Add test user seed, password validation, and pre-commit security hook
- backend/scripts/seed.py: creates test@example.com on dev startup - backend/scripts/start_dev.sh: runs migrations + seed + uvicorn --reload - backend/app/schemas/user.py: password validator (length, case, digit, special char, forbidden words) - scripts/security_check.py: Docker-based scanner for secrets, dangerous patterns, weak crypto, bandit - .githooks/pre-commit: runs security_check.py in python:3.12-slim on every commit Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
curo1305
@@ -92,6 +92,20 @@ Browser → Vite dev server (:5173)
|
||||
|
||||
Always run `git push` immediately after every `git commit`.
|
||||
|
||||
## Security hook
|
||||
|
||||
A pre-commit hook lives in `.githooks/pre-commit` and runs `scripts/security_check.py` inside a Docker container. It is registered via `git config core.hooksPath .githooks` (already set in this repo).
|
||||
|
||||
The hook checks staged files for:
|
||||
- Hardcoded credentials / secrets
|
||||
- Dangerous patterns (`eval`, `exec`, `shell=True`, `pickle`)
|
||||
- Weak cryptography (MD5, SHA1, DES)
|
||||
- SQL injection risk
|
||||
- Debug flags left in code
|
||||
- `bandit` static analysis on all Python files
|
||||
|
||||
New clones must run `git config core.hooksPath .githooks` to activate the hook.
|
||||
|
||||
## Changelog convention
|
||||
|
||||
Every time files are added or modified, append an entry to the relevant file in `changelog/` (one file per date, named `YYYY-MM-DD_<slug>.md`). If a file for today already exists, append to it rather than creating a new one.
|
||||
|
||||
Reference in New Issue
Block a user