系统检查框架¶

“CheckMessage”¶

class CheckMessage(level, msg, hint=None, obj=None, id=None)[源代码]¶

系统检查提出的警告和错误必须是“CheckMessage”的实例。 一个实例封装了一个可报告的错误或警告。 它还提供适用于消息的上下文和提示以及用于过滤目的的唯一标识符。

构造方法的参数：

level

消息的严重性。 使用其中一个预定义的值：DEBUG，INFO，WARNING，ERROR，CRITICAL。 如果级别大于或等于“ERROR”，则Django将阻止执行管理命令。 级别低于“ERROR”的消息（即警告）被报告给控制台，但是可以被静默。

msg

用来描述问题的一个简短字符串(少于80个字符)。这个字符串不应该包含换行符。

hint

提供解决问题的提示的单行字符串。 如果不能提供提示，或者错误消息中的提示是显而易见的，则提示可以省略，或者可以使用“None”的值。

obj

Optional. An object providing context for the message (for example, the model where the problem was discovered). The object should be a model, field, or manager or any other object that defines a __str__() method. The method is used while reporting all messages and its result precedes the message.

id

Optional string. A unique identifier for the issue. Identifiers should follow the pattern applabel.X001, where X is one of the letters CEWID, indicating the message severity (C for criticals, E for errors and so). The number can be allocated by the application, but should be unique within that application.

有一些子类可以使创建通用级别的消息更简单。 当使用它们时，可以省略“level”参数，因为它是由类名所隐含的。

class Debug(msg, hint=None, obj=None, id=None)[源代码]¶

class Info(msg, hint=None, obj=None, id=None)[源代码]¶

class Warning(msg, hint=None obj=None, id=None)[源代码]¶

class Error(msg, hint=None, obj=None, id=None)[源代码]¶

class Critical(msg, hint=None, obj=None, id=None)[源代码]¶

向后兼容¶

兼容性检查警告那些升级 Django 后可能出现的问题。

• 2_0.W001: Your URL pattern <pattern> has a route that contains (?P<, begins with a ^, or ends with a $. This was likely an oversight when migrating from url() to path().

缓存¶

The following checks verify that your CACHES setting is correctly configured:

• caches.E001: You must define a 'default' cache in your CACHES setting.

数据库¶

模型字段¶

• fields.E001: 字段名不能已下划线结尾。
• fields.E002: 字段名不能有 "__".
• fields.E003*: pk 是保留关键字，不能作为字段名使用。
• ** fields.E004 **：“choices”必须是可迭代的（例如，列表或元组）。
• ** fields.E005 **：``choices``必须是一个可返回的``（实际值，易读的名称）``构成元组。
• ** fields.E006 **：db_index``必须是`None`，``True``或`False。
• ** fields.E007 **：主键不能有“null = True”。
• fields.E008：所有 validators 必须都是可调用的。
• fields.E100： AutoField` 必须设置 primary_key=True。
• fields.E110: BooleanFields do not accept null values. This check appeared before support for null values was added in Django 2.1.
• fields.E120： CharField 必须定义一个 max_length 属性。
• fields.E121： max_length 必须是个正整数。
• fields.W122： max_length 在使用 <integer field type> 时会被忽略。
• fields.E130： DecimalField 必须定义一个 decimal_places 属性。
• fields.E131： decimal_places 必须是个非负整数。
• fields.E132： DecimalField 必须定义一个 max_digits 属性。
• fields.E133： max_digits 必须是一个非负整数。
• fields.E134： max_digits 必须大于或等于 decimal_places。
• fields.E140： FilePathField 的 allow_files 或 allow_folders 必须有一个被设为 True。
• fields.E150： 若``GenericIPAddressField`` 不允许 null 值，那么它也不接受空值，因为空值被保存为 null。
• fields.E160: The options auto_now, auto_now_add, and default are mutually exclusive. Only one of these options may be present.
• fields.W161：默认绑定值。
• fields.W162： <database> 并不支持在 <field data type> 列上创建数据库索引。
• fields.E900: IPAddressField has been removed except for support in historical migrations.
• fields.W900: IPAddressField has been deprecated. Support for it (except in historical migrations) will be removed in Django 1.9. This check appeared in Django 1.7 and 1.8.
• fields.W901: CommaSeparatedIntegerField has been deprecated. Support for it (except in historical migrations) will be removed in Django 2.0. This check appeared in Django 1.10 and 1.11.
• fields.E901: CommaSeparatedIntegerField is removed except for support in historical migrations.
• fields.W902: FloatRangeField is deprecated and will be removed in Django 3.1.

