From 062278ef185c73217a61c73d6d11fb878e121f80 Mon Sep 17 00:00:00 2001
From: Jiseok CHOI <jiseok.dev@gmail.com>
Date: Wed, 16 Jul 2025 00:14:03 +0900
Subject: [PATCH] Reject SQL queries containing null characters

---
 Lib/test/test_sqlite3/test_regression.py | 2 --
 stdlib/src/sqlite.rs                     | 6 ++++++
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/Lib/test/test_sqlite3/test_regression.py b/Lib/test/test_sqlite3/test_regression.py
index 870958ceee5..ab265b18058 100644
--- a/Lib/test/test_sqlite3/test_regression.py
+++ b/Lib/test/test_sqlite3/test_regression.py
@@ -329,8 +329,6 @@ def test_invalid_isolation_level_type(self):
                           sqlite.connect, ":memory:", isolation_level=123)
 
 
-    # TODO: RUSTPYTHON
-    @unittest.expectedFailure
     def test_null_character(self):
         # Issue #21147
         cur = self.con.cursor()
diff --git a/stdlib/src/sqlite.rs b/stdlib/src/sqlite.rs
index 4e9620eeabd..f583a0b0b97 100644
--- a/stdlib/src/sqlite.rs
+++ b/stdlib/src/sqlite.rs
@@ -2295,6 +2295,12 @@ mod _sqlite {
             vm: &VirtualMachine,
         ) -> PyResult<Option<Self>> {
             let sql = sql.try_into_utf8(vm)?;
+            if sql.as_str().contains('\0') {
+                return Err(new_programming_error(
+                    vm,
+                    "statement contains a null character.".to_owned(),
+                ));
+            }
             let sql_cstr = sql.to_cstring(vm)?;
             let sql_len = sql.byte_len() + 1;