MQL5-Google-Onedrive/scripts/test_web_dashboard_security.py

import unittest
from unittest.mock import patch
import sys
import os

# Add scripts directory to path
sys.path.append(os.path.dirname(os.path.abspath(__file__)))

from web_dashboard import app

class TestWebDashboardSecurity(unittest.TestCase):
    def setUp(self):
        self.app = app.test_client()
        self.app.testing = True

    @patch('web_dashboard.get_cached_markdown')
    def test_error_handling_does_not_leak_info(self, mock_get_markdown):
        """
        Test that the implementation DOES NOT leak exception details.
        """
        # Mock an internal error with sensitive info
        secret_info = "DB_PASSWORD=secret123"
        mock_get_markdown.side_effect = Exception(f"Connection failed: {secret_info}")

        response = self.app.get('/')

        self.assertEqual(response.status_code, 500)

        # Verify that the sensitive info is NOT leaked in the response body
        self.assertNotIn(secret_info.encode(), response.data)

        # Verify that a generic error message is returned
        self.assertIn(b"Internal Server Error", response.data)

if __name__ == '__main__':
    unittest.main()
🛡️ Sentinel: [MEDIUM] Fix Information Leakage in Web Dashboard - Prevent raw exception messages from being exposed to users - Log full exceptions to stderr for admin review - Return generic 'Internal Server Error' on failure - Update hardcoded year to dynamic datetime.now().year - Add regression test scripts/test_web_dashboard_security.py - Update .jules/sentinel.md with security learning 2026-02-17 11:21:01 +00:00			`import unittest`
			`from unittest.mock import patch`
			`import sys`
			`import os`

			`# Add scripts directory to path`
			`sys.path.append(os.path.dirname(os.path.abspath(__file__)))`

			`from web_dashboard import app`

			`class TestWebDashboardSecurity(unittest.TestCase):`
			`def setUp(self):`
			`self.app = app.test_client()`
			`self.app.testing = True`

			`@patch('web_dashboard.get_cached_markdown')`
			`def test_error_handling_does_not_leak_info(self, mock_get_markdown):`
			`"""`
			`Test that the implementation DOES NOT leak exception details.`
			`"""`
			`# Mock an internal error with sensitive info`
			`secret_info = "DB_PASSWORD=secret123"`
			`mock_get_markdown.side_effect = Exception(f"Connection failed: {secret_info}")`

			`response = self.app.get('/')`

			`self.assertEqual(response.status_code, 500)`

			`# Verify that the sensitive info is NOT leaked in the response body`
			`self.assertNotIn(secret_info.encode(), response.data)`

			`# Verify that a generic error message is returned`
			`self.assertIn(b"Internal Server Error", response.data)`

			`if __name__ == '__main__':`
			`unittest.main()`