#34695: security.E101 false positive with class-based views
-----------------------------------------+------------------------
Reporter: asottile | Owner: nobody
Type: Uncategorized | Status: new
Component: Uncategorized | Version: 4.2
Severity: Normal | Keywords:
Triage Stage: Unreviewed | Has patch: 0
Needs documentation: 0 | Needs tests: 0
Patch needs improvement: 0 | Easy pickings: 0
UI/UX: 0 |
-----------------------------------------+------------------------
minimal example
{{{
class MyView(View):
def dispatch(self, request, reason=''):
...
view = MyView.as_view()
}}}
though this appears to work at runtime (at least in unsupported django 2.2
which is what I'm trying to upgrade from), the framework gives an error:
{{{
ERRORS:
?: (security.E101) The CSRF failure view 'myview.view' does not take the
correct number of arguments.
}}}
the reason stems from the use of `inspect.signature` on the view:
{{{
>>> sig = inspect.signature(view)
>>> sig
<Signature (self, request, reason='')>
>>> sig.bind(None, reason=None)
Traceback (most recent call last):
File "/Users/asottile/.pyenv/versions/3.8.16/lib/python3.8/code.py",
line 90, in runcode
exec(code, self.locals)
File "<console>", line 1, in <module>
File "/Users/asottile/.pyenv/versions/3.8.16/lib/python3.8/inspect.py",
line 3037, in bind
return self._bind(args, kwargs)
File "/Users/asottile/.pyenv/versions/3.8.16/lib/python3.8/inspect.py",
line 2952, in _bind
raise TypeError(msg) from None
TypeError: missing a required argument: 'request'
}}}
https://github.com/django/django/blob/649262a406168709686f97694493aa1f717c6c96/django/core/checks/security/csrf.py#L60
--
Ticket URL: <https://code.djangoproject.com/ticket/34695>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-updates/0107018926f3a001-24d1805e-ec83-4656-9560-8817d0e45129-000000%40eu-central-1.amazonses.com.