模型¶

• models.E001： <swappable> 不是表单 app_label.app_name。
• models.E002: <SETTING> references <model>, which has not been installed, or is abstract.
• models.E003: The model has two identical many-to-many relations through the intermediate model <app_label>.<model>.
• models.E004: id can only be used as a field name if the field also sets primary_key=True.
• models.E005: The field <field name> from parent model <model> clashes with the field <field name> from parent model <model>.
• models.E006：与另一个模型 <model> 的字段 <field name> 冲突的字段。
• models.E007： 列名 <column name> 被其它字段使用的字段 <field name> 。
• models.E008： index_together 必须是个列表或元组。
• models.E009： 所有 index_together 元素都必须是列表或元组。
• models.E010： unique_together 必须是个列表或元组。
• models.E011： 所有 unique_together 元素都必须是列表或元组。
• models.E012： indexes/index_together/unique_together 指向了不存在的字段 <field name>。
• models.E013： indexes/index_together/unique_together 指向一个 ManyToManyField <field name>，但此选项不支持 ManyToManyField。
• models.E014： ordering 必须是个元组或列表（即便你只想按照一个字段进行排序）。
• models.E015： ordering 指向了不存在的字段 <field name>。
• models.E016: indexes/index_together/unique_together refers to field <field_name> which is not local to model <model>.
• models.E017: Proxy model <model> contains model fields.
• models.E018: Autogenerated column name too long for field <field>. Maximum length is <maximum length> for database <alias>.
• models.E019: Autogenerated column name too long for M2M field <M2M field>. Maximum length is <maximum length> for database <alias>.
• models.E020: The <model>.check() class method is currently overridden.
• models.E021: ordering and order_with_respect_to cannot be used together.
• models.E022: <function> contains a lazy reference to <app label>.<model>, but app <app label> isn't installed or doesn't provide model <model>.
• models.E023: The model name <model> cannot start or end with an underscore as it collides with the query lookup syntax.
• models.E024: The model name <model> cannot contain double underscores as it collides with the query lookup syntax.
• models.E025: The property <property name> clashes with a related field accessor.
• models.E026: The model cannot have more than one field with primary_key=True.
• models.W027: <database> does not support check constraints.
• models.E028: db_table <db_table> is used by multiple models: <model list>.
• models.W035: db_table <db_table> is used by multiple models: <model list>.

安全¶

The security checks do not make your site secure. They do not audit code, do intrusion detection, or do anything particularly complex. Rather, they help perform an automated, low-hanging-fruit checklist. They help you remember the simple things that improve your site's security.

Some of these checks may not be appropriate for your particular deployment configuration. For instance, if you do your HTTP to HTTPS redirection in a load balancer, it'd be irritating to be constantly warned about not having enabled SECURE_SSL_REDIRECT. Use SILENCED_SYSTEM_CHECKS to silence unneeded checks.

