Kerangka pemeriksaan sistem

Sistem pemeriksaan kerangka adalah kumpulan dari pemeriksaan tetap untuk memeriksa kebenaran proyek Django. Dia menemukan masalah umum dan menyediakan petunjuk untuk bagaimana memperbaiki mereka. Kerangka ini dapat diperpanjang sehingga anda dapat dengan mudah menambahkan pemeriksaan anda sendiri.

Untuk rincian bagaimana anda menambahkan pemeriksaan sendiri dan menyatukan mereka ke dalam pemeriksaan sistem Django, lihat Panduan topik pemeriksaan sistem.

Acuan API

CheckMessage

class CheckMessage(level, msg, hint, obj=None, id=None)[sumber]

Peringatan dan kesalahan dimunculkan oleh sistem pemeriksaan harus contoh dari CheckMessage. Sebuah instance merangkum kesalahan atau peringatan dapat dilaporkan tunggal. Dia juga menyediakan konteks dan petunjuk yang berlaku pada pesan, dan penciri unik yang digunakan untuk tujuan penyaringan.

Argumen pembangun adalah:

level

Kesederhanaan dari pesan. Gunakan satu dari nilai-nilai yang sudah ditentukan: DEBUG, INFO, WARNING, ERROR, CRITICAL. Jika tingkatan lebih hebat atau sama dengan ERROR, kemudian Django akan mencegah perintah pengelolaan dari menjalankan. Pesan-pesan dengan tingkatan lebih rendah dari ERROR (yaitu peringatan) dilaporkan ke konsol, tetapi dapat disenyapkan.

msg

Deretan kalimat (kurang dari 80 karakter) pendek menggambarkan masalah. Deretan kalimat seharusnya tidak mengandung baris baru.

hint

Deretan karakter baris-tunggal menyediakan petunjuk untuk memperbaiki masalah. Jika tidak ada petunjuk disediakan, atau petunjuk adalah terbukti-sendiri dari pesan kesalahan, petunjuk dapat diabaikan, atau nilai dari None dapat digunakan.

obj

Pilihan. Sebuah obyek menyediakan konteks untuk pesan (sebagai contoh, model dimana masalah ditemukan). Obyek harus menjadi model, bidang, atau pengelola atau obyek lain apapun yang menentukan cara __str__ (pada Python 2 anda butuh menentukan cara __unicode__). Cara digunakan selagi melaporkan semua pesan dan hasilnya mendahului pesan.

id

Deretan karakter pilihan. Sebuah penciri unik untuk masalah. Penciri harus mengikuti corak applabel.X001, dimana X adalah satu dari huruf CEWID, menunjukkan kesederhanaan pesan (C for kritis, E untuk kesalahan dan sebagainya). Angka dapat dialokasikan dengan aplikasi, tetapi harus unik dalam aplikasi itu.

Ada subkelas-subkelas untuk membuat pesan dengan tingkatan umum lebih mudah. Ketika menggunakan mereka anda dapat megnabaikan argumen level karena dia disisipkan oleh nama kelas.

class Debug(msg, hint, obj=None, id=None)[sumber]
class Info(msg, hint, obj=None, id=None)[sumber]
class Warning(msg, hint, obj=None, id=None)[sumber]
class Error(msg, hint, obj=None, id=None)[sumber]
class Critical(msg, hint, obj=None, id=None)[sumber]

Pemeriksaan siap pakai

Etiket siap pakai

Sistem pemeriksaan Django diorganisasikan menggunakan etiket berikut:

  • models: Checks governing model, field and manager definitions.
  • signals: Periksa pada pernyataan sinyal dan penangan pendaftaran.

  • admin: Periksa pernyataan situs admin apapun.

  • compatibility: Masalah potensial penandaan dengan versi ditingkatkan.

  • security: Periksa keamanan konfigurasi terkait.

  • templates: Periksa cetakan konfigurasi terkait.

  • caches: Periksa tembolok konfigurasi terkait.

  • urls: Memeriksa konfigurasi URL.

Beberapa pengecekan mungkin didaftarkan dengan banyak etiket.

