admin/campaign_connector
1
0
Fork 0
Code Issues 2 Pull Requests Actions Packages Projects Releases Wiki Activity
campaign_connector/test-setup-flow.sh
admin 30c2cfeba5 feat(security): Implement comprehensive security fixes and enhancements 
- Added Security Handoff Report detailing resolved issues and current configurations.
- Implemented CSRF protection using Flask-WTF, including token management in templates and JavaScript.
- Created standardized error handling module to log detailed errors while returning generic messages.
- Developed phone number validation module to ensure compliance with E.164 standards.
- Added CSV injection prevention measures during file uploads.
- Updated installation guide for clarity and completeness.
- Created script to update API keys from Android device, ensuring secure key management.
- Enhanced Docker security configurations to remove privileged mode and host networking.
- Implemented logging and sanitization for error messages to prevent information disclosure.
- Added verification script to test security setup flow and validate configurations.
2026-01-01 17:18:50 -07:00

195 lines
7.1 KiB
Bash
Executable File
Raw Permalink Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

#!/bin/bash
#
# Test Script for Security Setup Flow
# This simulates the full setup process without modifying real files
#
set -e
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
cd "$SCRIPT_DIR"
# Colors
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
BLUE='\033[0;34m'
RED='\033[0;31m'
BOLD='\033[1m'
NC='\033[0m'
echo -e "${BLUE}╔════════════════════════════════════════════════════════════════════════╗${NC}"
echo -e "${BLUE}${NC} ${BOLD}Testing Security Setup Scripts${NC} ${BLUE}${NC}"
echo -e "${BLUE}╚════════════════════════════════════════════════════════════════════════╝${NC}"
echo ""
# Test 1: Check script files exist and are executable
echo -e "${BOLD}Test 1: Script File Validation${NC}"
echo ""
scripts=(
"android/setup-api-key.sh"
"scripts/update-api-keys.sh"
)
for script in "${scripts[@]}"; do
if [ -f "$script" ]; then
if [ -x "$script" ]; then
echo -e " ${GREEN}$script (executable)${NC}"
else
echo -e " ${YELLOW}⚠️ $script (not executable, fixing...)${NC}"
chmod +x "$script"
echo -e " ${GREEN}✅ Fixed permissions${NC}"
fi
else
echo -e " ${RED}$script not found${NC}"
exit 1
fi
done
echo ""
# Test 2: Syntax validation
echo -e "${BOLD}Test 2: Bash Syntax Validation${NC}"
echo ""
for script in "${scripts[@]}"; do
if bash -n "$script" 2>&1; then
echo -e " ${GREEN}$script syntax valid${NC}"
else
echo -e " ${RED}$script has syntax errors${NC}"
exit 1
fi
done
echo ""
# Test 3: Check .env file
echo -e "${BOLD}Test 3: Environment Configuration${NC}"
echo ""
if [ -f ".env" ]; then
echo -e " ${GREEN}✅ .env file exists${NC}"
# Check for required keys
required_keys=("SECRET_KEY" "ADMIN_API_KEY" "USER_API_KEY" "PHONE_IP")
for key in "${required_keys[@]}"; do
if grep -q "^${key}=" ".env" 2>/dev/null; then
echo -e " ${GREEN}$key configured${NC}"
else
echo -e " ${YELLOW}⚠️ $key not found (may need configuration)${NC}"
fi
done
else
echo -e " ${YELLOW}⚠️ .env file not found${NC}"
echo -e " ${BLUE} Will be created during setup${NC}"
fi
echo ""
# Test 4: Test API key generation
echo -e "${BOLD}Test 4: API Key Generation${NC}"
echo ""
if command -v python3 &> /dev/null; then
