diff options
| author | Carlton Gibson <carlton.gibson@noumenal.es> | 2020-01-09 11:37:19 +0100 |
|---|---|---|
| committer | Mariusz Felisiak <felisiak.mariusz@gmail.com> | 2020-01-10 11:35:41 +0100 |
| commit | e2d9d66a22f9004c0349f6aa9f8762fa558bdee8 (patch) | |
| tree | 6066d3aab3769c16ff9a970b244d9154e5672189 /tests | |
| parent | 581ba5a9486ed73cb81031d85b3ce1b27a960109 (diff) | |
Fixed #23004 -- Added request.META filtering to SafeExceptionReporterFilter.
Co-authored-by: Ryan Castner <castner.rr@gmail.com>
Diffstat (limited to 'tests')
| -rw-r--r-- | tests/view_tests/tests/test_debug.py | 18 |
1 files changed, 18 insertions, 0 deletions
diff --git a/tests/view_tests/tests/test_debug.py b/tests/view_tests/tests/test_debug.py index 9becfc77d0..020af1a19c 100644 --- a/tests/view_tests/tests/test_debug.py +++ b/tests/view_tests/tests/test_debug.py @@ -1224,6 +1224,24 @@ class ExceptionReporterFilterTests(ExceptionReportTestMixin, LoggingCaptureMixin {'login': 'cooper', 'password': reporter_filter.cleansed_substitute}, ) + def test_request_meta_filtering(self): + request = self.rf.get('/', HTTP_SECRET_HEADER='super_secret') + reporter_filter = SafeExceptionReporterFilter() + self.assertEqual( + reporter_filter.get_safe_request_meta(request)['HTTP_SECRET_HEADER'], + reporter_filter.cleansed_substitute, + ) + + def test_exception_report_uses_meta_filtering(self): + response = self.client.get('/raises500/', HTTP_SECRET_HEADER='super_secret') + self.assertNotIn(b'super_secret', response.content) + response = self.client.get( + '/raises500/', + HTTP_SECRET_HEADER='super_secret', + HTTP_X_REQUESTED_WITH='XMLHttpRequest', + ) + self.assertNotIn(b'super_secret', response.content) + class CustomExceptionReporterFilter(SafeExceptionReporterFilter): cleansed_substitute = 'XXXXXXXXXXXXXXXXXXXX' |
