2224a52fee
- Prevent raw exception messages from being exposed to users - Log full exceptions to stderr for admin review - Return generic 'Internal Server Error' on failure - Update hardcoded year to dynamic datetime.now().year - Add regression test scripts/test_web_dashboard_security.py - Update .jules/sentinel.md with security learning
1.6 KiB
Sentinel's Journal
2026-02-07 - Telegram Bot Authorization Bypass
Vulnerability: The Telegram Deployment Bot (scripts/telegram_deploy_bot.py) contained a "Fail Open" vulnerability where omitting the TELEGRAM_ALLOWED_USER_IDS environment variable resulted in granting access to all Telegram users instead of none.
Learning: Security controls must default to deny (Fail Closed). Implicitly allowing access when configuration is missing creates silent vulnerabilities that are hard to detect until exploited.
Prevention: Ensure all authorization checks explicitly return False or throw an exception if the access control list is empty or undefined. Never default to True in security-critical paths.
2026-02-13 - [Documentation] Cloudflare Nameservers and Domain Unification
- Updated Cloudflare nameservers to daisy.ns.cloudflare.com and rocco.ns.cloudflare.com.
- Unified domain name to lengkundee01.org across CNAME and PWA documentation.
2026-02-23 - [Information Leakage] Web Dashboard Error Handling
Vulnerability: The Web Dashboard (scripts/web_dashboard.py) exposed raw exception messages directly to users in HTTP 500 responses. This could leak internal file paths, configuration details, or other sensitive information.
Learning: Returning str(e) in API responses is convenient for debugging but dangerous in production. Attackers can intentionally trigger errors to map the system internals.
Prevention: Always catch exceptions at the top level and return a generic "Internal Server Error" message to the client. Log the full exception details to a secure server log (stderr/file) for administrative review.