python.django.performance.upsell_earliest_latest.use-earliest-or-latest

profile photo of semgrepsemgrep
Author
9,905
Download Count*

Looks like you are only accessing first element of an ordered QuerySet. Use latest() or earliest() instead. See https://docs.djangoproject.com/en/3.0/ref/models/querysets/#django.db.models.query.QuerySet.latest

Run Locally

Run in CI

Defintion

rules:
  - id: use-earliest-or-latest
    message: Looks like you are only accessing first element of an ordered QuerySet.
      Use `latest()` or `earliest()` instead. See
      https://docs.djangoproject.com/en/3.0/ref/models/querysets/#django.db.models.query.QuerySet.latest
    languages:
      - python
    severity: ERROR
    pattern-either:
      - pattern: $X.objects.order_by(...)[0]
      - pattern: $X.objects.$FUNC(...).order_by(...)[0]
      - pattern: $X.objects.$FUNC(...).$FILTER(...).order_by(...)[0]
    metadata:
      category: performance
      technology:
        - django
      license: Commons Clause License Condition v1.0[LGPL-2.1-only]

Examples

upsell_earliest_latest.py

# ruleid:use-earliest-or-latest
Entry.objects.order_by()[0]
# OK
Entry.objects.order_by()[1]

# ruleid:use-earliest-or-latest
Entry.objects.all().order_by('foo')[0]
# OK
Entry.objects.all().order_by('foo')[1]

# ruleid:use-earliest-or-latest
Entry.objects.all().filter().order_by('foo')[0]
# OK
Entry.objects.all().filter().order_by('foo')[1]

def order_by(foo: str): pass
# OK
order_by("testing")