Fixed #21383 -- Added request details in SuspiciousOperation messages

This commit is contained in:
Claude Paroz 2013-11-09 12:11:58 +01:00
parent 7e714827ea
commit e6dd70b4db
3 changed files with 17 additions and 3 deletions

View File

@ -174,7 +174,12 @@ class BaseHandler(object):
# The security logger receives events for all SuspiciousOperations
security_logger = logging.getLogger('django.security.%s' %
e.__class__.__name__)
security_logger.error(force_text(e))
security_logger.error(
force_text(e),
extra={
'status_code': 400,
'request': request
})
try:
callback, param_dict = resolver.resolve400()

View File

@ -407,8 +407,8 @@ def patch_logger(logger_name, log_level):
"""
calls = []
def replacement(msg):
calls.append(msg)
def replacement(msg, *args, **kwargs):
calls.append(msg % args)
logger = logging.getLogger(logger_name)
orig = getattr(logger, log_level)
setattr(logger, log_level, replacement)

View File

@ -370,3 +370,12 @@ class SecurityLoggerTest(TestCase):
self.client.get('/suspicious_spec/')
self.assertEqual(len(calls), 1)
self.assertEqual(calls[0], 'dubious')
@override_settings(
ADMINS=(('admin', 'admin@example.com'),),
DEBUG=False,
)
def test_suspicious_email_admins(self):
self.client.get('/suspicious/')
self.assertEqual(len(mail.outbox), 1)
self.assertIn('path:/suspicious/,', mail.outbox[0].body)