mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2024-12-22 17:16:24 +00:00
Code Issues 25 Releases Wiki Activity

Improved view_tests.tests.test_debug.ExceptionReporterFilterTests.

Browse Source
This commit is contained in:
Natalia 2024-07-31 11:35:45 -03:00 committed by nessita
parent 1eac690d25
commit 615c80aba6
1 changed files with 39 additions and 31 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

70
tests/view_tests/tests/test_debug.py
View File

@ -1552,6 +1552,13 @@ class ExceptionReporterFilterTests(
"""
rf = RequestFactory()
sensitive_settings = [
"SECRET_KEY",
"SECRET_KEY_FALLBACKS",
"PASSWORD",
"API_KEY",
"AUTH_TOKEN",
]
def test_non_sensitive_request(self):
"""
@ -1774,42 +1781,30 @@ class ExceptionReporterFilterTests(
The debug page should not show some sensitive settings
(password, secret key, ...).
"""
sensitive_settings = [
"SECRET_KEY",
"SECRET_KEY_FALLBACKS",
"PASSWORD",
"API_KEY",
"AUTH_TOKEN",
]
for setting in sensitive_settings:
with self.settings(DEBUG=True, **{setting: "should not be displayed"}):
response = self.client.get("/raises500/")
self.assertNotContains(
response, "should not be displayed", status_code=500
)
for setting in self.sensitive_settings:
with self.subTest(setting=setting):
with self.settings(DEBUG=True, **{setting: "should not be displayed"}):
response = self.client.get("/raises500/")
self.assertNotContains(
response, "should not be displayed", status_code=500
)
def test_settings_with_sensitive_keys(self):
"""
The debug page should filter out some sensitive information found in
dict settings.
"""
sensitive_settings = [
"SECRET_KEY",
"SECRET_KEY_FALLBACKS",
"PASSWORD",
"API_KEY",
"AUTH_TOKEN",
]
for setting in sensitive_settings:
for setting in self.sensitive_settings:
FOOBAR = {
setting: "should not be displayed",
"recursive": {setting: "should not be displayed"},
}
with self.settings(DEBUG=True, FOOBAR=FOOBAR):
response = self.client.get("/raises500/")
self.assertNotContains(
response, "should not be displayed", status_code=500
)
with self.subTest(setting=setting):
with self.settings(DEBUG=True, FOOBAR=FOOBAR):
response = self.client.get("/raises500/")
self.assertNotContains(
response, "should not be displayed", status_code=500
)
def test_cleanse_setting_basic(self):
reporter_filter = SafeExceptionReporterFilter()
@ -1883,10 +1878,25 @@ class ExceptionReporterFilterTests(
)
def test_request_meta_filtering(self):
request = self.rf.get("/", headers={"secret-header": "super_secret"})
headers = {
"API_URL": "super secret",
"A_SIGNATURE_VALUE": "super secret",
"MY_KEY": "super secret",
"PASSWORD": "super secret",
"SECRET_VALUE": "super secret",
"SOME_TOKEN": "super secret",
}
request = self.rf.get("/", headers=headers)
reporter_filter = SafeExceptionReporterFilter()
cleansed_headers = reporter_filter.get_safe_request_meta(request)
for header in headers:
with self.subTest(header=header):
self.assertEqual(
cleansed_headers[f"HTTP_{header}"],
reporter_filter.cleansed_substitute,
)
self.assertEqual(
reporter_filter.get_safe_request_meta(request)["HTTP_SECRET_HEADER"],
cleansed_headers["HTTP_COOKIE"],
reporter_filter.cleansed_substitute,
)
@ -1910,9 +1920,7 @@ class ExceptionReporterFilterTests(
class CustomExceptionReporterFilter(SafeExceptionReporterFilter):
cleansed_substitute = "XXXXXXXXXXXXXXXXXXXX"
hidden_settings = _lazy_re_compile(
"API|TOKEN|KEY|SECRET|PASS|SIGNATURE|DATABASE_URL", flags=re.I
)
hidden_settings = _lazy_re_compile("PASS|DATABASE", flags=re.I)
@override_settings(