#32612: CSRF tests test_https_malformed_host and test_origin_malformed_host aren't testing what they should -------------------------------------+------------------------------------- Reporter: Chris Jerdonek | Owner: nobody Type: | Status: closed Cleanup/optimization | Component: CSRF | Version: 3.1 Severity: Normal | Resolution: invalid Keywords: | Triage Stage: | Unreviewed Has patch: 0 | Needs documentation: 0 Needs tests: 0 | Patch needs improvement: 0 Easy pickings: 0 | UI/UX: 0 -------------------------------------+-------------------------------------
Comment (by Chris Jerdonek): Sorry, I may have phrased the issue unfairly (including unfairly to the test authors). The reason I suggested the change is that I was experimenting with some refactoring changes, and the test suite still passed even if I made them incorrectly. That made it seem like something was missing from the tests. I have a feeling that there can be a way of writing certain tests that ensures they will fail if the code is refactored incorrectly, even if you don't know the refactoring in advance. That could be useful for security- sensitive code. I was having a hard time articulating what that test quality is, though, exactly. -- Ticket URL: <https://code.djangoproject.com/ticket/32612#comment:4> Django <https://code.djangoproject.com/> The Web framework for perfectionists with deadlines. -- You received this message because you are subscribed to the Google Groups "Django updates" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-updates+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/django-updates/067.fef0a28810c07bcd3dedeb8b50730651%40djangoproject.com.