The following checks are run if you use the check --deploy option:

• security.W001: You do not have django.middleware.security.SecurityMiddleware in your MIDDLEWARE so the SECURE_HSTS_SECONDS, SECURE_CONTENT_TYPE_NOSNIFF, SECURE_BROWSER_XSS_FILTER, and SECURE_SSL_REDIRECT settings will have no effect.
• security.W002: You do not have django.middleware.clickjacking.XFrameOptionsMiddleware in your MIDDLEWARE, so your pages will not be served with an 'x-frame-options' header. Unless there is a good reason for your site to be served in a frame, you should consider enabling this header to help prevent clickjacking attacks.
• security.W003: You don't appear to be using Django's built-in cross-site request forgery protection via the middleware (django.middleware.csrf.CsrfViewMiddleware is not in your MIDDLEWARE). Enabling the middleware is the safest approach to ensure you don't leave any holes.
• security.W004: You have not set a value for the SECURE_HSTS_SECONDS setting. If your entire site is served only over SSL, you may want to consider setting a value and enabling HTTP Strict Transport Security. Be sure to read the documentation first; enabling HSTS carelessly can cause serious, irreversible problems.
• security.W005: You have not set the SECURE_HSTS_INCLUDE_SUBDOMAINS setting to True. Without this, your site is potentially vulnerable to attack via an insecure connection to a subdomain. Only set this to True if you are certain that all subdomains of your domain should be served exclusively via SSL.
• security.W006: Your SECURE_CONTENT_TYPE_NOSNIFF setting is not set to True, so your pages will not be served with an 'X-Content-Type-Options: nosniff' header. You should consider enabling this header to prevent the browser from identifying content types incorrectly.
• security.W007: Your SECURE_BROWSER_XSS_FILTER setting is not set to True, so your pages will not be served with an 'X-XSS-Protection: 1; mode=block' header. You should consider enabling this header to activate the browser's XSS filtering and help prevent XSS attacks.
• security.W008: Your SECURE_SSL_REDIRECT setting is not set to True. Unless your site should be available over both SSL and non-SSL connections, you may want to either set this setting to True or configure a load balancer or reverse-proxy server to redirect all connections to HTTPS.
• security.W009: Your SECRET_KEY has less than 50 characters or less than 5 unique characters. Please generate a long and random SECRET_KEY, otherwise many of Django's security-critical features will be vulnerable to attack.
• security.W010: You have django.contrib.sessions in your INSTALLED_APPS but you have not set SESSION_COOKIE_SECURE to True. Using a secure-only session cookie makes it more difficult for network traffic sniffers to hijack user sessions.
• security.W011: You have django.contrib.sessions.middleware.SessionMiddleware in your MIDDLEWARE, but you have not set SESSION_COOKIE_SECURE to True. Using a secure-only session cookie makes it more difficult for network traffic sniffers to hijack user sessions.
• security.W012: SESSION_COOKIE_SECURE is not set to True. Using a secure-only session cookie makes it more difficult for network traffic sniffers to hijack user sessions.
• security.W013: You have django.contrib.sessions in your INSTALLED_APPS, but you have not set SESSION_COOKIE_HTTPONLY to True. Using an HttpOnly session cookie makes it more difficult for cross-site scripting attacks to hijack user sessions.
• security.W014: You have django.contrib.sessions.middleware.SessionMiddleware in your MIDDLEWARE, but you have not set SESSION_COOKIE_HTTPONLY to True. Using an HttpOnly session cookie makes it more difficult for cross-site scripting attacks to hijack user sessions.
• security.W015: SESSION_COOKIE_HTTPONLY is not set to True. Using an HttpOnly session cookie makes it more difficult for cross-site scripting attacks to hijack user sessions.
• security.W016: CSRF_COOKIE_SECURE is not set to True. Using a secure-only CSRF cookie makes it more difficult for network traffic sniffers to steal the CSRF token.
• security.W017: CSRF_COOKIE_HTTPONLY is not set to True. Using an HttpOnly CSRF cookie makes it more difficult for cross-site scripting attacks to steal the CSRF token. This check is removed in Django 1.11 as the CSRF_COOKIE_HTTPONLY setting offers no pratical benefit.
• security.W018: You should not have DEBUG set to True in deployment.
• security.W019: You have django.middleware.clickjacking.XFrameOptionsMiddleware in your MIDDLEWARE, but X_FRAME_OPTIONS is not set to 'DENY'. The default is 'SAMEORIGIN', but unless there is a good reason for your site to serve other parts of itself in a frame, you should change it to 'DENY'.
• security.W020: ALLOWED_HOSTS must not be empty in deployment.
• security.W021: You have not set the SECURE_HSTS_PRELOAD setting to True. Without this, your site cannot be submitted to the browser preload list.

