[5.2.x] Refs CVE-2025-48432 -- Prevented log injection in remaining response logging.

Migrated remaining response-related logging to use the `log_response()`
helper to avoid potential log injection, to ensure untrusted values like
request paths are safely escaped.

Co-authored-by: Natalia <124304+nessita@users.noreply.github.com>

Backport of 957951755259b412d5113333b32bf85871d29814 from main.

1 files changed, 38 insertions, 2 deletions

diff --git a/tests/generic_views/test_base.py b/tests/generic_views/test_base.py
index 5f3941196b..acd938935a 100644
--- a/tests/generic_views/test_base.py
+++ b/tests/generic_views/test_base.py
@@ -1,5 +1,8 @@
+import logging
 import time
 
+from logging_tests.tests import LoggingAssertionMixin
+
 from django.core.exceptions import ImproperlyConfigured
 from django.http import HttpResponse
 from django.test import RequestFactory, SimpleTestCase, override_settings
@@ -63,7 +66,7 @@ class InstanceView(View):
         return self
 
 
-class ViewTest(SimpleTestCase):
+class ViewTest(LoggingAssertionMixin, SimpleTestCase):
     rf = RequestFactory()
 
     def _assert_simple(self, response):
@@ -297,6 +300,25 @@ class ViewTest(SimpleTestCase):
         response = view.dispatch(self.rf.head("/"))
         self.assertEqual(response.status_code, 405)
 
+    def test_method_not_allowed_response_logged(self):
+        for path, escaped in [
+            ("/foo/", "/foo/"),
+            (r"/%1B[1;31mNOW IN RED!!!1B[0m/", r"/\x1b[1;31mNOW IN RED!!!1B[0m/"),
+        ]:
+            with self.subTest(path=path):
+                request = self.rf.get(path, REQUEST_METHOD="BOGUS")
+                with self.assertLogs("django.request", "WARNING") as handler:
+                    response = SimpleView.as_view()(request)
+
+                self.assertLogRecord(
+                    handler,
+                    f"Method Not Allowed (BOGUS): {escaped}",
+                    logging.WARNING,
+                    405,
+                    request,
+                )
+                self.assertEqual(response.status_code, 405)
+
 
 @override_settings(ROOT_URLCONF="generic_views.urls")
 class TemplateViewTest(SimpleTestCase):
@@ -425,7 +447,7 @@ class TemplateViewTest(SimpleTestCase):
 
 
 @override_settings(ROOT_URLCONF="generic_views.urls")
-class RedirectViewTest(SimpleTestCase):
+class RedirectViewTest(LoggingAssertionMixin, SimpleTestCase):
     rf = RequestFactory()
 
     def test_no_url(self):
@@ -549,6 +571,20 @@ class RedirectViewTest(SimpleTestCase):
         response = view.dispatch(self.rf.head("/foo/"))
         self.assertEqual(response.status_code, 410)
 
+    def test_gone_response_logged(self):
+        for path, escaped in [
+            ("/foo/", "/foo/"),
+            (r"/%1B[1;31mNOW IN RED!!!1B[0m/", r"/\x1b[1;31mNOW IN RED!!!1B[0m/"),
+        ]:
+            with self.subTest(path=path):
+                request = self.rf.get(path)
+                with self.assertLogs("django.request", "WARNING") as handler:
+                    RedirectView().dispatch(request)
+
+                self.assertLogRecord(
+                    handler, f"Gone: {escaped}", logging.WARNING, 410, request
+                )
+
 
 class GetContextDataTest(SimpleTestCase):
     def test_get_context_data_super(self):