id	summary	reporter	owner	description	type	status	component	version	severity	resolution	keywords	cc	stage	has_patch	needs_docs	needs_tests	needs_better_patch	easy	ui_ux
34695	security.E101 false positive with class-based views	Anthony Sottile	nobody	"minimal example

{{{
class MyView(View):
    def dispatch(self, request, reason=''):
        ...

view = MyView.as_view()
}}}

though this appears to work at runtime (at least in unsupported django 2.2 which is what I'm trying to upgrade from), the framework gives an error:

{{{
ERRORS:
?: (security.E101) The CSRF failure view 'myview.view' does not take the correct number of arguments.
}}}

the reason stems from the use of `inspect.signature` on the view:

{{{
>>> sig = inspect.signature(view)
>>> sig
<Signature (self, request, reason='')>
>>> sig.bind(None, reason=None)
Traceback (most recent call last):
  File ""/Users/asottile/.pyenv/versions/3.8.16/lib/python3.8/code.py"", line 90, in runcode
    exec(code, self.locals)
  File ""<console>"", line 1, in <module>
  File ""/Users/asottile/.pyenv/versions/3.8.16/lib/python3.8/inspect.py"", line 3037, in bind
    return self._bind(args, kwargs)
  File ""/Users/asottile/.pyenv/versions/3.8.16/lib/python3.8/inspect.py"", line 2952, in _bind
    raise TypeError(msg) from None
TypeError: missing a required argument: 'request'
}}}

https://github.com/django/django/blob/649262a406168709686f97694493aa1f717c6c96/django/core/checks/security/csrf.py#L60


"	Bug	closed	Core (System checks)	4.2	Normal	worksforme			Unreviewed	0	0	0	0	0	0