信号¶

• signals.E001: <handler> was connected to the <signal> signal with a lazy reference to the sender <app label>.<model>, but app <app label> isn't installed or doesn't provide model <model>.

模板¶

The following checks verify that your TEMPLATES setting is correctly configured:

• templates.E001: You have 'APP_DIRS': True in your TEMPLATES but also specify 'loaders' in OPTIONS. Either remove APP_DIRS or remove the 'loaders' option.
• templates.E002: string_if_invalid in TEMPLATES OPTIONS must be a string but got: {value} ({type}).

翻译¶

The following checks are performed on your translation configuration:

• translation.E001: You have provided an invalid value for the LANGUAGE_CODE setting.

URLs¶

以下检查项针对你的 URL 配置执行：

• urls.W001: Your URL pattern <pattern> uses include() with a route ending with a $. Remove the dollar from the route to avoid problems including URLs.
• urls.W002: Your URL pattern <pattern> has a route beginning with a /. Remove this slash as it is unnecessary. If this pattern is targeted in an include(), ensure the include() pattern has a trailing /.
• urls.W003: Your URL pattern <pattern> has a name including a :. Remove the colon, to avoid ambiguous namespace references.
• urls.E004: Your URL pattern <pattern> is invalid. Ensure that urlpatterns is a list of path() and/or re_path() instances.
• urls.W005: URL namespace <namespace> isn't unique. You may not be able to reverse all URLs in this namespace.
• urls.E006: The MEDIA_URL/ STATIC_URL setting must end with a slash.
• urls.E007: The custom handlerXXX view 'path.to.view' does not take the correct number of arguments (…).
• urls.E008: The custom handlerXXX view 'path.to.view' could not be imported.

admin¶

后台检查项均作为 admin 标签的一部分执行。

以下检查项在每个通过后台站点注册的 ModelAdmin （或其子类）上执行。

• admin.E001： raw_id_fields 的值必须是个列表或元组。
• admin.E002： raw_id_fields[n] 的值指向 <field name>，它并不是 <model> 的属性。
• admin.E003： raw_id_fields[n] 的值必须是个外键或一个多对多字段。
• admin.E004： fields 的值必须是列表或元组。
• admin.E005： fieldsets 和 fields 都是定制的。
• admin.E006： fields 的值包含了重复字段。
• admin.E007： fieldsets 的值必须是个列表或元组。
• admin.E008： fieldsets[n] 的值必须是个列表或元组。
• admin.E009： fieldsets[n] 的值的长度必须是 2。
• admin.E010： fieldsets[n][1] 的值必须是个字典。
• admin.E011： fieldsets[n][1] 的值必须包含键 fields。
• admin.E012： fieldsets[n][1] 中有重复字段。
• admin.E013: fields[n]/fieldsets[n][m] cannot include the ManyToManyField <field name>, because that field manually specifies a relationship model.
• admin.E014： exclude 的值必须是个列表或元组。
• admin.E015： exclude 的值必须包含重复字段。
• admin.E016： form 的值必须继承自 BaseModelForm。
• admin.E017： filter_vertical 的值必须是个列表或元组。
• admin.E018： filter_horizontal 的值必须是个列表或元组。
• admin.E019: The value of filter_vertical[n]/filter_vertical[n] refers to <field name>, which is not an attribute of <model>.
• admin.E020: The value of filter_vertical[n]/filter_vertical[n] must be a many-to-many field.
• admin.E021: The value of radio_fields must be a dictionary.
• admin.E022: The value of radio_fields refers to <field name>, which is not an attribute of <model>.
• admin.E023: The value of radio_fields refers to <field name>, which is not a ForeignKey, and does not have a choices definition.
• admin.E024: The value of radio_fields[<field name>] must be either admin.HORIZONTAL or admin.VERTICAL.
• admin.E025: The value of view_on_site must be either a callable or a boolean value.
• admin.E026: The value of prepopulated_fields must be a dictionary.
• admin.E027: The value of prepopulated_fields refers to <field name>, which is not an attribute of <model>.
• admin.E028: The value of prepopulated_fields refers to <field name>, which must not be a DateTimeField, a ForeignKey, a OneToOneField, or a ManyToManyField field.
• admin.E029: The value of prepopulated_fields[<field name>] must be a list or tuple.
• admin.E030: The value of prepopulated_fields refers to <field name>, which is not an attribute of <model>.
• admin.E031: The value of ordering must be a list or tuple.
• admin.E032: The value of ordering has the random ordering marker ?, but contains other fields as well.
• admin.E033: The value of ordering refers to <field name>, which is not an attribute of <model>.
• admin.E034: The value of readonly_fields must be a list or tuple.
• admin.E035: The value of readonly_fields[n] is not a callable, an attribute of <ModelAdmin class>, or an attribute of <model>.
• admin.E036: The value of autocomplete_fields must be a list or tuple.
• admin.E037: The value of autocomplete_fields[n] refers to <field name>, which is not an attribute of <model>.
• admin.E038: The value of autocomplete_fields[n] must be a foreign key or a many-to-many field.
• admin.E039: An admin for model <model> has to be registered to be referenced by <modeladmin>.autocomplete_fields.
• admin.E040: <modeladmin> must define search_fields, because it's referenced by <other_modeladmin>.autocomplete_fields.

