trevor/finance_bot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
finance_bot/security-check.sh
Andrey K. Choi b79adf1c69 init commit
2025-12-10 22:09:31 +09:00

117 lines
4.1 KiB
Bash
Executable File
Raw Permalink Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

#!/usr/bin/env bash
# Security verification script for Finance Bot
# Checks that no hardcoded credentials exist in the codebase
set -e
echo "🔐 Finance Bot - Security Verification"
echo "======================================"
echo ""
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
NC='\033[0m' # No Color
failed=0
passed=0
# Test 1: Check for hardcoded bot tokens (pattern: digits:letters)
echo "1⃣ Checking for hardcoded bot tokens..."
if grep -r ":\s*[0-9]\{10\}:[A-Za-z0-9_-]\{20,\}" app/ --include="*.py" 2>/dev/null || true | grep -q . ; then
echo -e "${RED} ❌ FAILED: Found potential hardcoded tokens${NC}"
failed=$((failed + 1))
else
echo -e "${GREEN} ✅ PASSED: No hardcoded tokens found${NC}"
passed=$((passed + 1))
fi
# Test 2: Check for hardcoded database passwords
echo "2⃣ Checking for hardcoded database passwords..."
if grep -r "finance_pass\|postgres://.*:.*@" app/ --include="*.py" 2>/dev/null | grep -v "\.pyc" || true | grep -q . ; then
echo -e "${RED} ❌ FAILED: Found potential hardcoded passwords${NC}"
failed=$((failed + 1))
else
echo -e "${GREEN} ✅ PASSED: No hardcoded passwords found${NC}"
passed=$((passed + 1))
fi
# Test 3: Check docker-compose for hardcoded passwords
echo "3⃣ Checking docker-compose.yml for hardcoded passwords..."
if grep "password:\|PASSWORD:" docker-compose.yml | grep -v "\${" | grep -q . 2>/dev/null; then
echo -e "${RED} ❌ FAILED: Found hardcoded passwords in docker-compose.yml${NC}"
failed=$((failed + 1))
else
echo -e "${GREEN} ✅ PASSED: docker-compose.yml uses environment variables${NC}"
passed=$((passed + 1))
fi
# Test 4: Check docker-compose for hardcoded credentials
echo "4⃣ Checking docker-compose.yml for hardcoded credentials..."
if grep -E "finance_pass|finance_user.*:.*password" docker-compose.yml 2>/dev/null || true | grep -v "\${" | grep -q . ; then
echo -e "${RED} ❌ FAILED: Found hardcoded credentials in docker-compose.yml${NC}"
failed=$((failed + 1))
else
echo -e "${GREEN} ✅ PASSED: No hardcoded credentials found${NC}"
passed=$((passed + 1))
fi
# Test 5: Check that .env is in .gitignore
echo "5⃣ Checking .gitignore for .env..."
if grep -q "^\.env$" .gitignore 2>/dev/null; then
echo -e "${GREEN} ✅ PASSED: .env is properly ignored${NC}"
passed=$((passed + 1))
else
echo -e "${RED} ❌ FAILED: .env is not in .gitignore${NC}"
failed=$((failed + 1))
fi
# Test 6: Check that .env.example exists
echo "6⃣ Checking for .env.example..."
if [ -f ".env.example" ]; then
echo -e "${GREEN} ✅ PASSED: .env.example exists${NC}"
passed=$((passed + 1))
else
echo -e "${RED} ❌ FAILED: .env.example not found${NC}"
failed=$((failed + 1))
fi
# Test 7: Check that .env.example has no real credentials
echo "7⃣ Checking .env.example for real credentials..."
if grep -E "[0-9]{10}:[A-Za-z0-9_-]{20,}" .env.example 2>/dev/null || true | grep -q . ; then
echo -e "${RED} ❌ FAILED: .env.example contains real credentials${NC}"
failed=$((failed + 1))
else
echo -e "${GREEN} ✅ PASSED: .env.example contains only placeholders${NC}"
passed=$((passed + 1))
fi
# Test 8: Check for common secret patterns in Python
echo "8⃣ Checking Python files for secret patterns..."
SECRETS=$(grep -r "api_key\|api_secret\|auth_token\|access_token" app/ --include="*.py" 2>/dev/null | grep -v "def \|#\|settings\.|param\|Args\|Returns" | wc -l)
if [ "$SECRETS" -gt 0 ]; then
echo -e "${RED} ❌ FAILED: Found potential hardcoded secrets${NC}"
failed=$((failed + 1))
else
echo -e "${GREEN} ✅ PASSED: No hardcoded secrets found${NC}"
passed=$((passed + 1))
fi
# Summary
echo ""
echo "======================================"
echo "Summary:"
echo -e " ${GREEN}✅ Passed: $passed${NC}"
echo -e " ${RED}❌ Failed: $failed${NC}"
echo ""
if [ $failed -eq 0 ]; then
echo -e "${GREEN}✅ All security checks passed!${NC}"
echo ""
echo "✨ Your application is secure and ready for deployment."
exit 0
else
echo -e "${RED}⚠️ Security issues found! Please fix them before deployment.${NC}"
exit 1
fi
Reference in New Issue View Git Blame Copy Permalink