaction.atomic:
>>
>> https://docs.djangoproject.com/en/4.0/topics/db/transactions/#controlling-transactions-explicitly
>>
>> On July 4, 2022 7:16:41 AM EDT, Sencer Hamarat 
>> wrote:
>>>
>>> Hi,
>>>
>>> Say I have a parent and a child model.
>>>
>>> And also there is a view which is using DRF serializers to save data
>>> into models.
>>>
>>> The saving operation steps are:
>>>
>>> First create parent parent object
>>> Then, create child object with parent object relation.
>>>
>>> The view code regarding the description above:
>>>
>>> parent_data = {
>>> "foo": "bar",
>>> "baz": "bar"
>>> }
>>>
>>> parent_serializer = ParentSerializer(data=parent_data)
>>> if parent_serializer.is_valid():
>>> parent_serializer.save()
>>>
>>> child_data = {
>>> "parent_id": parent_serializer.data['id'],
>>> "baz": "foo":
>>> "bar": "baz"
>>> }
>>>
>>> child_serializer = ChildSerializer(data=child_data)
>>> if child_serializer.is_valid():
>>> child_serializer.save()
>>>
>>>
>>> if any exception is thrown while child_serializer saving, how to roll
>>> back the parent object, too?
>>>
>>> Is there any chance to make this happen in a transaction to roll back
>>> any related record?
>>>
>>>
>>> Kind regards,
>>> Sencer HAMARAT
>>>
>>> --
>> You received this message because you are subscribed to the Google Groups
>> "Django users" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to django-users+unsubscr...@googlegroups.com.
>> To view this discussion on the web visit
>> https://groups.google.com/d/msgid/django-users/BEE4B516-7426-4A07-B91B-9733537D4F92%40fattuba.com
>> 
>> .
>>
> --
> You received this message because you are subscribed to the Google Groups
> "Django users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to django-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/django-users/CACp8TZiN2bWGc6FKERxRm83_bbyaRZkhr%3DoG_scATQoxREzPJg%40mail.gmail.com
> 
> .
>
> --
> You received this message because you are subscribed to the Google Groups
> "Django users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to django-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/django-users/aa91c012-95d7-ff3d-bfdc-0bcfcb32a3ee%40antonischristofides.com
> 
> .
>

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-users/CACp8TZgOXXxp46ny2e8iFWsgFKtEKokZD%2BQW68NKngUyCSuODA%40mail.gmail.com.

Re: How to roll back related objects if any error happened.

2022-07-05 Thread Antonis Christofides 

Could you show the code with your attempt to use atomic?


On 05/07/2022 14.45, Sencer Hamarat wrote:

Hi,

I tried that but, when child_serializer.save() throws an exception, the row 
created by parent_serializer.save() at the database is not rolled back.


Kind regards,
Sencer HAMARAT



On Mon, Jul 4, 2022 at 7:59 PM Ryan Nowakowski  wrote:

You can use transaction.atomic:

https://docs.djangoproject.com/en/4.0/topics/db/transactions/#controlling-transactions-explicitly

On July 4, 2022 7:16:41 AM EDT, Sencer Hamarat 
wrote:

Hi,

Say I have a parent and a child model.

And also there is a view which is using DRF serializers to save data
into models.

The saving operation steps are:

First create parent parent object
Then, create child object with parent object relation.

The view code regarding the description above:

parent_data = {
    "foo": "bar",
    "baz": "bar"
}

parent_serializer = ParentSerializer(data=parent_data)
if parent_serializer.is_valid():
    parent_serializer.save()

    child_data = {
        "parent_id": parent_serializer.data['id'],
        "baz": "foo":
        "bar": "baz"
    }

    child_serializer = ChildSerializer(data=child_data)
    if child_serializer.is_valid():
        child_serializer.save()


if any exception is thrown while child_serializer saving, how to roll
back the parent object, too?

Is there any chance to make this happen in a transaction to roll back
any related record?


Kind regards,
Sencer HAMARAT

-- 
You received this message because you are subscribed to the Google Groups

"Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to django-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit

https://groups.google.com/d/msgid/django-users/BEE4B516-7426-4A07-B91B-9733537D4F92%40fattuba.com

.

--
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an 
email to django-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-users/CACp8TZiN2bWGc6FKERxRm83_bbyaRZkhr%3DoG_scATQoxREzPJg%40mail.gmail.com 
.


--
You received this message because you are subscribed to the Google Groups "Django 
users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-users/aa91c012-95d7-ff3d-bfdc-0bcfcb32a3ee%40antonischristofides.com.

Re: How to roll back related objects if any error happened.

2022-07-05 Thread Sencer Hamarat 
Hi,

I tried that but, when child_serializer.save() throws an exception, the row
created by parent_serializer.save() at the database is not rolled back.