auth¶

• auth.E001: REQUIRED_FIELDS must be a list or tuple.
• auth.E002: The field named as the USERNAME_FIELD for a custom user model must not be included in REQUIRED_FIELDS.
• auth.E003: <field> must be unique because it is named as the USERNAME_FIELD.
• auth.W004: <field> is named as the USERNAME_FIELD, but it is not unique.
• auth.E005: The permission codenamed <codename> clashes with a builtin permission for model <model>.
• auth.E006: The permission codenamed <codename> is duplicated for model <model>.
• auth.E007: The verbose_name of model <model> must be at most 244 characters for its builtin permission names to be at most 255 characters.
• auth.E008: The permission named <name> of model <model> is longer than 255 characters.
• auth.C009: <User model>.is_anonymous must be an attribute or property rather than a method. Ignoring this is a security issue as anonymous users will be treated as authenticated!
• auth.C010: <User model>.is_authenticated must be an attribute or property rather than a method. Ignoring this is a security issue as anonymous users will be treated as authenticated!

contenttypes¶

The following checks are performed when a model contains a GenericForeignKey or GenericRelation:

• contenttypes.E001: The GenericForeignKey object ID references the nonexistent field <field>.
• contenttypes.E002: The GenericForeignKey content type references the nonexistent field <field>.
• contenttypes.E003: <field> is not a ForeignKey.
• contenttypes.E004: <field> is not a ForeignKey to contenttypes.ContentType.
• contenttypes.E005: Model names must be at most 100 characters.

postgres¶

The following checks are performed on django.contrib.postgres model fields:

• postgres.E001: Base field for array has errors: ...
• postgres.E002: Base field for array cannot be a related field.
• postgres.E003: <field> default should be a callable instead of an instance so that it's not shared between all field instances.

sites¶

The following checks are performed on any model using a CurrentSiteManager:

• sites.E001: CurrentSiteManager could not find a field named <field name>.
• sites.E002: CurrentSiteManager cannot use <field> as it is not a foreign key or a many-to-many field.

staticfiles¶

The following checks verify that django.contrib.staticfiles is correctly configured:

• staticfiles.E001: The STATICFILES_DIRS setting is not a tuple or list.
• staticfiles.E002: The STATICFILES_DIRS setting should not contain the STATIC_ROOT setting.
• staticfiles.E003: The prefix <prefix> in the STATICFILES_DIRS setting must not end with a slash.