When using DjangoDebugMiddleware, debug tracking presumes cursor.execute argument is a string, raising an error

[yourcelf]

• What is the current behavior?

When using the DjangoDebugMiddleware, Graphene Django wraps cursor.execute calls in a class that logs the query. Among the properties it logs is is_select, which attempts to guess if a query is a select query by looking for "select" in the argument to cursor.execute:

                "is_select": sql.lower().strip().startswith("select"),

When cursor.execute is called with a non-string argument, such as a psycopg2 query template, this raises an error:

from django.db import connection
from psycopg2 import sql

with connection.cursor() as cursor:
    query = sql.SQL("SELECT * FROM {table}").format(table=sql.Identifier("my_table"))
    cursor.execute(query)

This raises:

graphql.error.located_error.GraphQLLocatedError: 'Composed' object has no attribute 'lower'

• What is the expected behavior?
  Grahene Django should not presume that the argument to connection.cursor() will always be a string, and do appropriate string coercion as needed before calling string methods on it.

• What is the motivation / use case for changing the behavior?
  Robustness. It's ideal not to throw exceptions from normal uses of core Django methods which graphene-django monkeypatches.

• Please tell us about your environment:

  • Version: graphene-django 2.5.0
  • Platform: Ubuntu Linux 18.04, Django 2.2.12, graphene 2.1.8

[pauricthelodger]

@yourcelf We experienced that as well. Haven't decided yet how to fix for a PR here for it but in our package we now have a lot of executes that look like this:

with connection.cursor() as cursor:
    sql_str = sql.SQL("SELECT * FROM {table}").format(table=sql.Identifier("my_table"))
    cursor.execute(
        sql_str.as_string(cursor.cursor.connection),
        params=None,
    )

[mtully-blitz]

Ran into the same issue. A possibly naive solution from playing around in my debugger. It fixed the issue in my case, but unsure of the side effects beyond the scope of this function.

https://github.com/graphql-python/graphene-django/blob/master/graphene_django/debug/sql/tracking.py#L115

sql_string = self.db.ops.last_executed_query(
        self.cursor, sql, self._quote_params(params)
    )
params = {
    "vendor": vendor,
    "alias": alias,
    "sql": sql_string,
    "duration": duration,
    "raw_sql": sql,
    "params": _params,
    "start_time": start_time,
    "stop_time": stop_time,
    "is_slow": duration > 10,
    "is_select": sql_string.lower().strip().startswith("select"),
}

[jkimbo]

This does look like a bug but unfortunately I don't have enough time at the moment to look into it more deeply. If someone would like to try and fix it that would be much appreciated.

[hnkisdead]

NormalCursorWrapper falls with UnicodeDecodeError in python 2

• Current behavior
  graphene_django.debug.sql.tracking.NormalCursorWrapper._quote_expr falls with UnicodeDecodeError in python 2

• Steps to reproduce
  https://gist.github.com/subv13/826a0f6e34159f6c27bdf8c4f4fa5f2e

• Expected behavior
  graphene_django.debug.sql.tracking.NormalCursorWrapper._quote_expr don't falls with UnicodeDecodeError in python 2 😉

• Environment:

  • Version: python 2.7.15
  • Platform: MacOS Catalina

• Other information
  I think properly use django.utils.encoding.force_text inside _quote_expr instead of django.utils.encoding.force_str. If i'm right i can fix it and send PR

[zbyte64]

I like @mtully-blitz solution, doesn't appear incorrect.