Pemeriksaan sistem inti

Model

  • models.E001: <swappable> bukan dari formulir app_label.app_name.

  • models.E002: <SETTING> acuan <model>, yang belum dipasang, atau abstrak.

  • models.E003: Model mempunyai hubungan many-to-many melalui model menengah <app_label>.<model>.

  • models.E004: id dapat hanya digunakan sebagai nama bidang jika bidang juga disetel primary_key=True.

  • models.E005: Bidang <field name> dari model induk <model> bentrok dengan bidang <field name> dari model induk <model>.

  • models.E006: Bidang bentrok dengan bidang <field name> dari model <model>.

  • models.E007: Field <field name> mempunyai nama kolom <column name> yang digunakan oleh bidang lain.

  • models.E008: index_together harus berupa daftar atau tuple.

  • models.E009: Semua unsur index_together harus berupa daftar atau tuple.

  • models.E010: unique_together harus berupa daftar atau tuple.

  • models.E011: Semua unsur unique_together harus berupa daftar atau tuple.

  • models.E012: index_together/unique_together mengacu pada bidang tidak ada <field name>.

  • models.E013: index_together/unique_together mengacu pada ManyToManyField <field name>, tetapi ManyToManyField tidak didukung untuk pilihan itu.

  • models.E014: ordering harus berupa tuple atau daftar (bahkan jika anda ingin memesan hanya satu bidang).

  • models.E015: ordering mengacu pada bidang tidak ada <field name>.

  • models.E016: index_together/unique_together mengacu pada bidang <field_name> yang bukan lokal ke model <model>.

  • models.E017: Model proxy <model> mengandung bidang-bidang model.

  • models.E018: Nama kolom otomatis dibangkitkan terlalu panjang untuk bidang <field>. Panjang maksimum adalah <maximum length> untuk basisdata <alias>.

  • models.E019: Nama kolom otomatis dibangkitkan terlalu panjang untuk bidang M2M <M2M field>. Panjang maksimum adalah <maximum length> untuk basisdata <alias>.

  • models.E020: Cara kelas <model>.check() saat ini dikesampingkan.

  • models.E021: ordering dan order_with_respect_to tidak dapat digunakan bersama-sama.

Bidang

  • fields.E001: Nama bidang tidak boleh berakhir dengan garis bawah.

  • fields.E002: Nama bidang tidak harus mengandung "__".

  • fields.E003: pk adalah kata terpesan yang tidak dapat digunakan sebagai nama bidang.

  • fields.E004: choices harus dapat berulang (sebagai contoh, daftar atau tuple).

  • fields.E005: choices harus dapat berulang mengembalikan tuple (nilai sebenarnya, nama yang dapat dibaca manusia).

  • fields.E006: db_index harus berupa None, True atau False.

  • fields.E007: Primary key tidak harus mempunyai null=True.

  • fields.E100: ``AutoField harus disetel primary_key=True.

  • fields.E110: BooleanField tidak menerima nilai-nilai null.

  • fields.E120: CharField harus menentukan atribut max_length.

  • fields.E121: max_length harus integer positif.

  • fields.W122: max_length diabaikan ketika digunakan dengan IntegerField.

  • fields.E130: DecimalField harus ditentukan atribut decimal_places.

  • fields.E131: decimal_places harus berupa integer bukan-negatif.

  • fields.E132: DecimalField harus ditentukan atribut max_digits.

  • fields.E133: max_digits harus berupa integer bukan-negatif.

  • fields.E134: max_digits harus lebih besar atau sama dengan decimal_places.

  • fields.E140: FilePathField harus mempunyai salah satu allow_files atau allow_folders disetel ke True.

  • fields.E150: GenericIPAddressField tidak dapat menerima nilai-nilai kosong jika nilai-nilai null tidak diijinkan, sebagai nilai-nilai kosong disimpan sebagai null.

  • fields.E160: Pilihan auto_now, auto_now_add, dan default saling eksklusif. Hanya satu dari pilihan-pilihan ini mungkin dihadirkan.

  • fields.W161: Nilai awal tetap disediakan.

