82f12cb8e7
- Modified scripts/web_dashboard.py to return generic 500 error instead of exception details - Added regression test in scripts/test_web_dashboard.py - Updated .jules/sentinel.md with security learnings
1.6 KiB
Sentinel's Journal
2026-02-07 - Telegram Bot Authorization Bypass
Vulnerability: The Telegram Deployment Bot (scripts/telegram_deploy_bot.py) contained a "Fail Open" vulnerability where omitting the TELEGRAM_ALLOWED_USER_IDS environment variable resulted in granting access to all Telegram users instead of none.
Learning: Security controls must default to deny (Fail Closed). Implicitly allowing access when configuration is missing creates silent vulnerabilities that are hard to detect until exploited.
Prevention: Ensure all authorization checks explicitly return False or throw an exception if the access control list is empty or undefined. Never default to True in security-critical paths.
2026-02-13 - [Documentation] Cloudflare Nameservers and Domain Unification
- Updated Cloudflare nameservers to daisy.ns.cloudflare.com and rocco.ns.cloudflare.com.
- Unified domain name to lengkundee01.org across CNAME and PWA documentation.
2026-02-14 - Web Dashboard Information Leakage
Vulnerability: The web dashboard (scripts/web_dashboard.py) caught exceptions and returned the raw error string to the user, potentially exposing sensitive internal details (paths, stack traces, database info).
Learning: Defaulting to returning str(e) in web handlers is a common pattern for debugging but dangerous in production. It violates the principle of failing securely.
Prevention: Always catch exceptions at the top level of request handlers, log the full details to a secure server-side log (e.g., stderr), and return a generic "Internal Server Error" message to the client.