MQL5-Google-Onedrive/.jules/sentinel.md

# Sentinel's Journal

## 2026-02-07 - Telegram Bot Authorization Bypass
**Vulnerability:** The Telegram Deployment Bot (`scripts/telegram_deploy_bot.py`) contained a "Fail Open" vulnerability where omitting the `TELEGRAM_ALLOWED_USER_IDS` environment variable resulted in granting access to *all* Telegram users instead of *none*.
**Learning:** Security controls must default to deny (Fail Closed). Implicitly allowing access when configuration is missing creates silent vulnerabilities that are hard to detect until exploited.
**Prevention:** Ensure all authorization checks explicitly return `False` or throw an exception if the access control list is empty or undefined. Never default to `True` in security-critical paths.

## 2026-02-13 - [Documentation] Cloudflare Nameservers and Domain Unification
- Updated Cloudflare nameservers to daisy.ns.cloudflare.com and rocco.ns.cloudflare.com.
- Unified domain name to lengkundee01.org across CNAME and PWA documentation.

## 2026-02-14 - Web Dashboard Information Leakage
**Vulnerability:** The web dashboard (`scripts/web_dashboard.py`) caught exceptions and returned the raw error string to the user, potentially exposing sensitive internal details (paths, stack traces, database info).
**Learning:** Defaulting to returning `str(e)` in web handlers is a common pattern for debugging but dangerous in production. It violates the principle of failing securely.
**Prevention:** Always catch exceptions at the top level of request handlers, log the full details to a secure server-side log (e.g., `stderr`), and return a generic "Internal Server Error" message to the client.
Fix CRITICAL authorization bypass in Telegram Bot - Changed `check_authorized` in `scripts/telegram_deploy_bot.py` to fail closed (deny all) if `TELEGRAM_ALLOWED_USER_IDS` is unset or empty. - Updated `scripts/TELEGRAM_BOT_SETUP.md` and `QUICK_DEPLOY.md` to document that `TELEGRAM_ALLOWED_USER_IDS` is now mandatory for bot access. - Added Sentinel Journal entry in `.jules/sentinel.md` documenting the vulnerability and learning. - Verified fix with reproduction script. 2026-02-07 11:33:43 +00:00			`# Sentinel's Journal`

			`## 2026-02-07 - Telegram Bot Authorization Bypass`
			Vulnerability: The Telegram Deployment Bot (`scripts/telegram_deploy_bot.py`) contained a "Fail Open" vulnerability where omitting the `TELEGRAM_ALLOWED_USER_IDS` environment variable resulted in granting access to all Telegram users instead of none.
			`Learning: Security controls must default to deny (Fail Closed). Implicitly allowing access when configuration is missing creates silent vulnerabilities that are hard to detect until exploited.`
			Prevention: Ensure all authorization checks explicitly return `False` or throw an exception if the access control list is empty or undefined. Never default to `True` in security-critical paths.
docs: update Cloudflare nameservers and unify domain name - Added daisy.ns.cloudflare.com and rocco.ns.cloudflare.com to Cloudflare guide. - Unified domain name to lengkundee01.org in CNAME and PWA guide. - Verified active domain using dig. - Updated sentinel journal with documentation learnings. 2026-02-13 04:11:32 +00:00
			`## 2026-02-13 - [Documentation] Cloudflare Nameservers and Domain Unification`
			`- Updated Cloudflare nameservers to daisy.ns.cloudflare.com and rocco.ns.cloudflare.com.`
			`- Unified domain name to lengkundee01.org across CNAME and PWA documentation.`
Fix: Prevent information exposure in web dashboard error handling - Modified scripts/web_dashboard.py to return generic 500 error instead of exception details - Added regression test in scripts/test_web_dashboard.py - Updated .jules/sentinel.md with security learnings 2026-02-24 12:08:11 +00:00
			`## 2026-02-14 - Web Dashboard Information Leakage`
			Vulnerability: The web dashboard (`scripts/web_dashboard.py`) caught exceptions and returned the raw error string to the user, potentially exposing sensitive internal details (paths, stack traces, database info).
			Learning: Defaulting to returning `str(e)` in web handlers is a common pattern for debugging but dangerous in production. It violates the principle of failing securely.
			Prevention: Always catch exceptions at the top level of request handlers, log the full details to a secure server-side log (e.g., `stderr`), and return a generic "Internal Server Error" message to the client.