  • fields.E900: IPAddressField telah dipindahkan kecuali untuk dukungan dalam riwayat perpindahan.

  • fields.W900*: IPAddressField telah diusangkan. Dukung untuk dia (kecuali dalam riwayat perpindahan) akan dipindahkan di Django 1.9. Pemeriksaan ini muncul di Django 1.7 and 1.8.

Bidang Berkas

  • fields.E200: unique bukan argumen sah untuk FileField.

  • fields.E201: primary_key bukan argumen sah untuk FileField.

  • fields.E210: Tidak dapat menggunakan ImageField karena Pillow tidak dipasang.

Sinyal

  • signals.E001: <handler> telah terhubung ke sinyal <signal> dengan acuan malas ke pengirim <model>, yang belum dipasang.

Kesesuaian Kebelakang

The following checks are performed to warn the user of any potential problems that might occur as a result of a version upgrade.

  • 1_6.W001: Some project unit tests may not execute as expected. This check was removed in Django 1.8 due to false positives.
  • 1_6.W002: BooleanField tidak mempunyai nilai awal. Pemeriksaan ini dipindahkan di Django 1.8 karena positif salah.

  • 1_7.W001: Django 1.7 changed the global defaults for the MIDDLEWARE_CLASSES. django.contrib.sessions.middleware.SessionMiddleware, django.contrib.auth.middleware.AuthenticationMiddleware, and django.contrib.messages.middleware.MessageMiddleware were removed from the defaults. If your project needs these middleware then you should configure this setting. This check was removed in Django 1.9.
  • 1_8.W001: The standalone TEMPLATE_* settings were deprecated in Django 1.8 and the TEMPLATES dictionary takes precedence. You must put the values of the following settings into your defaults TEMPLATES dict: TEMPLATE_DIRS, ALLOWED_INCLUDE_ROOTS, TEMPLATE_CONTEXT_PROCESSORS, TEMPLATE_DEBUG, TEMPLATE_LOADERS, TEMPLATE_STRING_IF_INVALID.

Admin

Admin memeriksa semua yang dilakukan sebagai bagian dari etiket admin.

Pemeriksaan berikut dilakukan pada setiap ModelAdmin (atau subkelas) yang terdaftar dengan situs admin:

  • admin.E001: Nilai dari raw_id_fields harus berupa daftar atau tuple.

  • admin.E002: Nilai dari raw_id_fields[n] mengacu pada <field name>, yang bukan atribut dari <model>.

  • admin.E003: Nilai dari raw_id_fields[n] harus berupa ForeignKey atau ManyToManyField.

  • admin.E004: Nilai-nilai dari fields harus berupa daftar atau tuple.

  • admin.E005: kedua fieldsets dan fields ditentukan.

  • admin.E006: Nilai dari fields mengandung bidang ganda.

  • admin.E007: Nilai dari fieldsets harus berupa daftar atau tuple.

  • admin.E008: Nilai dari fieldsets[n] harus berupa daftar atau tuple.

  • admin.E009: Nilai dari fieldsets[n] harus panjang 2.

  • admin.E010: Nilai dari fieldsets[n][1] harus berupa kamus.

  • admin.E011: Nilai dari fieldsets[n][1] harus mengandung kunci fields.

  • admin.E012: Ada bidang ganda dalam fieldsets[n][1].

