trevor/finance_bot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

init commit

Browse Source
This commit is contained in:
Andrey K. Choi
2025-12-10 22:09:31 +09:00
commit b79adf1c69
361 changed files with 47414 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

116
.history/security-check_20251210202932.sh Normal file
View File

@@ -0,0 +1,116 @@
#!/usr/bin/env bash
# Security verification script for Finance Bot
# Checks that no hardcoded credentials exist in the codebase
set -e
echo "🔐 Finance Bot - Security Verification"
echo "======================================"
echo ""
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
NC='\033[0m' # No Color
failed=0
passed=0
# Test 1: Check for hardcoded bot tokens (pattern: digits:letters)
echo "1⃣ Checking for hardcoded bot tokens..."
if grep -r ":\s*[0-9]\{10\}:[A-Za-z0-9_-]\{20,\}" app/ --include="*.py" 2>/dev/null || true | grep -q . ; then
echo -e "${RED} ❌ FAILED: Found potential hardcoded tokens${NC}"
failed=$((failed + 1))
else
echo -e "${GREEN} ✅ PASSED: No hardcoded tokens found${NC}"
passed=$((passed + 1))
fi
# Test 2: Check for hardcoded database passwords
echo "2⃣ Checking for hardcoded database passwords..."
if grep -r "finance_pass\|postgres://.*:.*@" app/ --include="*.py" 2>/dev/null | grep -v "\.pyc" || true | grep -q . ; then
echo -e "${RED} ❌ FAILED: Found potential hardcoded passwords${NC}"
failed=$((failed + 1))
else
echo -e "${GREEN} ✅ PASSED: No hardcoded passwords found${NC}"
passed=$((passed + 1))
fi
# Test 3: Check docker-compose for hardcoded passwords
echo "3⃣ Checking docker-compose.yml for hardcoded passwords..."
if grep "password:\|PASSWORD:" docker-compose.yml | grep -v "\${" | grep -q . 2>/dev/null; then
echo -e "${RED} ❌ FAILED: Found hardcoded passwords in docker-compose.yml${NC}"
failed=$((failed + 1))
else
echo -e "${GREEN} ✅ PASSED: docker-compose.yml uses environment variables${NC}"
passed=$((passed + 1))
fi
# Test 4: Check docker-compose for hardcoded credentials
echo "4⃣ Checking docker-compose.yml for hardcoded credentials..."
if grep -E "finance_pass|finance_user.*:.*password" docker-compose.yml 2>/dev/null || true | grep -v "\${" | grep -q . ; then
echo -e "${RED} ❌ FAILED: Found hardcoded credentials in docker-compose.yml${NC}"
failed=$((failed + 1))
else
echo -e "${GREEN} ✅ PASSED: No hardcoded credentials found${NC}"
passed=$((passed + 1))
fi
# Test 5: Check that .env is in .gitignore
echo "5⃣ Checking .gitignore for .env..."
if grep -q "^\.env$" .gitignore 2>/dev/null; then
echo -e "${GREEN} ✅ PASSED: .env is properly ignored${NC}"
passed=$((passed + 1))
else
echo -e "${RED} ❌ FAILED: .env is not in .gitignore${NC}"
failed=$((failed + 1))
fi
# Test 6: Check that .env.example exists
echo "6⃣ Checking for .env.example..."
if [ -f ".env.example" ]; then
echo -e "${GREEN} ✅ PASSED: .env.example exists${NC}"
passed=$((passed + 1))
else
echo -e "${RED} ❌ FAILED: .env.example not found${NC}"
failed=$((failed + 1))
fi
# Test 7: Check that .env.example has no real credentials
echo "7⃣ Checking .env.example for real credentials..."
if grep -E "[0-9]{10}:[A-Za-z0-9_-]{20,}" .env.example 2>/dev/null || true | grep -q . ; then
echo -e "${RED} ❌ FAILED: .env.example contains real credentials${NC}"
failed=$((failed + 1))
else
echo -e "${GREEN} ✅ PASSED: .env.example contains only placeholders${NC}"
passed=$((passed + 1))
fi
# Test 8: Check for common secret patterns in Python
echo "8⃣ Checking Python files for secret patterns..."
SECRETS=$(grep -r "api_key\|api_secret\|auth_token\|access_token" app/ --include="*.py" 2>/dev/null | grep -v "def \|#\|settings\.|param\|Args\|Returns" | wc -l)
if [ "$SECRETS" -gt 0 ]; then
echo -e "${RED} ❌ FAILED: Found potential hardcoded secrets${NC}"
failed=$((failed + 1))
else
echo -e "${GREEN} ✅ PASSED: No hardcoded secrets found${NC}"
passed=$((passed + 1))
fi
# Summary
echo ""
echo "======================================"
echo "Summary:"
echo -e " ${GREEN}✅ Passed: $passed${NC}"
echo -e " ${RED}❌ Failed: $failed${NC}"
echo ""
if [ $failed -eq 0 ]; then
echo -e "${GREEN}✅ All security checks passed!${NC}"
echo ""
echo "✨ Your application is secure and ready for deployment."
exit 0
else
echo -e "${RED}⚠️ Security issues found! Please fix them before deployment.${NC}"
exit 1
fi