#32612: CSRF tests test_https_malformed_host and test_origin_malformed_host
aren't
testing what they should
-------------------------------------+-------------------------------------
Reporter: Chris Jerdonek | Owner: nobody
Type: | Status: closed
Cleanup/optimization |
Component: CSRF | Version: 3.1
Severity: Normal | Resolution: invalid
Keywords: | Triage Stage:
| Unreviewed
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
Comment (by Chris Jerdonek):
Sorry, I may have phrased the issue unfairly (including unfairly to the
test authors).
The reason I suggested the change is that I was experimenting with some
refactoring changes, and the test suite still passed even if I made them
incorrectly. That made it seem like something was missing from the tests.
I have a feeling that there can be a way of writing certain tests that
ensures they will fail if the code is refactored incorrectly, even if you
don't know the refactoring in advance. That could be useful for security-
sensitive code. I was having a hard time articulating what that test
quality is, though, exactly.
--
Ticket URL: <https://code.djangoproject.com/ticket/32612#comment:4>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to django-updates+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-updates/067.fef0a28810c07bcd3dedeb8b50730651%40djangoproject.com.
