[3.1.x] Fixed #31895 -- Fixed crash when decoding invalid session data.

Thanks Matt Hegarty for the report. Regression in d4fff711d4. Backport of 4376c2c7f8 from master
2025-10-31 09:41:08 +00:00 · 2020-08-19 12:06:00 +02:00
parent b2fc5292b2
commit 7eaa2776e1
3 changed files with 22 additions and 5 deletions
--- a/tests/sessions_tests/tests.py
+++ b/tests/sessions_tests/tests.py
@@ -333,11 +333,16 @@ class SessionTestsMixin:
            self.assertEqual(self.session._legacy_decode(encoded), data)

    def test_decode_failure_logged_to_security(self):
-        bad_encode = base64.b64encode(b'flaskdj:alkdjf').decode('ascii')
-        with self.assertLogs('django.security.SuspiciousSession', 'WARNING') as cm:
-            self.assertEqual({}, self.session.decode(bad_encode))
-        # The failed decode is logged.
-        self.assertIn('corrupted', cm.output[0])
+        tests = [
+            base64.b64encode(b'flaskdj:alkdjf').decode('ascii'),
+            'bad:encoded:value',
+        ]
+        for encoded in tests:
+            with self.subTest(encoded=encoded):
+                with self.assertLogs('django.security.SuspiciousSession', 'WARNING') as cm:
+                    self.assertEqual(self.session.decode(encoded), {})
+                # The failed decode is logged.
+                self.assertIn('Session data corrupted', cm.output[0])

    def test_actual_expiry(self):
        # this doesn't work with JSONSerializer (serializing timedelta)