Fix security vulnerabilities: XXE, timing attacks, info leaks

2026-01-18 17:18:12 +08:00
parent 9c3518de63
commit 5ab62a00ff
7 changed files with 98 additions and 50 deletions
--- a/tests/test_api.py
+++ b/tests/test_api.py
@@ -104,12 +104,12 @@ def test_request_id_header_present(client, signer):
    assert response.headers.get("X-Request-ID")


-def test_healthcheck_returns_version(client):
+def test_healthcheck_returns_status(client):
    response = client.get("/healthz")
    data = response.get_json()
    assert response.status_code == 200
    assert data["status"] == "ok"
-    assert "version" in data
+    assert "version" not in data


 def test_missing_credentials_denied(client):