mirror of
https://github.com/A6-9V/MQL5-Google-Onedrive.git
synced 2026-04-11 12:10:56 +00:00
39 lines
1.3 KiB
Python
39 lines
1.3 KiB
Python
|
import unittest
|
||
|
|
import sys
|
||
|
|
import os
|
||
|
|
from unittest.mock import patch
|
||
|
|
|
||
|
|
# Add scripts directory to path so we can import web_dashboard
|
||
|
|
sys.path.append(os.path.dirname(os.path.abspath(__file__)))
|
||
|
|
|
||
|
|
from web_dashboard import app
|
||
|
|
|
||
|
|
class TestWebDashboardSecurity(unittest.TestCase):
|
||
|
|
def setUp(self):
|
||
|
|
self.app = app.test_client()
|
||
|
|
self.app.testing = True
|
||
|
|
|
||
|
|
@patch('web_dashboard.get_cached_markdown')
|
||
|
|
def test_dashboard_error_handling_secure(self, mock_get_markdown):
|
||
|
|
"""
|
||
|
|
Test that exceptions during dashboard rendering are handled securely.
|
||
|
|
The server should return a generic 500 error and NOT leak the exception message.
|
||
|
|
"""
|
||
|
|
# Simulate an internal error
|
||
|
|
mock_get_markdown.side_effect = Exception("Simulated Failure: Database Connection Lost")
|
||
|
|
|
||
|
|
response = self.app.get('/')
|
||
|
|
|
||
|
|
# Expect 500 Internal Server Error
|
||
|
|
self.assertEqual(response.status_code, 500)
|
||
|
|
|
||
|
|
# Secure behavior:
|
||
|
|
# 1. Should return a generic error message
|
||
|
|
self.assertIn(b"Internal Server Error", response.data)
|
||
|
|
|
||
|
|
# 2. Should NOT leak the specific exception details
|
||
|
|
self.assertNotIn(b"Simulated Failure", response.data)
|
||
|
|
self.assertNotIn(b"Database Connection Lost", response.data)
|
||
|
|
|
||
|
|
if __name__ == '__main__':
|
||
|
|
unittest.main()
|