System check framework

The system check framework is a set of static checks for validating Django projects. It detects common problems and provides hints for how to fix them. The framework is extensible so you can easily add your own checks.

For details on how to add your own checks and integrate them with Django’s system checks, see the System check topic guide.

API reference

CheckMessage

class CheckMessage(level, msg, hint=None, obj=None, id=None)[source]

The warnings and errors raised by system checks must be instances of CheckMessage. An instance encapsulates a single reportable error or warning. It also provides context and hints applicable to the message, and a unique identifier that is used for filtering purposes.

Constructor arguments are:

level
The severity of the message. Use one of the predefined values: DEBUG, INFO, WARNING, ERROR, CRITICAL. If the level is greater or equal to ERROR, then Django will prevent management commands from executing. Messages with level lower than ERROR (i.e. warnings) are reported to the console, but can be silenced.
msg
A short (less than 80 characters) string describing the problem. The string should not contain newlines.
hint
A single-line string providing a hint for fixing the problem. If no hint can be provided, or the hint is self-evident from the error message, the hint can be omitted, or a value of None can be used.
obj
Optional. An object providing context for the message (for example, the model where the problem was discovered). The object should be a model, field, or manager or any other object that defines __str__ method (on Python 2 you need to define __unicode__ method). The method is used while reporting all messages and its result precedes the message.
id
Optional string. A unique identifier for the issue. Identifiers should follow the pattern applabel.X001, where X is one of the letters CEWID, indicating the message severity (C for criticals, E for errors and so). The number can be allocated by the application, but should be unique within that application.

There are subclasses to make creating messages with common levels easier. When using them you can omit the level argument because it is implied by the class name.

class Debug(msg, hint=None, obj=None, id=None)[source]
class Info(msg, hint=None, obj=None, id=None)[source]
class Warning(msg, hint=None obj=None, id=None)[source]
class Error(msg, hint=None, obj=None, id=None)[source]
class Critical(msg, hint=None, obj=None, id=None)[source]

Builtin tags

Django’s system checks are organized using the following tags:

  • admin: Checks of any admin site declarations.
  • caches: Checks cache related configuration.
  • compatibility: Flags potential problems with version upgrades.
  • database: Checks database-related configuration issues. Database checks are not run by default because they do more than static code analysis as regular checks do. They are only run by the migrate command or if you specify the database tag when calling the check command.
  • models: Checks of model, field, and manager definitions.
  • security: Checks security related configuration.
  • signals: Checks on signal declarations and handler registrations.
  • templates: Checks template related configuration.
  • urls: Checks URL configuration.

Some checks may be registered with multiple tags.

Core system checks

Backwards compatibility

The following checks are performed to warn the user of any potential problems that might occur as a result of a version upgrade.

  • 1_6.W001: Some project unit tests may not execute as expected. This check was removed in Django 1.8 due to false positives.
  • 1_6.W002: BooleanField does not have a default value. This check was removed in Django 1.8 due to false positives.
  • 1_7.W001: Django 1.7 changed the global defaults for the MIDDLEWARE_CLASSES. django.contrib.sessions.middleware.SessionMiddleware, django.contrib.auth.middleware.AuthenticationMiddleware, and django.contrib.messages.middleware.MessageMiddleware were removed from the defaults. If your project needs these middleware then you should configure this setting. This check was removed in Django 1.9.
  • 1_8.W001: The standalone TEMPLATE_* settings were deprecated in Django 1.8 and the TEMPLATES dictionary takes precedence. You must put the values of the following settings into your defaults TEMPLATES dict: TEMPLATE_DIRS, TEMPLATE_CONTEXT_PROCESSORS, TEMPLATE_DEBUG, TEMPLATE_LOADERS, TEMPLATE_STRING_IF_INVALID.
  • 1_10.W001: The MIDDLEWARE_CLASSES setting is deprecated in Django 1.10 and the MIDDLEWARE setting takes precedence. Since you’ve set MIDDLEWARE, the value of MIDDLEWARE_CLASSES is ignored.

Caches

The following checks verify that your CACHES setting is correctly configured:

  • caches.E001: You must define a 'default' cache in your CACHES setting.

Database

MySQL

If you’re using MySQL, the following checks will be performed:

  • mysql.E001: MySQL does not allow unique CharFields to have a max_length > 255.
  • mysql.W002: MySQL Strict Mode is not set for database connection ‘<alias>’. See also Setting sql_mode.