  • admin.E013: fields[n]/fieldsets[n][m] cannot include the ManyToManyField <field name>, because that field manually specifies a relationship model.
  • admin.E014: The value of exclude must be a list or tuple.
  • admin.E015: The value of exclude contains duplicate field(s).
  • admin.E016: The value of form must inherit from BaseModelForm.
  • admin.E017: The value of filter_vertical must be a list or tuple.
  • admin.E018: The value of filter_horizontal must be a list or tuple.
  • admin.E019: The value of filter_vertical[n]/filter_vertical[n] refers to <field name>, which is not an attribute of <model>.
  • admin.E020: The value of filter_vertical[n]/filter_vertical[n] must be a ManyToManyField.
  • admin.E021: The value of radio_fields must be a dictionary.
  • admin.E022: The value of radio_fields refers to <field name>, which is not an attribute of <model>.
  • admin.E023: The value of radio_fields refers to <field name>, which is not a ForeignKey, and does not have a choices definition.
  • admin.E024: The value of radio_fields[<field name>] must be either admin.HORIZONTAL or admin.VERTICAL.
  • admin.E025: The value of view_on_site must be either a callable or a boolean value.
  • admin.E026: The value of prepopulated_fields must be a dictionary.
  • admin.E027: The value of prepopulated_fields refers to <field name>, which is not an attribute of <model>.
  • admin.E028: The value of prepopulated_fields refers to <field name>, which must not be a DateTimeField, ForeignKey or ManyToManyField.
  • admin.E029: The value of prepopulated_fields[<field name>] must be a list or tuple.
  • admin.E030: The value of prepopulated_fields refers to <field name>, which is not an attribute of <model>.
  • admin.E031: The value of ordering must be a list or tuple.
  • admin.E032: The value of ordering has the random ordering marker ?, but contains other fields as well.
  • admin.E033: The value of ordering refers to <field name>, which is not an attribute of <model>.
  • admin.E034: The value of readonly_fields must be a list or tuple.
  • admin.E035: The value of readonly_fields[n] is not a callable, an attribute of <ModelAdmin class>, or an attribute of <model>.

ModelAdmin

The following checks are performed on any ModelAdmin that is registered with the admin site:

  • admin.E101: Nilai dari save_as harus boolean.

  • admin.E102: Nilai dari save_on_top harus boolean.

  • admin.E103: The value of inlines must be a list or tuple.
  • admin.E104: <InlineModelAdmin class> must inherit from BaseModelAdmin.
  • admin.E105: <InlineModelAdmin class> must have a model attribute.
  • admin.E106: The value of <InlineModelAdmin class>.model must be a Model.
  • admin.E107: The value of list_display must be a list or tuple.
  • admin.E108: The value of list_display[n] refers to <label>, which is not a callable, an attribute of <ModelAdmin class>, or an attribute or method on <model>.
  • admin.E109: The value of list_display[n] must not be a ManyToManyField.
  • admin.E110: The value of list_display_links must be a list, a tuple, or None.
  • admin.E111: The value of list_display_links[n] refers to <label>, which is not defined in list_display.
  • admin.E112: The value of list_filter must be a list or tuple.
  • admin.E113: The value of list_filter[n] must inherit from ListFilter.
  • admin.E114: The value of list_filter[n] must not inherit from FieldListFilter.
  • admin.E115: The value of list_filter[n][1] must inherit from FieldListFilter.
  • admin.E116: The value of list_filter[n] refers to <label>, which does not refer to a Field.
  • admin.E117: The value of list_select_related must be a boolean, tuple or list.
  • admin.E118: Nilai dari list_per_page harus berupa integer.

  • admin.E119: Nilai dari list_max_show_all harus berupa integer.

  • admin.E120: The value of list_editable must be a list or tuple.
  • admin.E121: The value of list_editable[n] refers to <label>, which is not an attribute of <model>.
  • admin.E122: The value of list_editable[n] refers to <label>, which is not contained in list_display.
  • admin.E123: The value of list_editable[n] cannot be in both list_editable and list_display_links.
  • admin.E124: The value of list_editable[n] refers to the first field in list_display (<label>), which cannot be used unless list_display_links is set.
  • admin.E125: The value of list_editable[n] refers to <field name>, which is not editable through the admin.
  • admin.E126: The value of search_fields must be a list or tuple.
  • admin.E127: The value of date_hierarchy refers to <field name>, which is not an attribute of <model>.
  • admin.E128: The value of date_hierarchy must be a DateField or DateTimeField.

InlineModelAdmin

The following checks are performed on any InlineModelAdmin that is registered as an inline on a ModelAdmin.

  • admin.E201: Cannot exclude the field <field name>, because it is the foreign key to the parent model <app_label>.<model>.
  • admin.E202: <model> has no ForeignKey to <parent model>./ <model> has more than one ForeignKey to <parent model>.
  • admin.E203: Nilai dari extra harus berupa integer.

