Fixed #31757 -- Adjusted system check for SECRET_KEY to warn about autogenerated default keys.

Thanks Nick Pope, René Fleschenberg, and Carlton Gibson for reviews.
2025-10-23 21:59:11 +00:00 · 2020-07-13 20:40:38 +03:00
parent 721c95ba0b
commit b7f500396e
4 changed files with 23 additions and 10 deletions
--- a/tests/check_framework/test_security.py
+++ b/tests/check_framework/test_security.py
@@ -1,5 +1,6 @@
 from django.conf import settings
 from django.core.checks.security import base, csrf, sessions
+from django.core.management.utils import get_random_secret_key
 from django.test import SimpleTestCase
 from django.test.utils import override_settings

@@ -394,6 +395,12 @@ class CheckSecretKeyTest(SimpleTestCase):
    def test_none_secret_key(self):
        self.assertEqual(base.check_secret_key(None), [base.W009])

+    @override_settings(
+        SECRET_KEY=base.SECRET_KEY_INSECURE_PREFIX + get_random_secret_key()
+    )
+    def test_insecure_secret_key(self):
+        self.assertEqual(base.check_secret_key(None), [base.W009])
+
    @override_settings(SECRET_KEY=('abcdefghijklmnopqrstuvwx' * 2) + 'a')
    def test_low_length_secret_key(self):
        self.assertEqual(len(settings.SECRET_KEY), base.SECRET_KEY_MIN_LENGTH - 1)