Fixed #21383 -- Added request details in SuspiciousOperation messages

django/core/handlers/base.py

@@ -174,7 +174,12 @@ class BaseHandler(object):
             # The security logger receives events for all SuspiciousOperations
             security_logger = logging.getLogger('django.security.%s' %
                             e.__class__.__name__)
-            security_logger.error(force_text(e))
+            security_logger.error(
+                force_text(e),
+                extra={
+                    'status_code': 400,
+                    'request': request
+                })
 
             try:
                 callback, param_dict = resolver.resolve400()

django/test/utils.py

@@ -407,8 +407,8 @@ def patch_logger(logger_name, log_level):
     """
     calls = []
 
-    def replacement(msg):
+    def replacement(msg, *args, **kwargs):
-        calls.append(msg)
+        calls.append(msg % args)
     logger = logging.getLogger(logger_name)
     orig = getattr(logger, log_level)
     setattr(logger, log_level, replacement)

tests/logging_tests/tests.py

@@ -370,3 +370,12 @@ class SecurityLoggerTest(TestCase):
             self.client.get('/suspicious_spec/')
             self.assertEqual(len(calls), 1)
             self.assertEqual(calls[0], 'dubious')
+
+    @override_settings(
+        ADMINS=(('admin', 'admin@example.com'),),
+        DEBUG=False,
+    )
+    def test_suspicious_email_admins(self):
+        self.client.get('/suspicious/')
+        self.assertEqual(len(mail.outbox), 1)
+        self.assertIn('path:/suspicious/,', mail.outbox[0].body)