Model fields

  • fields.E001: Field names must not end with an underscore.
  • fields.E002: Field names must not contain "__".
  • fields.E003: pk is a reserved word that cannot be used as a field name.
  • fields.E004: choices must be an iterable (e.g., a list or tuple).
  • fields.E005: choices must be an iterable returning (actual value, human readable name) tuples.
  • fields.E006: db_index must be None, True or False.
  • fields.E007: Primary keys must not have null=True.
  • fields.E100: AutoFields must set primary_key=True.
  • fields.E110: BooleanFields do not accept null values.
  • fields.E120: CharFields must define a max_length attribute.
  • fields.E121: max_length must be a positive integer.
  • fields.W122: max_length is ignored when used with IntegerField.
  • fields.E130: DecimalFields must define a decimal_places attribute.
  • fields.E131: decimal_places must be a non-negative integer.
  • fields.E132: DecimalFields must define a max_digits attribute.
  • fields.E133: max_digits must be a non-negative integer.
  • fields.E134: max_digits must be greater or equal to decimal_places.
  • fields.E140: FilePathFields must have either allow_files or allow_folders set to True.
  • fields.E150: GenericIPAddressFields cannot accept blank values if null values are not allowed, as blank values are stored as nulls.
  • fields.E160: The options auto_now, auto_now_add, and default are mutually exclusive. Only one of these options may be present.
  • fields.W161: Fixed default value provided.
  • fields.E900: IPAddressField has been removed except for support in historical migrations.
  • fields.W900: IPAddressField has been deprecated. Support for it (except in historical migrations) will be removed in Django 1.9. This check appeared in Django 1.7 and 1.8.
  • fields.W901: CommaSeparatedIntegerField has been deprecated. Support for it (except in historical migrations) will be removed in Django 2.0.

File fields

  • fields.E200: unique is not a valid argument for a FileField. This check is removed in Django 1.11.
  • fields.E201: primary_key is not a valid argument for a FileField.
  • fields.E202: FileField’s upload_to argument must be a relative path, not an absolute path.
  • fields.E210: Cannot use ImageField because Pillow is not installed.

Models

  • models.E001: <swappable> is not of the form app_label.app_name.
  • models.E002: <SETTING> references <model>, which has not been installed, or is abstract.
  • models.E003: The model has two many-to-many relations through the intermediate model <app_label>.<model>.
  • models.E004: id can only be used as a field name if the field also sets primary_key=True.
  • models.E005: The field <field name> from parent model <model> clashes with the field <field name> from parent model <model>.
  • models.E006: The field clashes with the field <field name> from model <model>.
  • models.E007: Field <field name> has column name <column name> that is used by another field.
  • models.E008: index_together must be a list or tuple.
  • models.E009: All index_together elements must be lists or tuples.
  • models.E010: unique_together must be a list or tuple.
  • models.E011: All unique_together elements must be lists or tuples.
  • models.E012: index_together/unique_together refers to the non-existent field <field name>.
  • models.E013: index_together/unique_together refers to a ManyToManyField <field name>, but ManyToManyFields are not supported for that option.
  • models.E014: ordering must be a tuple or list (even if you want to order by only one field).
  • models.E015: ordering refers to the non-existent field <field name>.
  • models.E016: index_together/unique_together refers to field <field_name> which is not local to model <model>.
  • models.E017: Proxy model <model> contains model fields.
  • models.E018: Autogenerated column name too long for field <field>. Maximum length is <maximum length> for database <alias>.
  • models.E019: Autogenerated column name too long for M2M field <M2M field>. Maximum length is <maximum length> for database <alias>.
  • models.E020: The <model>.check() class method is currently overridden.
  • models.E021: ordering and order_with_respect_to cannot be used together.
  • models.E022: <function> contains a lazy reference to <app label>.<model>, but app <app label> isn’t installed or doesn’t provide model <model>.
  • models.E023: The model name <model> cannot start or end with an underscore as it collides with the query lookup syntax.
  • models.E024: The model name <model> cannot contain double underscores as it collides with the query lookup syntax.

Security

The security checks do not make your site secure. They do not audit code, do intrusion detection, or do anything particularly complex. Rather, they help perform an automated, low-hanging-fruit checklist. They help you remember the simple things that improve your site’s security.

Some of these checks may not be appropriate for your particular deployment configuration. For instance, if you do your HTTP to HTTPS redirection in a load balancer, it’d be irritating to be constantly warned about not having enabled SECURE_SSL_REDIRECT. Use SILENCED_SYSTEM_CHECKS to silence unneeded checks.

The following checks are run if you use the check --deploy option:

Signals

  • signals.E001: <handler> was connected to the <signal> signal with a lazy reference to the sender <app label>.<model>, but app <app label> isn’t installed or doesn’t provide model <model>.

