mirror of
https://github.com/A6-9V/MQL5-Google-Onedrive.git
synced 2026-04-11 10:10:56 +00:00
58cce19553
- Modified `scripts/web_dashboard.py` to log exceptions and return generic error messages. - Added `scripts/test_web_dashboard_security.py` to verify the security fix.
37 lines
1.2 KiB
Python
37 lines
1.2 KiB
Python
import unittest
|
|
from unittest.mock import patch
|
|
import sys
|
|
import os
|
|
|
|
# Add scripts directory to path so we can import web_dashboard
|
|
sys.path.append(os.path.dirname(os.path.abspath(__file__)))
|
|
|
|
from web_dashboard import app
|
|
|
|
class TestWebDashboardSecurity(unittest.TestCase):
|
|
def setUp(self):
|
|
self.app = app.test_client()
|
|
self.app.testing = True
|
|
|
|
@patch('web_dashboard.get_cached_markdown')
|
|
def test_error_handling_leaks_info(self, mock_get_markdown):
|
|
"""
|
|
Test that the dashboard route DOES NOT leak exception details.
|
|
"""
|
|
# Simulate an internal error with sensitive info
|
|
secret_path = "/etc/passwd"
|
|
mock_get_markdown.side_effect = Exception(f"Failed to read {secret_path}")
|
|
|
|
response = self.app.get('/')
|
|
|
|
# Check that status is 500
|
|
self.assertEqual(response.status_code, 500)
|
|
|
|
# Check that the error message DOES NOT leak the internal detail
|
|
self.assertNotIn(b"Failed to read /etc/passwd", response.data)
|
|
|
|
# Check that we get a generic error message
|
|
self.assertIn(b"Internal Server Error", response.data)
|
|
|
|
if __name__ == '__main__':
|
|
unittest.main()
|