summaryrefslogtreecommitdiff
path: root/tests
diff options
context:
space:
mode:
authorCarlton Gibson <carlton.gibson@noumenal.es>2020-01-09 11:37:19 +0100
committerMariusz Felisiak <felisiak.mariusz@gmail.com>2020-01-10 11:35:41 +0100
commite2d9d66a22f9004c0349f6aa9f8762fa558bdee8 (patch)
tree6066d3aab3769c16ff9a970b244d9154e5672189 /tests
parent581ba5a9486ed73cb81031d85b3ce1b27a960109 (diff)
Fixed #23004 -- Added request.META filtering to SafeExceptionReporterFilter.
Co-authored-by: Ryan Castner <castner.rr@gmail.com>
Diffstat (limited to 'tests')
-rw-r--r--tests/view_tests/tests/test_debug.py18
1 files changed, 18 insertions, 0 deletions
diff --git a/tests/view_tests/tests/test_debug.py b/tests/view_tests/tests/test_debug.py
index 9becfc77d0..020af1a19c 100644
--- a/tests/view_tests/tests/test_debug.py
+++ b/tests/view_tests/tests/test_debug.py
@@ -1224,6 +1224,24 @@ class ExceptionReporterFilterTests(ExceptionReportTestMixin, LoggingCaptureMixin
{'login': 'cooper', 'password': reporter_filter.cleansed_substitute},
)
+ def test_request_meta_filtering(self):
+ request = self.rf.get('/', HTTP_SECRET_HEADER='super_secret')
+ reporter_filter = SafeExceptionReporterFilter()
+ self.assertEqual(
+ reporter_filter.get_safe_request_meta(request)['HTTP_SECRET_HEADER'],
+ reporter_filter.cleansed_substitute,
+ )
+
+ def test_exception_report_uses_meta_filtering(self):
+ response = self.client.get('/raises500/', HTTP_SECRET_HEADER='super_secret')
+ self.assertNotIn(b'super_secret', response.content)
+ response = self.client.get(
+ '/raises500/',
+ HTTP_SECRET_HEADER='super_secret',
+ HTTP_X_REQUESTED_WITH='XMLHttpRequest',
+ )
+ self.assertNotIn(b'super_secret', response.content)
+
class CustomExceptionReporterFilter(SafeExceptionReporterFilter):
cleansed_substitute = 'XXXXXXXXXXXXXXXXXXXX'