Templates

The following checks verify that your TEMPLATES setting is correctly configured:

  • templates.E001: You have 'APP_DIRS': True in your TEMPLATES but also specify 'loaders' in OPTIONS. Either remove APP_DIRS or remove the 'loaders' option.
  • templates.E002: string_if_invalid in TEMPLATES OPTIONS must be a string but got: {value} ({type}).

URLs

The following checks are performed on your URL configuration:

  • urls.W001: Your URL pattern <pattern> uses include() with a regex ending with a $. Remove the dollar from the regex to avoid problems including URLs.
  • urls.W002: Your URL pattern <pattern> has a regex beginning with a /. Remove this slash as it is unnecessary. If this pattern is targeted in an include(), ensure the include() pattern has a trailing /.
  • urls.W003: Your URL pattern <pattern> has a name including a :. Remove the colon, to avoid ambiguous namespace references.
  • urls.E004: Your URL pattern <pattern> is invalid. Ensure that urlpatterns is a list of url() instances.
  • urls.W005: URL namespace <namespace> isn’t unique. You may not be able to reverse all URLs in this namespace.
  • urls.E006: The MEDIA_URL/ STATIC_URL setting must end with a slash.

contrib app checks

admin

Admin checks are all performed as part of the admin tag.

The following checks are performed on any ModelAdmin (or subclass) that is registered with the admin site:

  • admin.E001: The value of raw_id_fields must be a list or tuple.
  • admin.E002: The value of raw_id_fields[n] refers to <field name>, which is not an attribute of <model>.
  • admin.E003: The value of raw_id_fields[n] must be a foreign key or a many-to-many field.
  • admin.E004: The value of fields must be a list or tuple.
  • admin.E005: Both fieldsets and fields are specified.
  • admin.E006: The value of fields contains duplicate field(s).
  • admin.E007: The value of fieldsets must be a list or tuple.
  • admin.E008: The value of fieldsets[n] must be a list or tuple.
  • admin.E009: The value of fieldsets[n] must be of length 2.
  • admin.E010: The value of fieldsets[n][1] must be a dictionary.
  • admin.E011: The value of fieldsets[n][1] must contain the key fields.
  • admin.E012: There are duplicate field(s) in fieldsets[n][1].
  • admin.E013: fields[n]/fieldsets[n][m] cannot include the ManyToManyField <field name>, because that field manually specifies a relationship model.
  • admin.E014: The value of exclude must be a list or tuple.
  • admin.E015: The value of exclude contains duplicate field(s).
  • admin.E016: The value of form must inherit from BaseModelForm.
  • admin.E017: The value of filter_vertical must be a list or tuple.
  • admin.E018: The value of filter_horizontal must be a list or tuple.
  • admin.E019: The value of filter_vertical[n]/filter_vertical[n] refers to <field name>, which is not an attribute of <model>.
  • admin.E020: The value of filter_vertical[n]/filter_vertical[n] must be a many-to-many field.
  • admin.E021: The value of radio_fields must be a dictionary.
  • admin.E022: The value of radio_fields refers to <field name>, which is not an attribute of <model>.
  • admin.E023: The value of radio_fields refers to <field name>, which is not a ForeignKey, and does not have a choices definition.
  • admin.E024: The value of radio_fields[<field name>] must be either admin.HORIZONTAL or admin.VERTICAL.
  • admin.E025: The value of view_on_site must be either a callable or a boolean value.
  • admin.E026: The value of prepopulated_fields must be a dictionary.
  • admin.E027: The value of prepopulated_fields refers to <field name>, which is not an attribute of <model>.
  • admin.E028: The value of prepopulated_fields refers to <field name>, which must not be a DateTimeField, a ForeignKey, a OneToOneField, or a ManyToManyField field.
  • admin.E029: The value of prepopulated_fields[<field name>] must be a list or tuple.
  • admin.E030: The value of prepopulated_fields refers to <field name>, which is not an attribute of <model>.
  • admin.E031: The value of ordering must be a list or tuple.
  • admin.E032: The value of ordering has the random ordering marker ?, but contains other fields as well.
  • admin.E033: The value of ordering refers to <field name>, which is not an attribute of <model>.
  • admin.E034: The value of readonly_fields must be a list or tuple.
  • admin.E035: The value of readonly_fields[n] is not a callable, an attribute of <ModelAdmin class>, or an attribute of <model>.

