curo/Business-Management
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add test user seed, password validation, and pre-commit security hook

Browse Source 
- backend/scripts/seed.py: creates test@example.com on dev startup
- backend/scripts/start_dev.sh: runs migrations + seed + uvicorn --reload
- backend/app/schemas/user.py: password validator (length, case, digit, special char, forbidden words)
- scripts/security_check.py: Docker-based scanner for secrets, dangerous patterns, weak crypto, bandit
- .githooks/pre-commit: runs security_check.py in python:3.12-slim on every commit

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
curo1305
2026-04-12 15:54:23 +02:00
parent 2351b489fe
commit 61cef2eacd
9 changed files with 323 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
changelog/2026-04-12_security-validation.md
+22
View File
@@ -0,0 +1,22 @@
# 2026-04-12 — Test user, password validation, security hook
**Timestamp:** 2026-04-12T14:10:00
## Summary
Added dev seed user, password strength validation, and a Docker-based pre-commit security check hook.
## Files Added
- `backend/scripts/seed.py` — async script that creates `test@example.com / Test123!` if it doesn't exist; safe to run multiple times
- `backend/scripts/start_dev.sh` — dev container entrypoint: runs `alembic upgrade head` → seed → uvicorn --reload
- `scripts/security_check.py` — security scanner: checks staged files for hardcoded secrets, dangerous patterns (eval/exec/shell=True/pickle), weak crypto (MD5/SHA1/DES), SQL injection risk, debug flags; also runs `bandit` on Python files
- `.githooks/pre-commit` — git hook that runs `security_check.py` inside `python:3.12-slim` Docker container; activated via `git config core.hooksPath .githooks`
- `changelog/2026-04-12_security-validation.md` — this file
## Files Modified
- `backend/app/schemas/user.py` — added `_validate_password` with: min 8 chars, uppercase, lowercase, digit, special char, word-boundary check against ~40 forbidden common words; `UserCreate.password_strength` field validator
- `docker-compose.dev.yml` — backend command changed from bare `uvicorn` to `sh scripts/start_dev.sh`
- `CLAUDE.md` — added Security hook section documenting what the hook checks and how to activate it on new clones
- `README.md` — updated Current State to mention test user, password policy, security hook