fix(asyncpg): Add db.query.text to streamed query spans#6633
4 issues
Low
Newly defined DB_QUERY_TEXT constant is not used in the implementation that sets the attribute - `sentry_sdk/consts.py:519-525`
The SPANDATA.DB_QUERY_TEXT constant defined here is not used in tracing_utils.py where the attribute is actually written — instead, the hardcoded string "db.query.text" is used directly (line ~169). Consider using SPANDATA.DB_QUERY_TEXT there for consistency and to avoid a silent mismatch if the constant value is ever updated.
`db.query.text` set via string literal instead of newly-added `SPANDATA.DB_QUERY_TEXT` constant - `sentry_sdk/tracing_utils.py:169`
The same PR adds SPANDATA.DB_QUERY_TEXT = "db.query.text" in consts.py, but tracing_utils.py uses the raw string literal instead — if the constant's value ever changes, this site won't be updated automatically.
_assert_query_source only verifies fetchrow_span_2, silently dropping fetchrow_span_1 check - `tests/integrations/asyncpg/test_asyncpg.py:1577`
The refactored _assert_query_source call at the end of the function uses span leaked from the for-loop, which is always fetchrow_span_2 — the original code called _assert_query_source for both fetchrow spans inside the loop, but that check for fetchrow_span_1 is now missing.
`_assert_query_source` only validates `fetchrow_span_2`, silently skipping `fetchrow_span_1` - `tests/integrations/asyncpg/test_asyncpg.py:1577-1581`
_assert_query_source is called once outside the if/else block using the last loop variable span (always fetchrow_span_2); fetchrow_span_1 is never verified to have query source attributes, so a bug where the first fetch span lacks code-location data would go undetected.
4 skills analyzed
| Skill | Findings | Duration | Cost |
|---|---|---|---|
| security-review | 0 | 20.3s | $0.04 |
| code-review | 3 | 2m 48s | $0.61 |
| find-bugs | 1 | 5m 59s | $1.03 |
| skill-scanner | 0 | - | - |
⏱ 9m 7s · 1.1M in / 50.6k out · $1.68