Refs #33526 -- Made CSRF_COOKIE_SECURE/SESSION_COOKIE_SECURE/SESSION_COOKIE_HTTPONLY don't pass on truthy values.

author: Mariusz Felisiak <felisiak.mariusz@gmail.com> 2022-02-21 07:54:47 +0100
committer: GitHub <noreply@github.com> 2022-02-21 07:54:47 +0100
commit: 1299bc33e131a3c44b544b58c706bc998c4228ed (patch)
tree: 607157eb27d3821a597fb221980c00731ba74a66 /tests/check_framework
parent: fe3518d25edd69b782339729080b0295a8a33952 (diff)
1 files changed, 26 insertions, 0 deletions
diff --git a/tests/check_framework/test_security.py b/tests/check_framework/test_security.py
index d025c4d92c..3e20f35f01 100644
--- a/tests/check_framework/test_security.py
+++ b/tests/check_framework/test_security.py
@@ -20,6 +20,15 @@ class CheckSessionCookieSecureTest(SimpleTestCase):
         self.assertEqual(sessions.check_session_cookie_secure(None), [sessions.W010])
 
     @override_settings(
+        SESSION_COOKIE_SECURE="1",
+        INSTALLED_APPS=["django.contrib.sessions"],
+        MIDDLEWARE=[],
+    )
+    def test_session_cookie_secure_with_installed_app_truthy(self):
+        """SESSION_COOKIE_SECURE must be boolean."""
+        self.assertEqual(sessions.check_session_cookie_secure(None), [sessions.W010])
+
+    @override_settings(
         SESSION_COOKIE_SECURE=False,
         INSTALLED_APPS=[],
         MIDDLEWARE=["django.contrib.sessions.middleware.SessionMiddleware"],
@@ -70,6 +79,15 @@ class CheckSessionCookieHttpOnlyTest(SimpleTestCase):
         self.assertEqual(sessions.check_session_cookie_httponly(None), [sessions.W013])
 
     @override_settings(
+        SESSION_COOKIE_HTTPONLY="1",
+        INSTALLED_APPS=["django.contrib.sessions"],
+        MIDDLEWARE=[],
+    )
+    def test_session_cookie_httponly_with_installed_app_truthy(self):
+        """SESSION_COOKIE_HTTPONLY must be boolean."""
+        self.assertEqual(sessions.check_session_cookie_httponly(None), [sessions.W013])
+
+    @override_settings(
         SESSION_COOKIE_HTTPONLY=False,
         INSTALLED_APPS=[],
         MIDDLEWARE=["django.contrib.sessions.middleware.SessionMiddleware"],
@@ -133,6 +151,14 @@ class CheckCSRFCookieSecureTest(SimpleTestCase):
 
     @override_settings(
         MIDDLEWARE=["django.middleware.csrf.CsrfViewMiddleware"],
+        CSRF_COOKIE_SECURE="1",
+    )
+    def test_with_csrf_cookie_secure_truthy(self):
+        """CSRF_COOKIE_SECURE must be boolean."""
+        self.assertEqual(csrf.check_csrf_cookie_secure(None), [csrf.W016])
+
+    @override_settings(
+        MIDDLEWARE=["django.middleware.csrf.CsrfViewMiddleware"],
         CSRF_USE_SESSIONS=True,
         CSRF_COOKIE_SECURE=False,
     )
author	Mariusz Felisiak <felisiak.mariusz@gmail.com>	2022-02-21 07:54:47 +0100
committer	GitHub <noreply@github.com>	2022-02-21 07:54:47 +0100
commit	1299bc33e131a3c44b544b58c706bc998c4228ed (patch)
tree	607157eb27d3821a597fb221980c00731ba74a66 /tests/check_framework
parent	fe3518d25edd69b782339729080b0295a8a33952 (diff)