mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-01-03 15:06:09 +00:00
Code Issues 30 Releases Wiki Activity

Improved view_tests.tests.test_debug.ExceptionReporterFilterTests.

Browse Source
This commit is contained in:
Natalia 2024-07-31 11:35:45 -03:00 committed by nessita
parent 1eac690d25
commit 615c80aba6
1 changed files with 39 additions and 31 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

50
tests/view_tests/tests/test_debug.py
View File

@ -1552,6 +1552,13 @@ class ExceptionReporterFilterTests(
""" """
rf = RequestFactory() rf = RequestFactory()
sensitive_settings = [
"SECRET_KEY",
"SECRET_KEY_FALLBACKS",
"PASSWORD",
"API_KEY",
"AUTH_TOKEN",
]
def test_non_sensitive_request(self): def test_non_sensitive_request(self):
""" """
@ -1774,14 +1781,8 @@ class ExceptionReporterFilterTests(
The debug page should not show some sensitive settings The debug page should not show some sensitive settings
(password, secret key, ...). (password, secret key, ...).
""" """
sensitive_settings = [ for setting in self.sensitive_settings:
"SECRET_KEY", with self.subTest(setting=setting):
"SECRET_KEY_FALLBACKS",
"PASSWORD",
"API_KEY",
"AUTH_TOKEN",
]
for setting in sensitive_settings:
with self.settings(DEBUG=True, **{setting: "should not be displayed"}): with self.settings(DEBUG=True, **{setting: "should not be displayed"}):
response = self.client.get("/raises500/") response = self.client.get("/raises500/")
self.assertNotContains( self.assertNotContains(
@ -1793,18 +1794,12 @@ class ExceptionReporterFilterTests(
The debug page should filter out some sensitive information found in The debug page should filter out some sensitive information found in
dict settings. dict settings.
""" """
sensitive_settings = [ for setting in self.sensitive_settings:
"SECRET_KEY",
"SECRET_KEY_FALLBACKS",
"PASSWORD",
"API_KEY",
"AUTH_TOKEN",
]
for setting in sensitive_settings:
FOOBAR = { FOOBAR = {
setting: "should not be displayed", setting: "should not be displayed",
"recursive": {setting: "should not be displayed"}, "recursive": {setting: "should not be displayed"},
} }
with self.subTest(setting=setting):
with self.settings(DEBUG=True, FOOBAR=FOOBAR): with self.settings(DEBUG=True, FOOBAR=FOOBAR):
response = self.client.get("/raises500/") response = self.client.get("/raises500/")
self.assertNotContains( self.assertNotContains(
@ -1883,10 +1878,25 @@ class ExceptionReporterFilterTests(
) )
def test_request_meta_filtering(self): def test_request_meta_filtering(self):
request = self.rf.get("/", headers={"secret-header": "super_secret"}) headers = {
"API_URL": "super secret",
"A_SIGNATURE_VALUE": "super secret",
"MY_KEY": "super secret",
"PASSWORD": "super secret",
"SECRET_VALUE": "super secret",
"SOME_TOKEN": "super secret",
}
request = self.rf.get("/", headers=headers)
reporter_filter = SafeExceptionReporterFilter() reporter_filter = SafeExceptionReporterFilter()
cleansed_headers = reporter_filter.get_safe_request_meta(request)
for header in headers:
with self.subTest(header=header):
self.assertEqual( self.assertEqual(
reporter_filter.get_safe_request_meta(request)["HTTP_SECRET_HEADER"], cleansed_headers[f"HTTP_{header}"],
reporter_filter.cleansed_substitute,
)
self.assertEqual(
cleansed_headers["HTTP_COOKIE"],
reporter_filter.cleansed_substitute, reporter_filter.cleansed_substitute,
) )
@ -1910,9 +1920,7 @@ class ExceptionReporterFilterTests(
class CustomExceptionReporterFilter(SafeExceptionReporterFilter): class CustomExceptionReporterFilter(SafeExceptionReporterFilter):
cleansed_substitute = "XXXXXXXXXXXXXXXXXXXX" cleansed_substitute = "XXXXXXXXXXXXXXXXXXXX"
hidden_settings = _lazy_re_compile( hidden_settings = _lazy_re_compile("PASS|DATABASE", flags=re.I)
"API|TOKEN|KEY|SECRET|PASS|SIGNATURE|DATABASE_URL", flags=re.I
)
@override_settings( @override_settings(