HonestAI

Paused

App Files Files Community

HonestAI / scripts /security_check.sh

JatsTheAIGen

Security Enhancements: Production WSGI, Rate Limiting, Security Headers, Secure Logging

79ea999 4 months ago

raw

history blame

2.45 kB

	#!/bin/bash
	# Security Check Script
	# Validates security configuration and provides security recommendations

	set -e

	echo "============================================================"
	echo "Security Configuration Check"
	echo "============================================================"

	# Check OMP_NUM_THREADS
	if [ -z "$OMP_NUM_THREADS" ]; then
	echo "⚠️ WARNING: OMP_NUM_THREADS not set"
	elif ! [[ "$OMP_NUM_THREADS" =~ ^[0-9]+$ ]] \|\| [ "$OMP_NUM_THREADS" -le 0 ]; then
	echo "❌ ERROR: OMP_NUM_THREADS is invalid: $OMP_NUM_THREADS"
	else
	echo "✅ OMP_NUM_THREADS: $OMP_NUM_THREADS"
	fi

	# Check HF_TOKEN
	if [ -z "$HF_TOKEN" ]; then
	echo "❌ ERROR: HF_TOKEN not set"
	else
	echo "✅ HF_TOKEN is set"
	fi

	# Check rate limiting
	if [ "$RATE_LIMIT_ENABLED" != "false" ]; then
	echo "✅ Rate limiting enabled"
	else
	echo "⚠️ WARNING: Rate limiting disabled (not recommended for production)"
	fi

	# Check log directory
	if [ -d "$LOG_DIR" ]; then
	echo "✅ Log directory exists: $LOG_DIR"
	if [ -w "$LOG_DIR" ]; then
	echo "✅ Log directory is writable"
	else
	echo "⚠️ WARNING: Log directory is not writable"
	fi
	else
	echo "⚠️ WARNING: Log directory does not exist: ${LOG_DIR:-/tmp/logs}"
	fi

	# Check if running with Gunicorn
	if pgrep -f "gunicorn" > /dev/null; then
	echo "✅ Running with Gunicorn (production server)"
	else
	if pgrep -f "flask_api_standalone.py" > /dev/null; then
	echo "⚠️ WARNING: Running with Flask dev server (not recommended for production)"
	else
	echo "ℹ️ Application not running"
	fi
	fi

	# Check security headers (if app is running)
	if curl -s -I http://localhost:7860/api/health > /dev/null 2>&1; then
	echo ""
	echo "Checking security headers..."
	headers=$(curl -s -I http://localhost:7860/api/health)

	required_headers=(
	"X-Content-Type-Options"
	"X-Frame-Options"
	"X-XSS-Protection"
	"Strict-Transport-Security"
	"Content-Security-Policy"
	)

	for header in "${required_headers[@]}"; do
	if echo "$headers" \| grep -qi "$header"; then
	echo "✅ $header present"
	else
	echo "⚠️ WARNING: $header missing"
	fi
	done
	fi

	echo ""
	echo "============================================================"
	echo "Security Check Complete"
	echo "============================================================"