2026-01-21 05:17:23 +00:00
|
|
|
import unittest
|
|
|
|
|
import sys
|
|
|
|
|
import os
|
|
|
|
|
import json
|
|
|
|
|
|
|
|
|
|
# Add scripts directory to path so we can import web_dashboard
|
|
|
|
|
sys.path.append(os.path.dirname(os.path.abspath(__file__)))
|
|
|
|
|
|
|
|
|
|
from web_dashboard import app
|
2026-02-26 11:16:47 +00:00
|
|
|
from unittest.mock import patch
|
2026-01-21 05:17:23 +00:00
|
|
|
|
|
|
|
|
class TestWebDashboard(unittest.TestCase):
|
|
|
|
|
def setUp(self):
|
|
|
|
|
self.app = app.test_client()
|
|
|
|
|
self.app.testing = True
|
|
|
|
|
|
2026-02-26 11:16:47 +00:00
|
|
|
def test_dashboard_error_handling(self):
|
|
|
|
|
"""Test that errors are handled securely (no stack traces leaked)."""
|
|
|
|
|
with patch('web_dashboard.app.jinja_env.from_string') as mock_compile:
|
|
|
|
|
mock_compile.side_effect = Exception("Secret Database Info Leaked")
|
|
|
|
|
|
|
|
|
|
import web_dashboard
|
|
|
|
|
original_template = web_dashboard.DASHBOARD_TEMPLATE
|
|
|
|
|
web_dashboard.DASHBOARD_TEMPLATE = None
|
|
|
|
|
|
|
|
|
|
try:
|
|
|
|
|
response = self.app.get('/')
|
|
|
|
|
self.assertEqual(response.status_code, 500)
|
|
|
|
|
self.assertNotIn(b"Secret Database Info Leaked", response.data)
|
|
|
|
|
self.assertIn(b"Internal Server Error", response.data)
|
|
|
|
|
finally:
|
|
|
|
|
web_dashboard.DASHBOARD_TEMPLATE = original_template
|
|
|
|
|
|
2026-01-21 05:17:23 +00:00
|
|
|
def test_dashboard_route(self):
|
|
|
|
|
"""Test that the root route returns HTML."""
|
|
|
|
|
response = self.app.get('/')
|
|
|
|
|
self.assertEqual(response.status_code, 200)
|
|
|
|
|
self.assertIn(b'<!DOCTYPE html>', response.data)
|
2026-02-27 02:56:09 +00:00
|
|
|
self.assertIn(b'GenX FX Trading Automation', response.data)
|
2026-01-21 05:17:23 +00:00
|
|
|
|
|
|
|
|
def test_health_route_json(self):
|
|
|
|
|
"""Test that the health route returns a JSON response."""
|
|
|
|
|
response = self.app.get('/health')
|
|
|
|
|
self.assertEqual(response.status_code, 200)
|
|
|
|
|
try:
|
|
|
|
|
data = json.loads(response.data)
|
|
|
|
|
self.assertEqual(data.get('status'), 'healthy')
|
|
|
|
|
except json.JSONDecodeError:
|
|
|
|
|
self.fail("Response is not valid JSON")
|
|
|
|
|
|
2026-02-27 02:56:09 +00:00
|
|
|
def test_api_endpoints(self):
|
|
|
|
|
"""Test custom API endpoints."""
|
|
|
|
|
# Version
|
|
|
|
|
resp = self.app.get('/api/version')
|
|
|
|
|
self.assertEqual(resp.status_code, 200)
|
|
|
|
|
self.assertIn(b'version', resp.data)
|
|
|
|
|
|
|
|
|
|
# System info
|
|
|
|
|
resp = self.app.get('/api/system_info')
|
|
|
|
|
self.assertEqual(resp.status_code, 200)
|
|
|
|
|
self.assertIn(b'platform', resp.data)
|
|
|
|
|
|
|
|
|
|
# Files
|
|
|
|
|
resp = self.app.get('/api/files')
|
|
|
|
|
self.assertEqual(resp.status_code, 200)
|
|
|
|
|
self.assertIn(b'files', resp.data)
|
|
|
|
|
|
2026-02-08 11:20:56 +00:00
|
|
|
def test_skip_link_present(self):
|
|
|
|
|
"""Test that the skip link is present in the dashboard HTML."""
|
|
|
|
|
response = self.app.get('/')
|
|
|
|
|
self.assertEqual(response.status_code, 200)
|
2026-02-27 02:56:09 +00:00
|
|
|
self.assertIn(b'<a href="#main-content" class="skip-link">Skip to main content</a>', response.data)
|
2026-02-08 11:20:56 +00:00
|
|
|
|
2026-02-09 11:27:48 +00:00
|
|
|
def test_security_headers(self):
|
|
|
|
|
"""Test that security headers are present."""
|
|
|
|
|
response = self.app.get('/')
|
|
|
|
|
self.assertEqual(response.status_code, 200)
|
|
|
|
|
self.assertIn('Content-Security-Policy', response.headers)
|
|
|
|
|
self.assertIn('X-Content-Type-Options', response.headers)
|
|
|
|
|
self.assertIn('X-Frame-Options', response.headers)
|
|
|
|
|
self.assertIn('Referrer-Policy', response.headers)
|
|
|
|
|
|
2026-01-21 05:17:23 +00:00
|
|
|
if __name__ == '__main__':
|
|
|
|
|
unittest.main()
|