ModelAdmin

The following checks are performed on any ModelAdmin that is registered with the admin site:

  • admin.E101: The value of save_as must be a boolean.
  • admin.E102: The value of save_on_top must be a boolean.
  • admin.E103: The value of inlines must be a list or tuple.
  • admin.E104: <InlineModelAdmin class> must inherit from InlineModelAdmin.
  • admin.E105: <InlineModelAdmin class> must have a model attribute.
  • admin.E106: The value of <InlineModelAdmin class>.model must be a Model.
  • admin.E107: The value of list_display must be a list or tuple.
  • admin.E108: The value of list_display[n] refers to <label>, which is not a callable, an attribute of <ModelAdmin class>, or an attribute or method on <model>.
  • admin.E109: The value of list_display[n] must not be a ManyToManyField field.
  • admin.E110: The value of list_display_links must be a list, a tuple, or None.
  • admin.E111: The value of list_display_links[n] refers to <label>, which is not defined in list_display.
  • admin.E112: The value of list_filter must be a list or tuple.
  • admin.E113: The value of list_filter[n] must inherit from ListFilter.
  • admin.E114: The value of list_filter[n] must not inherit from FieldListFilter.
  • admin.E115: The value of list_filter[n][1] must inherit from FieldListFilter.
  • admin.E116: The value of list_filter[n] refers to <label>, which does not refer to a Field.
  • admin.E117: The value of list_select_related must be a boolean, tuple or list.
  • admin.E118: The value of list_per_page must be an integer.
  • admin.E119: The value of list_max_show_all must be an integer.
  • admin.E120: The value of list_editable must be a list or tuple.
  • admin.E121: The value of list_editable[n] refers to <label>, which is not an attribute of <model>.
  • admin.E122: The value of list_editable[n] refers to <label>, which is not contained in list_display.
  • admin.E123: The value of list_editable[n] cannot be in both list_editable and list_display_links.
  • admin.E124: The value of list_editable[n] refers to the first field in list_display (<label>), which cannot be used unless list_display_links is set.
  • admin.E125: The value of list_editable[n] refers to <field name>, which is not editable through the admin.
  • admin.E126: The value of search_fields must be a list or tuple.
  • admin.E127: The value of date_hierarchy refers to <field name>, which does not refer to a Field.
  • admin.E128: The value of date_hierarchy must be a DateField or DateTimeField.

InlineModelAdmin

The following checks are performed on any InlineModelAdmin that is registered as an inline on a ModelAdmin.

  • admin.E201: Cannot exclude the field <field name>, because it is the foreign key to the parent model <app_label>.<model>.
  • admin.E202: <model> has no ForeignKey to <parent model>./ <model> has more than one ForeignKey to <parent model>.
  • admin.E203: The value of extra must be an integer.
  • admin.E204: The value of max_num must be an integer.
  • admin.E205: The value of min_num must be an integer.
  • admin.E206: The value of formset must inherit from BaseModelFormSet.

GenericInlineModelAdmin

The following checks are performed on any GenericInlineModelAdmin that is registered as an inline on a ModelAdmin.

  • admin.E301: 'ct_field' references <label>, which is not a field on <model>.
  • admin.E302: 'ct_fk_field' references <label>, which is not a field on <model>.
  • admin.E303: <model> has no GenericForeignKey.
  • admin.E304: <model> has no GenericForeignKey using content type field <field name> and object ID field <field name>.

AdminSite

The following checks are performed on the default AdminSite:

auth

  • auth.E001: REQUIRED_FIELDS must be a list or tuple.
  • auth.E002: The field named as the USERNAME_FIELD for a custom user model must not be included in REQUIRED_FIELDS.
  • auth.E003: <field> must be unique because it is named as the USERNAME_FIELD.
  • auth.W004: <field> is named as the USERNAME_FIELD, but it is not unique.
  • auth.E005: The permission codenamed <codename> clashes with a builtin permission for model <model>.
  • auth.E006: The permission codenamed <codename> is duplicated for model <model>.
  • auth.E007: The verbose_name of model <model> must be at most 244 characters for its builtin permission names to be at most 255 characters.
  • auth.E008: The permission named <name> of model <model> is longer than 255 characters.
  • auth.C009: <User model>.is_anonymous must be an attribute or property rather than a method. Ignoring this is a security issue as anonymous users will be treated as authenticated!
  • auth.C010: <User model>.is_authenticated must be an attribute or property rather than a method. Ignoring this is a security issue as anonymous users will be treated as authenticated!

contenttypes

The following checks are performed when a model contains a GenericForeignKey or GenericRelation:

  • contenttypes.E001: The GenericForeignKey object ID references the non-existent field <field>.
  • contenttypes.E002: The GenericForeignKey content type references the non-existent field <field>.
  • contenttypes.E003: <field> is not a ForeignKey.
  • contenttypes.E004: <field> is not a ForeignKey to contenttypes.ContentType.

sites

The following checks are performed on any model using a CurrentSiteManager:

  • sites.E001: CurrentSiteManager could not find a field named <field name>.
  • sites.E002: CurrentSiteManager cannot use <field> as it is not a foreign key or a many-to-many field.