import unittest
import sys
import os
from unittest.mock import patch

# Add scripts directory to path so we can import web_dashboard
sys.path.append(os.path.dirname(os.path.abspath(__file__)))

from web_dashboard import app

class TestWebDashboardSecurity(unittest.TestCase):
    def setUp(self):
        self.app = app.test_client()
        self.app.testing = True

    @patch('web_dashboard.get_cached_markdown')
    def test_dashboard_error_handling_secure(self, mock_get_markdown):
        """
        Test that exceptions during dashboard rendering are handled securely.
        The server should return a generic 500 error and NOT leak the exception message.
        """
        # Simulate an internal error
        mock_get_markdown.side_effect = Exception("Simulated Failure: Database Connection Lost")

        response = self.app.get('/')

        # Expect 500 Internal Server Error
        self.assertEqual(response.status_code, 500)

        # Secure behavior:
        # 1. Should return a generic error message
        self.assertIn(b"Internal Server Error", response.data)

        # 2. Should NOT leak the specific exception details
        self.assertNotIn(b"Simulated Failure", response.data)
        self.assertNotIn(b"Database Connection Lost", response.data)

if __name__ == '__main__':
    unittest.main()