  • admin.E204: Nilai max_num harus berupa integer.

  • admin.E205: Nilai min_num harus berupa integer.

  • admin.E206: The value of formset must inherit from BaseModelFormSet.

GenericInlineModelAdmin

The following checks are performed on any GenericInlineModelAdmin that is registered as an inline on a ModelAdmin.

  • admin.E301: 'ct_field' acuan <label>, yang bukan bidang di <model>.

  • admin.E302: 'ct_fk_field' references <label>, which is not a field on <model>.
  • admin.E303: <model> tidak mempunyai GenericForeignKey.

  • admin.E304: <model> has no GenericForeignKey using content type field <field name> and object ID field <field name>.

Auth

  • auth.E001: REQUIRED_FIELDS harus berupa daftar atau rekaman.

  • auth.E002: The field named as the USERNAME_FIELD for a custom user model must not be included in REQUIRED_FIELDS.
  • auth.E003: <field> must be unique because it is named as the USERNAME_FIELD.
  • auth.W004: <field> is named as the USERNAME_FIELD, but it is not unique.

Tipe Konten

The following checks are performed when a model contains a GenericForeignKey or GenericRelation:

  • contenttypes.E001: The GenericForeignKey object ID references the non-existent field <field>.
  • contenttypes.E002: The GenericForeignKey content type references the non-existent field <field>.
  • contenttypes.E003: <field> bukan ForeignKey.

  • contenttypes.E004: <field> is not a ForeignKey to contenttypes.ContentType.

Keamanan

The security checks do not make your site secure. They do not audit code, do intrusion detection, or do anything particularly complex. Rather, they help perform an automated, low-hanging-fruit checklist. They help you remember the simple things that improve your site’s security.

Some of these checks may not be appropriate for your particular deployment configuration. For instance, if you do your HTTP to HTTPS redirection in a load balancer, it’d be irritating to be constantly warned about not having enabled SECURE_SSL_REDIRECT. Use SILENCED_SYSTEM_CHECKS to silence unneeded checks.

The following checks are run if you use the check --deploy option:

