modified few changes

TS0713 · TS0713 · commit 03da5419610f · 2025-07-29T12:56:09.000Z
Signed-off-by: Satya &lt;tsp.0713@gmail.com&gt;
diff --git a/mcpgateway/config.py b/mcpgateway/config.py
@@ -495,9 +495,7 @@ def validate_database(self) -> None:
                 db_dir.mkdir(parents=True)
 
     # Validation patterns for safe display (configurable)
-    validation_dangerous_html_pattern: str = (
-        r"<(script|iframe|object|embed|link|meta|base|form|img|svg|video|audio|source|track|area|map|canvas|applet|frame|frameset|html|head|body|style)\b|</*(script|iframe|object|embed|link|meta|base|form|img|svg|video|audio|source|track|area|map|canvas|applet|frame|frameset|html|head|body|style)>"
-    )
+    validation_dangerous_html_pattern: str = r"<(script|iframe|object|embed|link|meta|base|form|img|svg|video|audio|source|track|area|map|canvas|applet|frame|frameset|html|head|body|style)\b|</*(script|iframe|object|embed|link|meta|base|form|img|svg|video|audio|source|track|area|map|canvas|applet|frame|frameset|html|head|body|style)>"
     validation_dangerous_js_pattern: str = r"(?i)(?:^|\s|[\"'`<>=])(javascript:|vbscript:|data:\s*[^,]*[;\s]*(javascript|vbscript)|\bon[a-z]+\s*=|<\s*script\b)"
 
     validation_allowed_url_schemes: List[str] = ["http://", "https://", "ws://", "wss://"]
diff --git a/mcpgateway/services/gateway_service.py b/mcpgateway/services/gateway_service.py
@@ -1148,10 +1148,11 @@ async def _initialize_gateway(self, url: str, authentication: Optional[Dict[str,
             >>> import asyncio
             >>> async def test_params():
             ...     try:
-            ...         await service._initialize_gateway("invalid://url")
+            ...         await service._initialize_gateway("http://invalid://url")
             ...     except Exception as e:
-            ...         return "Failed" in str(e) or "GatewayConnectionError" in str(type(e).__name__)
-            >>> asyncio.run(test_params())
+            ...         return "True" if ("Failed" in str(e) or "GatewayConnectionError" in str(type(e).__name__)) else "False"
+            
+            >>> print (asyncio.run(test_params()))
             True
 
             >>> # Test default parameters
diff --git a/mcpgateway/validators.py b/mcpgateway/validators.py
@@ -52,9 +52,7 @@ class SecurityValidator:
     """Configurable validation with MCP-compliant limits"""
 
     # Configurable patterns (from settings)
-    DANGEROUS_HTML_PATTERN = (
-        settings.validation_dangerous_html_pattern
-    )  # Default: '<(script|iframe|object|embed|link|meta|base|form|img|svg|video|audio|source|track|area|map|canvas|applet|frame|frameset|html|head|body|style)\b|</*(script|iframe|object|embed|link|meta|base|form|img|svg|video|audio|source|track|area|map|canvas|applet|frame|frameset|html|head|body|style)>'
+    DANGEROUS_HTML_PATTERN = settings.validation_dangerous_html_pattern  # Default: '<(script|iframe|object|embed|link|meta|base|form|img|svg|video|audio|source|track|area|map|canvas|applet|frame|frameset|html|head|body|style)\b|</*(script|iframe|object|embed|link|meta|base|form|img|svg|video|audio|source|track|area|map|canvas|applet|frame|frameset|html|head|body|style)>'
     DANGEROUS_JS_PATTERN = settings.validation_dangerous_js_pattern  # Default: javascript:|vbscript:|on\w+\s*=|data:.*script
     ALLOWED_URL_SCHEMES = settings.validation_allowed_url_schemes  # Default: ["http://", "https://", "ws://", "wss://"]
 
diff --git a/tests/unit/mcpgateway/services/test_gateway_service.py b/tests/unit/mcpgateway/services/test_gateway_service.py
@@ -16,6 +16,7 @@
 from __future__ import annotations
 
 # Standard
+import asyncio
 from datetime import datetime, timezone
 from unittest.mock import AsyncMock, MagicMock, Mock
 
@@ -265,10 +266,10 @@ async def test_ssl_verification_bypass(self, gateway_service, monkeypatch):
         pass
 
