Home Explore Help
Sign In
logic855
/
claude-mods
mirror of https://github.com/0xDarkMatter/claude-mods.git
1
0
Fork 0
Files Issues 0 Wiki
Branch: main
Branches Tags
claude-mods
/
skills
/
security-ops
/
scripts
/
security-scan.sh

security-scan.sh 2.4 KB
Permalink History Raw

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889 
  1. #!/bin/bash
    2. 

  2. # Quick security scan using grep patterns
    3. 

  3. # Usage: ./security-scan.sh [directory]
    4. 

  4. 

  5. set -e
    6. 

  6. 

  7. DIR="${1:-.}"
    8. 

  8. 

  9. RED='\033[0;31m'
    10. 

  10. YELLOW='\033[1;33m'
    11. 

  11. GREEN='\033[0;32m'
    12. 

  12. NC='\033[0m'
    13. 

  13. 

  14. echo "=== Security Scan: $DIR ==="
    15. 

  15. echo ""
    16. 

  16. 

  17. ISSUES=0
    18. 

  18. 

  19. check_pattern() {
    20. 

  20.     local name="$1"
    21. 

  21.     local pattern="$2"
    22. 

  22.     local type="$3"
    23. 

  23. 

  24.     echo -n "Checking: $name... "
    25. 

  25. 

  26.     if rg -l "$pattern" "$DIR" --type "$type" 2>/dev/null | head -5 | grep -q .; then
    27. 

  27.         echo -e "${RED}FOUND${NC}"
    28. 

  28.         rg -n "$pattern" "$DIR" --type "$type" 2>/dev/null | head -10
    29. 

  29.         echo ""
    30. 

  30.         ISSUES=$((ISSUES + 1))
    31. 

  31.     else
    32. 

  32.         echo -e "${GREEN}OK${NC}"
    33. 

  33.     fi
    34. 

  34. }
    35. 

  35. 

  36. # Python checks
    37. 

  37. echo "--- Python Security Checks ---"
    38. 

  38. check_pattern "Hardcoded secrets" "(password|secret|api_key|token)\s*=\s*['\"][^'\"]{8,}['\"]" "py"
    39. 

  39. check_pattern "SQL injection (f-strings)" "execute\(f['\"]" "py"
    40. 

  40. check_pattern "SQL injection (format)" "execute\(.*\.format\(" "py"
    41. 

  41. check_pattern "eval() usage" "\beval\s*\(" "py"
    42. 

  42. check_pattern "exec() usage" "\bexec\s*\(" "py"
    43. 

  43. check_pattern "pickle.loads" "pickle\.loads?\(" "py"
    44. 

  44. check_pattern "os.system" "os\.system\(" "py"
    45. 

  45. check_pattern "shell=True" "subprocess.*shell\s*=\s*True" "py"
    46. 

  46. check_pattern "MD5 hashing" "hashlib\.md5\(" "py"
    47. 

  47. check_pattern "SHA1 hashing" "hashlib\.sha1\(" "py"
    48. 

  48. 

  49. echo ""
    50. 

  50. 

  51. # JavaScript checks
    52. 

  52. echo "--- JavaScript Security Checks ---"
    53. 

  53. check_pattern "innerHTML" "\.innerHTML\s*=" "js"
    54. 

  54. check_pattern "eval() usage" "\beval\s*\(" "js"
    55. 

  55. check_pattern "document.write" "document\.write\(" "js"
    56. 

  56. 

  57. echo ""
    58. 

  58. 

  59. # General checks
    60. 

  60. echo "--- General Security Checks ---"
    61. 

  61. 

  62. echo -n "Checking: .env files in git... "
    63. 

  63. if git ls-files | grep -E "\.env$|\.env\." | grep -q .; then
    64. 

  64.     echo -e "${RED}FOUND${NC}"
    65. 

  65.     git ls-files | grep -E "\.env$|\.env\."
    66. 

  66.     ISSUES=$((ISSUES + 1))
    67. 

  67. else
    68. 

  68.     echo -e "${GREEN}OK${NC}"
    69. 

  69. fi
    70. 

  70. 

  71. echo -n "Checking: TODO/FIXME security items... "
    72. 

  72. if rg -i "TODO.*security|FIXME.*security|HACK.*security" "$DIR" 2>/dev/null | head -5 | grep -q .; then
    73. 

  73.     echo -e "${YELLOW}FOUND${NC}"
    74. 

  74.     rg -i "TODO.*security|FIXME.*security|HACK.*security" "$DIR" 2>/dev/null | head -10
    75. 

  75.     ISSUES=$((ISSUES + 1))
    76. 

  76. else
    77. 

  77.     echo -e "${GREEN}OK${NC}"
    78. 

  78. fi
    79. 

  79. 

  80. echo ""
    81. 

  81. echo "=== Summary ==="
    82. 

  82. if [ $ISSUES -eq 0 ]; then
    83. 

  83.     echo -e "${GREEN}No issues found!${NC}"
    84. 

  84.     exit 0
    85. 

  85. else
    86. 

  86.     echo -e "${RED}Found $ISSUES potential security issues${NC}"
    87. 

  87.     echo "Review the findings above and address any real vulnerabilities."
    88. 

  88.     exit 1
    89. 

  89. fi
    90.