[Django] #31962: Raise of SuspiciousOperation should use more specific SuspiciousSession class

Fri, 28 Aug 2020 12:31:54 -0700 

#31962: Raise of SuspiciousOperation should use more specific SuspiciousSession
class
--------------------------------------------+------------------------
               Reporter:  alexmv            |          Owner:  nobody
                   Type:  Uncategorized     |         Status:  new
              Component:  contrib.sessions  |        Version:  master
               Severity:  Normal            |       Keywords:
           Triage Stage:  Unreviewed        |      Has patch:  1
    Needs documentation:  0                 |    Needs tests:  0
Patch needs improvement:  0                 |  Easy pickings:  1
                  UI/UX:  0                 |
--------------------------------------------+------------------------
 `django/contrib/sessions/middleware.py` contains the only non-test place
 where a bare `SuspiciousOperation` is raised; all other locations use one
 of its more specific subclasses.  Making this suspicious operation that
 involves a session into a `raise SuspiciousSession` would remove this
 outlier, and make the exception more specific.

 This is also notable because every SuspiciousOperation subclass gets its
 own logger, so this is the only place that is logged via the
 `django.security.SuspiciousOperation` logger.

 This should only require:

 {{{
 diff --git django/contrib/sessions/middleware.py
 django/contrib/sessions/middleware.py
 index cb8c1ff45b..f8386a21ce 100644
 --- django/contrib/sessions/middleware.py
 +++ django/contrib/sessions/middleware.py
 @@ -3,7 +3,7 @@ from importlib import import_module

  from django.conf import settings
  from django.contrib.sessions.backends.base import UpdateError
 -from django.core.exceptions import SuspiciousOperation
 +from django.contrib.sessions.exceptions import SuspiciousSession
  from django.utils.cache import patch_vary_headers
  from django.utils.deprecation import MiddlewareMixin
  from django.utils.http import http_date
 @@ -60,7 +60,7 @@ class SessionMiddleware(MiddlewareMixin):
                      try:
                          request.session.save()
                      except UpdateError:
 -                        raise SuspiciousOperation(
 +                        raise SuspiciousSession(
                              "The request's session was deleted before the
 "
                              "request completed. The user may have logged
 "
                              "out in a concurrent request, for example."
 }}}

-- 
Ticket URL: <https://code.djangoproject.com/ticket/31962>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/049.93b4c2dd460959b80597624a46d75443%40djangoproject.com.

Reply via email to