From 10ba3f78da2e22bd232dc085e2a8a7c293c3fb73 Mon Sep 17 00:00:00 2001 From: Natalia <124304+nessita@users.noreply.github.com> Date: Thu, 5 Jun 2025 10:07:17 -0300 Subject: [4.2.x] Refs CVE-2025-48432 -- Made SuspiciousOperation logging use log_response() for consistency. Backport of ff835f439cb1ecd8d74a24de12e3c03e5477dc9d from main. --- tests/logging_tests/tests.py | 9 +++++++++ 1 file changed, 9 insertions(+) (limited to 'tests') diff --git a/tests/logging_tests/tests.py b/tests/logging_tests/tests.py index 03409094f2..bc88749fb7 100644 --- a/tests/logging_tests/tests.py +++ b/tests/logging_tests/tests.py @@ -597,6 +597,15 @@ class SecurityLoggerTest(LoggingAssertionMixin, SimpleTestCase): self.assertEqual(len(mail.outbox), 1) self.assertIn("SuspiciousOperation at /suspicious/", mail.outbox[0].body) + def test_response_logged(self): + with self.assertLogs("django.security.SuspiciousOperation", "ERROR") as handler: + response = self.client.get("/suspicious/") + + self.assertLogRecord( + handler, "dubious", logging.ERROR, 400, request=response.wsgi_request + ) + self.assertEqual(response.status_code, 400) + class SettingsCustomLoggingTest(AdminScriptTestCase): """ -- cgit v1.3