#!/bin/bash # # Test Script for Security Setup Flow # This simulates the full setup process without modifying real files # set -e SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" cd "$SCRIPT_DIR" # Colors GREEN='\033[0;32m' YELLOW='\033[1;33m' BLUE='\033[0;34m' RED='\033[0;31m' BOLD='\033[1m' NC='\033[0m' echo -e "${BLUE}╔════════════════════════════════════════════════════════════════════════╗${NC}" echo -e "${BLUE}║${NC} ${BOLD}Testing Security Setup Scripts${NC} ${BLUE}║${NC}" echo -e "${BLUE}╚════════════════════════════════════════════════════════════════════════╝${NC}" echo "" # Test 1: Check script files exist and are executable echo -e "${BOLD}Test 1: Script File Validation${NC}" echo "" scripts=( "android/setup-api-key.sh" "scripts/update-api-keys.sh" ) for script in "${scripts[@]}"; do if [ -f "$script" ]; then if [ -x "$script" ]; then echo -e " ${GREEN}✅ $script (executable)${NC}" else echo -e " ${YELLOW}⚠️ $script (not executable, fixing...)${NC}" chmod +x "$script" echo -e " ${GREEN}✅ Fixed permissions${NC}" fi else echo -e " ${RED}❌ $script not found${NC}" exit 1 fi done echo "" # Test 2: Syntax validation echo -e "${BOLD}Test 2: Bash Syntax Validation${NC}" echo "" for script in "${scripts[@]}"; do if bash -n "$script" 2>&1; then echo -e " ${GREEN}✅ $script syntax valid${NC}" else echo -e " ${RED}❌ $script has syntax errors${NC}" exit 1 fi done echo "" # Test 3: Check .env file echo -e "${BOLD}Test 3: Environment Configuration${NC}" echo "" if [ -f ".env" ]; then echo -e " ${GREEN}✅ .env file exists${NC}" # Check for required keys required_keys=("SECRET_KEY" "ADMIN_API_KEY" "USER_API_KEY" "PHONE_IP") for key in "${required_keys[@]}"; do if grep -q "^${key}=" ".env" 2>/dev/null; then echo -e " ${GREEN}✅ $key configured${NC}" else echo -e " ${YELLOW}⚠️ $key not found (may need configuration)${NC}" fi done else echo -e " ${YELLOW}⚠️ .env file not found${NC}" echo -e " ${BLUE}ℹ️ Will be created during setup${NC}" fi echo "" # Test 4: Test API key generation echo -e "${BOLD}Test 4: API Key Generation${NC}" echo "" if command -v python3 &> /dev/null; then TEST_KEY=$(python3 -c "import secrets; print(secrets.token_hex(32))" 2>&1) if [ $? -eq 0 ]; then echo -e " ${GREEN}✅ Python3 key generation works${NC}" echo -e " ${BLUE}ℹ️ Sample key: ${TEST_KEY:0:16}...${NC}" # Validate key format if [[ "$TEST_KEY" =~ ^[a-f0-9]{64}$ ]]; then echo -e " ${GREEN}✅ Key format correct (64 hex chars)${NC}" else echo -e " ${RED}❌ Key format incorrect${NC}" exit 1 fi else echo -e " ${RED}❌ Python3 key generation failed${NC}" exit 1 fi else echo -e " ${RED}❌ Python3 not found${NC}" exit 1 fi echo "" # Test 5: Docker configuration echo -e "${BOLD}Test 5: Docker Configuration Security${NC}" echo "" if [ -f "docker-compose.yml" ]; then echo -e " ${GREEN}✅ docker-compose.yml exists${NC}" # Check that privileged mode is NOT set if grep -q "privileged: true" "docker-compose.yml"; then echo -e " ${RED}❌ WARNING: Container still in privileged mode!${NC}" echo -e " ${YELLOW} This should have been removed${NC}" else echo -e " ${GREEN}✅ Container not in privileged mode${NC}" fi # Check that host networking is NOT set if grep -q "network_mode: host" "docker-compose.yml"; then echo -e " ${RED}❌ WARNING: Still using host networking!${NC}" echo -e " ${YELLOW} This should have been removed${NC}" else echo -e " ${GREEN}✅ Container using isolated networking${NC}" fi else echo -e " ${RED}❌ docker-compose.yml not found${NC}" exit 1 fi echo "" # Test 6: Check Termux server security echo -e "${BOLD}Test 6: Termux Server Security Validation${NC}" echo "" TERMUX_SERVER="android/termux-sms-api-server.py" if [ -f "$TERMUX_SERVER" ]; then echo -e " ${GREEN}✅ Termux server file exists${NC}" # Check that weak default was removed if grep -q "'SECRET_KEY': os.environ.get('SMS_API_SECRET', 'termux-sms-campaign-2025')" "$TERMUX_SERVER"; then echo -e " ${RED}❌ WARNING: Weak default secret still present!${NC}" else echo -e " ${GREEN}✅ Weak default secret removed${NC}" fi # Check for startup validation if grep -q "if not CONFIG\['SECRET_KEY'\]:" "$TERMUX_SERVER"; then echo -e " ${GREEN}✅ Startup validation added${NC}" else echo -e " ${YELLOW}⚠️ Startup validation not found${NC}" fi # Check for command injection fix if grep -q "shell=True" "$TERMUX_SERVER"; then echo -e " ${YELLOW}⚠️ shell=True still present (check if safe)${NC}" else echo -e " ${GREEN}✅ No shell=True usage found${NC}" fi else echo -e " ${RED}❌ Termux server not found${NC}" exit 1 fi echo "" # Summary echo -e "${BLUE}╔════════════════════════════════════════════════════════════════════════╗${NC}" echo -e "${BLUE}║${NC} ${BOLD}Test Summary${NC} ${BLUE}║${NC}" echo -e "${BLUE}╠════════════════════════════════════════════════════════════════════════╣${NC}" echo -e "${BLUE}║${NC} ${GREEN}✅ All automated tests passed${NC} ${BLUE}║${NC}" echo -e "${BLUE}║${NC} ${GREEN}✅ Scripts are ready for manual testing${NC} ${BLUE}║${NC}" echo -e "${BLUE}║${NC} ${BLUE}║${NC}" echo -e "${BLUE}║${NC} ${BOLD}Next Steps:${NC} ${BLUE}║${NC}" echo -e "${BLUE}║${NC} ${YELLOW}1.${NC} Test on Android device ${BLUE}║${NC}" echo -e "${BLUE}║${NC} ${YELLOW}2.${NC} Test Ubuntu script with manual key entry ${BLUE}║${NC}" echo -e "${BLUE}║${NC} ${YELLOW}3.${NC} Verify end-to-end integration ${BLUE}║${NC}" echo -e "${BLUE}╚════════════════════════════════════════════════════════════════════════╝${NC}" echo ""