TEST_KEY=$(python3 -c "import secrets; print(secrets.token_hex(32))" 2>&1)
if [ $? -eq 0 ]; then
echo -e " ${GREEN}✅ Python3 key generation works${NC}"
echo -e " ${BLUE} Sample key: ${TEST_KEY:0:16}...${NC}"
# Validate key format
if [[ "$TEST_KEY" =~ ^[a-f0-9]{64}$ ]]; then
echo -e " ${GREEN}✅ Key format correct (64 hex chars)${NC}"
else
echo -e " ${RED}❌ Key format incorrect${NC}"
exit 1
fi
else
echo -e " ${RED}❌ Python3 key generation failed${NC}"
exit 1
fi
else
echo -e " ${RED}❌ Python3 not found${NC}"
exit 1
fi
echo ""
# Test 5: Docker configuration
echo -e "${BOLD}Test 5: Docker Configuration Security${NC}"
echo ""
if [ -f "docker-compose.yml" ]; then
echo -e " ${GREEN}✅ docker-compose.yml exists${NC}"
# Check that privileged mode is NOT set
if grep -q "privileged: true" "docker-compose.yml"; then
echo -e " ${RED}❌ WARNING: Container still in privileged mode!${NC}"
echo -e " ${YELLOW} This should have been removed${NC}"
else
echo -e " ${GREEN}✅ Container not in privileged mode${NC}"
fi
# Check that host networking is NOT set
if grep -q "network_mode: host" "docker-compose.yml"; then
echo -e " ${RED}❌ WARNING: Still using host networking!${NC}"
echo -e " ${YELLOW} This should have been removed${NC}"
else
echo -e " ${GREEN}✅ Container using isolated networking${NC}"
fi
else
echo -e " ${RED}❌ docker-compose.yml not found${NC}"
exit 1
fi
echo ""
# Test 6: Check Termux server security
echo -e "${BOLD}Test 6: Termux Server Security Validation${NC}"
echo ""
TERMUX_SERVER="android/termux-sms-api-server.py"
if [ -f "$TERMUX_SERVER" ]; then
echo -e " ${GREEN}✅ Termux server file exists${NC}"
# Check that weak default was removed
if grep -q "'SECRET_KEY': os.environ.get('SMS_API_SECRET', 'termux-sms-campaign-2025')" "$TERMUX_SERVER"; then
echo -e " ${RED}❌ WARNING: Weak default secret still present!${NC}"
else
echo -e " ${GREEN}✅ Weak default secret removed${NC}"
fi
# Check for startup validation
if grep -q "if not CONFIG\['SECRET_KEY'\]:" "$TERMUX_SERVER"; then
echo -e " ${GREEN}✅ Startup validation added${NC}"
else
echo -e " ${YELLOW}⚠️ Startup validation not found${NC}"
fi
# Check for command injection fix
if grep -q "shell=True" "$TERMUX_SERVER"; then
echo -e " ${YELLOW}⚠️ shell=True still present (check if safe)${NC}"
else
echo -e " ${GREEN}✅ No shell=True usage found${NC}"
fi
else
echo -e " ${RED}❌ Termux server not found${NC}"
exit 1
fi
echo ""
# Summary
echo -e "${BLUE}╔════════════════════════════════════════════════════════════════════════╗${NC}"
echo -e "${BLUE}${NC} ${BOLD}Test Summary${NC} ${BLUE}${NC}"
echo -e "${BLUE}╠════════════════════════════════════════════════════════════════════════╣${NC}"
echo -e "${BLUE}${NC} ${GREEN}✅ All automated tests passed${NC} ${BLUE}${NC}"
echo -e "${BLUE}${NC} ${GREEN}✅ Scripts are ready for manual testing${NC} ${BLUE}${NC}"
echo -e "${BLUE}${NC} ${BLUE}${NC}"
echo -e "${BLUE}${NC} ${BOLD}Next Steps:${NC} ${BLUE}${NC}"
echo -e "${BLUE}${NC} ${YELLOW}1.${NC} Test on Android device ${BLUE}${NC}"
echo -e "${BLUE}${NC} ${YELLOW}2.${NC} Test Ubuntu script with manual key entry ${BLUE}${NC}"
echo -e "${BLUE}${NC} ${YELLOW}3.${NC} Verify end-to-end integration ${BLUE}${NC}"
echo -e "${BLUE}╚════════════════════════════════════════════════════════════════════════╝${NC}"
echo ""
Reference in New Issue View Git Blame Copy Permalink