From cffd76b324518cb75514ba1e47ff03be1f075ada Mon Sep 17 00:00:00 2001
From: Andy Shapiro <shapiromatron@gmail.com>
Date: Sat, 26 Aug 2023 23:32:10 -0400
Subject: [PATCH] clean null string from autocomplete query

---
 hawc/apps/common/autocomplete/views.py      |  9 ++++++++-
 tests/hawc/apps/common/test_autocomplete.py | 11 +++++++++++
 2 files changed, 19 insertions(+), 1 deletion(-)
 create mode 100644 tests/hawc/apps/common/test_autocomplete.py

diff --git a/hawc/apps/common/autocomplete/views.py b/hawc/apps/common/autocomplete/views.py
index 04894b6921..b90e1d31a8 100644
--- a/hawc/apps/common/autocomplete/views.py
+++ b/hawc/apps/common/autocomplete/views.py
@@ -53,10 +53,17 @@ def get_base_queryset(cls, filters: dict | None = None):
         qs = cls.model.objects.all()
         return qs.filter(**filters)
 
+    def _clean_query(self):
+        self.qry = self.request.GET.dict()
+        if "q" in self.qry:
+            self.qry["q"] = self.qry["q"].replace("\0", "")
+        self.q = self.q.replace("\0", "")
+
     def get_queryset(self):
+        self._clean_query()
         # get base queryset
         try:
-            qs = self.get_base_queryset(self.request.GET)
+            qs = self.get_base_queryset(self.qry)
         except ValueError:
             raise BadRequest("Invalid filter parameters")
 
diff --git a/tests/hawc/apps/common/test_autocomplete.py b/tests/hawc/apps/common/test_autocomplete.py
new file mode 100644
index 0000000000..8b9bc6d618
--- /dev/null
+++ b/tests/hawc/apps/common/test_autocomplete.py
@@ -0,0 +1,11 @@
+import pytest
+from django.test.client import Client
+
+
+@pytest.mark.django_db
+def test_null_query():
+    # check that null string, q=\0 or q=%00 is cleaned
+    url = "/autocomplete/assessment-dsstoxautocomplete/"
+    client = Client()
+    resp = client.get(url + "?q=\0")
+    assert resp.status_code == 200