  • security.W001: You do not have django.middleware.security.SecurityMiddleware in your MIDDLEWARE_CLASSES so the SECURE_HSTS_SECONDS, SECURE_CONTENT_TYPE_NOSNIFF, SECURE_BROWSER_XSS_FILTER, and SECURE_SSL_REDIRECT settings will have no effect.
  • security.W002: You do not have django.middleware.clickjacking.XFrameOptionsMiddleware in your MIDDLEWARE_CLASSES, so your pages will not be served with an 'x-frame-options' header. Unless there is a good reason for your site to be served in a frame, you should consider enabling this header to help prevent clickjacking attacks.
  • security.W003: You don’t appear to be using Django’s built-in cross-site request forgery protection via the middleware (django.middleware.csrf.CsrfViewMiddleware is not in your MIDDLEWARE_CLASSES). Enabling the middleware is the safest approach to ensure you don’t leave any holes.
  • security.W004: You have not set a value for the SECURE_HSTS_SECONDS setting. If your entire site is served only over SSL, you may want to consider setting a value and enabling HTTP Strict Transport Security. Be sure to read the documentation first; enabling HSTS carelessly can cause serious, irreversible problems.
  • security.W005: You have not set the SECURE_HSTS_INCLUDE_SUBDOMAINS setting to True. Without this, your site is potentially vulnerable to attack via an insecure connection to a subdomain. Only set this to True if you are certain that all subdomains of your domain should be served exclusively via SSL.
  • security.W006: Your SECURE_CONTENT_TYPE_NOSNIFF setting is not set to True, so your pages will not be served with an 'x-content-type-options: nosniff' header. You should consider enabling this header to prevent the browser from identifying content types incorrectly.
  • security.W007: Your SECURE_BROWSER_XSS_FILTER setting is not set to True, so your pages will not be served with an 'x-xss-protection: 1; mode=block' header. You should consider enabling this header to activate the browser’s XSS filtering and help prevent XSS attacks.
  • security.W008: Your SECURE_SSL_REDIRECT setting is not set to True. Unless your site should be available over both SSL and non-SSL connections, you may want to either set this setting to True or configure a load balancer or reverse-proxy server to redirect all connections to HTTPS.
  • security.W009: Your SECRET_KEY has less than 50 characters or less than 5 unique characters. Please generate a long and random SECRET_KEY, otherwise many of Django’s security-critical features will be vulnerable to attack.
  • security.W010: You have django.contrib.sessions in your INSTALLED_APPS but you have not set SESSION_COOKIE_SECURE to True. Using a secure-only session cookie makes it more difficult for network traffic sniffers to hijack user sessions.
  • security.W011: You have django.contrib.sessions.middleware.SessionMiddleware in your MIDDLEWARE_CLASSES, but you have not set SESSION_COOKIE_SECURE to True. Using a secure-only session cookie makes it more difficult for network traffic sniffers to hijack user sessions.
  • security.W012: SESSION_COOKIE_SECURE is not set to True. Using a secure-only session cookie makes it more difficult for network traffic sniffers to hijack user sessions.
  • security.W013: You have django.contrib.sessions in your INSTALLED_APPS, but you have not set SESSION_COOKIE_HTTPONLY to True. Using an HttpOnly session cookie makes it more difficult for cross-site scripting attacks to hijack user sessions.
  • security.W014: You have django.contrib.sessions.middleware.SessionMiddleware in your MIDDLEWARE_CLASSES, but you have not set SESSION_COOKIE_HTTPONLY to True. Using an HttpOnly session cookie makes it more difficult for cross-site scripting attacks to hijack user sessions.
  • security.W015: SESSION_COOKIE_HTTPONLY is not set to True. Using an HttpOnly session cookie makes it more difficult for cross-site scripting attacks to hijack user sessions.
  • security.W016: CSRF_COOKIE_SECURE is not set to True. Using a secure-only CSRF cookie makes it more difficult for network traffic sniffers to steal the CSRF token.
  • security.W017: CSRF_COOKIE_HTTPONLY is not set to True. Using an HttpOnly CSRF cookie makes it more difficult for cross-site scripting attacks to steal the CSRF token.
  • security.W018*: Anda harus mempunyai DEBUG disetel ke True dalam menyebarkan.

  • security.W019: You have django.middleware.clickjacking.XFrameOptionsMiddleware in your MIDDLEWARE_CLASSES, but X_FRAME_OPTIONS is not set to 'DENY'. The default is 'SAMEORIGIN', but unless there is a good reason for your site to serve other parts of itself in a frame, you should change it to 'DENY'.
  • security.W020: ALLOWED_HOSTS harus tidak kosong dalam menyebarkan.

Situs

The following checks are performed on any model using a CurrentSiteManager:

  • sites.E001: CurrentSiteManager could not find a field named <field name>.
  • sites.E002: CurrentSiteManager cannot use <field> as it is not a ForeignKey or ManyToManyField.

Basisdata

MySQL

Jika anda sedang menggunakan MySQL, pemeriksaan berikut akan dilakukan:

  • mysql.E001: MySQL tidak mengizinkan CharFields unik mempunyai max_length > 255.

Templat

The following checks verify that your TEMPLATES setting is correctly configured:

  • templates.E001: You have 'APP_DIRS': True in your TEMPLATES but also specify 'loaders' in OPTIONS. Either remove APP_DIRS or remove the 'loaders' option.

Tembolok

The following checks verify that your CACHES setting is correctly configured:

  • caches.E001: You must define a 'default' cache in your CACHES setting.

URL

Pemeriksaan berikut dilakukan di konfigurasi URL anda:

  • urls.W001: Your URL pattern <pattern> uses include() with a regex ending with a $. Remove the dollar from the regex to avoid problems including URLs.
  • urls.W002: Your URL pattern <pattern> has a regex beginning with a /. Remove this slash as it is unnecessary.
  • urls.W003: Your URL pattern <pattern> has a name including a :. Remove the colon, to avoid ambiguous namespace references.