diff options
author | Tom Hacohen <tasn@users.noreply.github.com> | 2019-01-04 02:21:55 +0000 |
---|---|---|
committer | Tim Graham <timograham@gmail.com> | 2019-01-03 21:21:55 -0500 |
commit | 1ecc0a395be721e987e8e9fdfadde952b6dee1c7 (patch) | |
tree | 764f6a8caab6943e1e5ad49d04e03ab2f4864a20 /tests/handlers | |
parent | e49ab7263763d653b3acaa88db9b6ebb4505d639 (diff) | |
download | django-1ecc0a395be721e987e8e9fdfadde952b6dee1c7.tar.gz |
Fixed #30070, CVE-2019-3498 -- Fixed content spoofing possiblity in the default 404 page.
Co-Authored-By: Tim Graham <timograham@gmail.com>
Diffstat (limited to 'tests/handlers')
-rw-r--r-- | tests/handlers/tests.py | 10 |
1 files changed, 6 insertions, 4 deletions
diff --git a/tests/handlers/tests.py b/tests/handlers/tests.py index 70f0e875a5..fc7074833b 100644 --- a/tests/handlers/tests.py +++ b/tests/handlers/tests.py @@ -5,6 +5,7 @@ from django.db import close_old_connections, connection from django.test import ( RequestFactory, SimpleTestCase, TransactionTestCase, override_settings, ) +from django.utils.version import PY37 class HandlerTests(SimpleTestCase): @@ -162,16 +163,17 @@ class HandlerRequestTests(SimpleTestCase): def test_invalid_urls(self): response = self.client.get('~%A9helloworld') - self.assertContains(response, '~%A9helloworld', status_code=404) + self.assertEqual(response.status_code, 404) + self.assertEqual(response.context['request_path'], '/~%25A9helloworld' if PY37 else '/%7E%25A9helloworld') response = self.client.get('d%aao%aaw%aan%aal%aao%aaa%aad%aa/') - self.assertContains(response, 'd%AAo%AAw%AAn%AAl%AAo%AAa%AAd%AA', status_code=404) + self.assertEqual(response.context['request_path'], '/d%25AAo%25AAw%25AAn%25AAl%25AAo%25AAa%25AAd%25AA') response = self.client.get('/%E2%99%E2%99%A5/') - self.assertContains(response, '%E2%99\u2665', status_code=404) + self.assertEqual(response.context['request_path'], '/%25E2%2599%E2%99%A5/') response = self.client.get('/%E2%98%8E%E2%A9%E2%99%A5/') - self.assertContains(response, '\u260e%E2%A9\u2665', status_code=404) + self.assertEqual(response.context['request_path'], '/%E2%98%8E%25E2%25A9%E2%99%A5/') def test_environ_path_info_type(self): environ = self.request_factory.get('/%E2%A8%87%87%A5%E2%A8%A0').environ |