     # ────────────────────────────────────────────────────────────────────
-    # Validate Gateway URL Auth Failure
+    # Validate Gateway URL Auth Failure - 401
     # ────────────────────────────────────────────────────────────────────
     @pytest.mark.asyncio
-    async def test_validate_auth_failure(self, gateway_service, monkeypatch):
+    async def test_validate_auth_failure_401(self, gateway_service, monkeypatch):
         # Mock the response object to be returned inside the async with block
         response_mock = MagicMock()
         response_mock.status_code = 401
@@ -297,6 +298,39 @@ async def test_validate_auth_failure(self, gateway_service, monkeypatch):
         # Expect False due to 401
         assert result is False
 
+    # ────────────────────────────────────────────────────────────────────
+    # Validate Gateway URL Auth Failure - 403
+    # ────────────────────────────────────────────────────────────────────
+    @pytest.mark.asyncio
+    async def test_validate_auth_failure_403(self, gateway_service, monkeypatch):
+        # Mock the response object to be returned inside the async with block
+        response_mock = MagicMock()
+        response_mock.status_code = 403
+        response_mock.headers = {"content-type": "text/event-stream"}
+
+        # Create an async context manager mock that returns response_mock
+        stream_context = MagicMock()
+        stream_context.__aenter__ = AsyncMock(return_value=response_mock)
+        stream_context.__aexit__ = AsyncMock(return_value=None)
+
+        # Mock the AsyncClient to return this context manager from .stream()
+        client_mock = MagicMock()
+        client_mock.stream = AsyncMock(return_value=stream_context)
+        client_mock.aclose = AsyncMock()
+
+        # Mock ResilientHttpClient to return this client
+        resilient_client_mock = MagicMock()
+        resilient_client_mock.client = client_mock
+        resilient_client_mock.aclose = AsyncMock()
+
+        monkeypatch.setattr("mcpgateway.services.gateway_service.ResilientHttpClient", MagicMock(return_value=resilient_client_mock))
+
+        # Run the method
+        result = await gateway_service._validate_gateway_url(url="http://example.com", headers={}, transport_type="SSE")
+
+        # Expect False due to 401
+        assert result is False
+
     # ────────────────────────────────────────────────────────────────────
     # Validate Gateway URL Connection Error
     # ────────────────────────────────────────────────────────────────────
@@ -324,14 +358,6 @@ async def test_validate_connectivity_failure(self, gateway_service, monkeypatch)
 
         assert result is False
 
-    # ────────────────────────────────────────────────────────────────────
-    # Validate Gateway URL Bulk Connections Validation
-    # ────────────────────────────────────────────────────────────────────
-    @pytest.mark.asyncio
-    async def test_bulk_concurrent_validation(self, gateway_service, monkeypatch):
-        # TODO
-        pass
-
     # ───────────────────────────────────────────────────────────────────────────
     # Validate Gateway - StreamableHTTP with mcp-session-id & redirected-url
     # ───────────────────────────────────────────────────────────────────────────
@@ -371,6 +397,38 @@ async def test_streamablehttp_redirect(self, gateway_service, monkeypatch):
         # assert result is True
         pass
 
+    # ───────────────────────────────────────────────────────────────────────────
+    # Validate Gateway URL - Bulk Concurrent requests Validation
+    # ───────────────────────────────────────────────────────────────────────────
+    @pytest.mark.asyncio
+    async def test_bulk_concurrent_validation(self, gateway_service, monkeypatch):
+        urls = [f"http://gateway{i}.com" for i in range(20)]
+
+        # Simulate a successful stream context
+        stream_context = AsyncMock()
+        stream_context.__aenter__.return_value.status_code = 200
+        stream_context.__aenter__.return_value.headers = {"content-type": "text/event-stream"}
+        stream_context.__aexit__.return_value = AsyncMock()
+
+        # Mock client to return the above stream context
+        mock_client = MagicMock()
+        mock_client.stream.return_value = stream_context
+        mock_client.aclose = AsyncMock()
+
+        # ResilientHttpClient mock returns a .client and .aclose
+        resilient_client_mock = MagicMock()
+        resilient_client_mock.client = mock_client
+        resilient_client_mock.aclose = AsyncMock()
+
+        # Patch ResilientHttpClient where it’s used in your module
+        monkeypatch.setattr("mcpgateway.services.gateway_service.ResilientHttpClient", MagicMock(return_value=resilient_client_mock))
+
+        # Run the validations concurrently
+        results = await asyncio.gather(*[gateway_service._validate_gateway_url(url, {}, "SSE") for url in urls])
+
+        # All should be True (validation success)
+        assert all(results)
+
     # ────────────────────────────────────────────────────────────────────
     # LIST / GET
     # ────────────────────────────────────────────────────────────────────
