MQL5-Google-Onedrive/scripts/test_web_dashboard_security.py

import unittest
from unittest.mock import patch
import os
import sys

# Add scripts directory to path so we can import web_dashboard
sys.path.append(os.path.dirname(os.path.abspath(__file__)))

import web_dashboard
from web_dashboard import app

class TestWebDashboardSecurity(unittest.TestCase):
    def setUp(self):
        self.app = app.test_client()
        self.app.testing = True

    @patch('web_dashboard.get_cached_markdown')
    def test_error_handling_no_leak(self, mock_get):
        """Test that exceptions do not leak internal details."""
        # Force an exception with sensitive info
        sensitive_data = "SENSITIVE_INTERNAL_DATA"
        mock_get.side_effect = Exception(sensitive_data)

        # We need to ensure DASHBOARD_TEMPLATE is None so render() is called and exception happens
        # (or exception happens inside get_cached_markdown)
        web_dashboard.DASHBOARD_TEMPLATE = None

        response = self.app.get('/')

        self.assertEqual(response.status_code, 500)

        # In vulnerable code: str(e) is returned -> "Error: SENSITIVE_INTERNAL_DATA"
        # We want to assert that sensitive_data is NOT in response.data
        if sensitive_data.encode() in response.data:
            self.fail(f"SECURITY VULNERABILITY: Response leaked exception details! Found: {response.data}")

        self.assertIn(b"Internal Server Error", response.data)

if __name__ == '__main__':
    unittest.main()
🛡️ Sentinel: Fix information leak in web dashboard error handling 2026-02-16 11:18:15 +00:00			`import unittest`
			`from unittest.mock import patch`
			`import os`
			`import sys`

			`# Add scripts directory to path so we can import web_dashboard`
			`sys.path.append(os.path.dirname(os.path.abspath(__file__)))`

			`import web_dashboard`
			`from web_dashboard import app`

			`class TestWebDashboardSecurity(unittest.TestCase):`
			`def setUp(self):`
			`self.app = app.test_client()`
			`self.app.testing = True`

			`@patch('web_dashboard.get_cached_markdown')`
			`def test_error_handling_no_leak(self, mock_get):`
			`"""Test that exceptions do not leak internal details."""`
			`# Force an exception with sensitive info`
			`sensitive_data = "SENSITIVE_INTERNAL_DATA"`
			`mock_get.side_effect = Exception(sensitive_data)`

			`# We need to ensure DASHBOARD_TEMPLATE is None so render() is called and exception happens`
			`# (or exception happens inside get_cached_markdown)`
			`web_dashboard.DASHBOARD_TEMPLATE = None`

			`response = self.app.get('/')`

			`self.assertEqual(response.status_code, 500)`

			`# In vulnerable code: str(e) is returned -> "Error: SENSITIVE_INTERNAL_DATA"`
			`# We want to assert that sensitive_data is NOT in response.data`
			`if sensitive_data.encode() in response.data:`
			`self.fail(f"SECURITY VULNERABILITY: Response leaked exception details! Found: {response.data}")`

			`self.assertIn(b"Internal Server Error", response.data)`

			`if __name__ == '__main__':`
			`unittest.main()`