Opened 8 months ago

Last modified 7 months ago

#36246 assigned Bug

BaseGeometryWidget.deserialize() does not catch GDALException from malformed GeoJSON

Reported by: David Buhler Owned by: JaeHyuckSa
Component: GIS Version: 4.2
Severity: Normal Keywords:
Cc: Claude Paroz Triage Stage: Accepted
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: yes
Easy pickings: no UI/UX: no

Description

When passing malformed GeoJSON, either using incorrect GeoJSON values or simply malformed JSON, a GDALException is raised:

https://github.com/django/django/blob/stable/4.2.x/django/contrib/gis/gdal/prototypes/errcheck.py#L75

This differs from the GEOSException that is thrown when passing in WKT:

https://github.com/django/django/blob/stable/4.2.x/django/contrib/gis/geos/prototypes/errcheck.py#L32

The GEOSException is handled during form deserialization, but not the GDALException, during widget deserialization:
https://github.com/django/django/blob/stable/4.2.x/django/contrib/gis/forms/widgets.py#L54

This seems to be handled properly during field deserialization:
https://github.com/django/django/blob/stable/4.2.x/django/contrib/gis/forms/fields.py#L46

This remains an issue with the 5.2.x. branch.

Change History (7)

comment:1 by Sarah Boyce, 8 months ago

Cc: Claude Paroz added
Summary: Malformed GeoJSON throws server errorBaseGeometryWidget.deserialize() does not catch GDALException from malformed GeoJSON
Triage Stage: UnreviewedAccepted

Thank you for the report

Replicated, possible test

  • tests/gis_tests/test_geoforms.py 

    diff --git a/tests/gis_tests/test_geoforms.py b/tests/gis_tests/test_geoforms.py
index c351edaaad..b6068948f3 100644
    a b class GeometryWidgetTests(SimpleTestCase):  
    435435        context = widget.get_context("geometry", None, None)
    436436        self.assertEqual(context["geom_type"], "Geometry")
    437437
     438    def test_invalid_values(self):
     439        bad_inputs = [
     440            "POINT(5)",
     441            "MULTI   POLYGON(((0 0, 0 1, 1 1, 1 0, 0 0)))",
     442            "BLAH(0 0, 1 1)",
     443            '{"type": "FeatureCollection", "features": ['
     444            '{"geometry": {"type": "Point", "coordinates": [508375, 148905]}, '
     445            '"type": "Feature"}]}',
     446        ]
     447        for input in bad_inputs:
     448            with self.subTest(input=input):
     449                self.assertIsNone(BaseGeometryWidget().deserialize(input))
     450
    438451    def test_subwidgets(self):

comment:2 by JaeHyuckSa, 8 months ago

Has patch: set
Owner: set to JaeHyuckSa
Status: newassigned

comment:3 by Sarah Boyce, 8 months ago

Has patch: unset

comment:4 by JaeHyuckSa, 8 months ago

Has patch: set

comment:5 by Sarah Boyce, 8 months ago

Patch needs improvement: set

comment:6 by David Buhler, 7 months ago

Hey folks, thanks for picking this up. Is there any chance this will make it into a 5.2.x release?

in reply to:  6 comment:7 by Sarah Boyce, 7 months ago

Replying to David Buhler:

Hey folks, thanks for picking this up. Is there any chance this will make it into a 5.2.x release?

The bug fix freeze for 5.2 was February 19th (see https://code.djangoproject.com/wiki/Version5.2Roadmap), so at the earliest this should be in 6.0.

Note: See TracTickets for help on using tickets.
Back to Top