Kind regards,
Sencer HAMARAT



On Mon, Jul 4, 2022 at 7:59 PM Ryan Nowakowski  wrote:

> You can use transaction.atomic:
>
> https://docs.djangoproject.com/en/4.0/topics/db/transactions/#controlling-transactions-explicitly
>
> On July 4, 2022 7:16:41 AM EDT, Sencer Hamarat 
> wrote:
>>
>> Hi,
>>
>> Say I have a parent and a child model.
>>
>> And also there is a view which is using DRF serializers to save data into
>> models.
>>
>> The saving operation steps are:
>>
>> First create parent parent object
>> Then, create child object with parent object relation.
>>
>> The view code regarding the description above:
>>
>> parent_data = {
>> "foo": "bar",
>> "baz": "bar"
>> }
>>
>> parent_serializer = ParentSerializer(data=parent_data)
>> if parent_serializer.is_valid():
>> parent_serializer.save()
>>
>> child_data = {
>> "parent_id": parent_serializer.data['id'],
>> "baz": "foo":
>> "bar": "baz"
>> }
>>
>> child_serializer = ChildSerializer(data=child_data)
>> if child_serializer.is_valid():
>> child_serializer.save()
>>
>>
>> if any exception is thrown while child_serializer saving, how to roll
>> back the parent object, too?
>>
>> Is there any chance to make this happen in a transaction to roll back any
>> related record?
>>
>>
>> Kind regards,
>> Sencer HAMARAT
>>
>> --
> You received this message because you are subscribed to the Google Groups
> "Django users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to django-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/django-users/BEE4B516-7426-4A07-B91B-9733537D4F92%40fattuba.com
> 
> .
>

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-users/CACp8TZiN2bWGc6FKERxRm83_bbyaRZkhr%3DoG_scATQoxREzPJg%40mail.gmail.com.

Re: Does Django care about max_query_params? [feature request]

2022-07-05 Thread Jason 
https://github.com/googleapis/python-spanner-django/pull/774

seems like an open PR is addressing this.



On Tuesday, July 5, 2022 at 6:13:32 AM UTC-4 gurov...@gmail.com wrote:

> It's Cloud Spanner. We're using `django_spanner` as a 3rd party connector: 
> https://github.com/googleapis/python-spanner-django
>
> On Tuesday, June 28, 2022 at 11:36:08 AM UTC+4 Jason wrote:
>
>>
>> What db are you using? This might also be an issue for your db connector 
>> lib 
>> On Monday, June 27, 2022 at 10:49:40 AM UTC-4 gurov...@gmail.com wrote:
>>
>>> Hi, all!
>>>
>>> Gotta problem with the number of query params. We're using a backend, 
>>> which connects to a cloud database, and at some point we suddenly started 
>>> getting such an error:
>>>
>>> *Number of parameters in query exceeds the maximum allowed limit of 950*
>>>
>>> Appearing on this step:
>>>
>>>
>>> *django/django/contrib/auth/management/__init__.py", line 83, in 
>>> create_permissionsPermission.objects.using(using).bulk_create(perms)*
>>>
>>> 950 query params is the max number for our backend, and we set the 
>>> *DatabaseFeatures.max_query_params 
>>> *to 900. Still, it looks like Django doesn't care.
>>>
>>> Because of this all of our tests stopped working, bringing a lot of 
>>> inconveniences during development. Seems to me that it should be fixed on 
>>> Django side, centralized, 'cause it's unlikely we're the only who met and 
>>> will meet the problem in future.
>>>
>>>

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-users/7774a7ba-cef3-4b1a-95f3-a5759ad7ca50n%40googlegroups.com.

Re: Does Django care about max_query_params? [feature request]

2022-07-05 Thread Ilya Gurov 
It's Cloud Spanner. We're using `django_spanner` as a 3rd party 
connector: https://github.com/googleapis/python-spanner-django

On Tuesday, June 28, 2022 at 11:36:08 AM UTC+4 Jason wrote:

>
> What db are you using? This might also be an issue for your db connector 
> lib 
> On Monday, June 27, 2022 at 10:49:40 AM UTC-4 gurov...@gmail.com wrote:
>
>> Hi, all!
>>
>> Gotta problem with the number of query params. We're using a backend, 
>> which connects to a cloud database, and at some point we suddenly started 
>> getting such an error:
>>
>> *Number of parameters in query exceeds the maximum allowed limit of 950*
>>
>> Appearing on this step:
>>
>>
>> *django/django/contrib/auth/management/__init__.py", line 83, in 
>> create_permissionsPermission.objects.using(using).bulk_create(perms)*
>>
>> 950 query params is the max number for our backend, and we set the 
>> *DatabaseFeatures.max_query_params 
>> *to 900. Still, it looks like Django doesn't care.
>>
>> Because of this all of our tests stopped working, bringing a lot of 
>> inconveniences during development. Seems to me that it should be fixed on 
>> Django side, centralized, 'cause it's unlikely we're the only who met and 
>> will meet the problem in future.
>>
>>

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-users/306a4ef7-3a94-488f-bc7e-b505f44e4e32n%40googlegroups.com.