Transaction management does not catch all exceptions
|Reported by:||jim <jim-django@…>||Owned by:||nobody|
|Component:||Database layer (models, ORM)||Version:||master|
|Has patch:||yes||Needs documentation:||no|
|Needs tests:||no||Patch needs improvement:||no|
When a view is decorated with commit_on_success, any exception raised in that view should cause a rollback of the current transaction. If no exception occurs, the transaction should be committed.
There are many exceptions that are not caught by commit_on_success. When one of these is raised, neither a rollback nor a commit is done. This causes a TransactionManagementError in leave_transaction_management().
The only exceptions caught are subclasses of Python's built in Exception class. Since Python allows any object to be raised as an exception, this leaves an unprotected path in the code.
For example (untested, just an illustration):
@commit_on_success def my_view(request): raise "simple debug exception"
The object being raised will not match commit_on_success's handler, and the error condition is triggered.
Note: Yes, string exceptions are deprecated. But they are still possible, and must be guarded against.
Simple patch attached.
Change History (6)
Changed 7 years ago by jim <jim-django@…>
comment:1 Changed 7 years ago by Bernd Schlapsi
- Needs documentation unset
- Needs tests unset
- Patch needs improvement unset
comment:3 Changed 7 years ago by ericholscher
- milestone set to 1.0
- Triage Stage changed from Unreviewed to Accepted
comment:4 Changed 7 years ago by mtredinnick
- Resolution set to fixed
- Status changed from new to closed