62 lines
1.7 KiB
Bash
62 lines
1.7 KiB
Bash
#!/bin/bash
|
|
# Security Audit Script for AutonetSellCar.com
|
|
# Run: ./scripts/security-audit.sh
|
|
|
|
set -e
|
|
|
|
echo "=========================================="
|
|
echo " Security Audit - $(date '+%Y-%m-%d %H:%M')"
|
|
echo "=========================================="
|
|
|
|
# Colors
|
|
RED='\033[0;31m'
|
|
GREEN='\033[0;32m'
|
|
YELLOW='\033[1;33m'
|
|
NC='\033[0m'
|
|
|
|
CRITICAL=0
|
|
HIGH=0
|
|
|
|
# Frontend audit
|
|
echo -e "\n${YELLOW}[1/2] Frontend (Next.js)${NC}"
|
|
cd frontend
|
|
AUDIT_RESULT=$(npm audit --json 2>/dev/null || true)
|
|
FRONT_CRITICAL=$(echo "$AUDIT_RESULT" | grep -o '"critical":[0-9]*' | head -1 | cut -d: -f2)
|
|
FRONT_HIGH=$(echo "$AUDIT_RESULT" | grep -o '"high":[0-9]*' | head -1 | cut -d: -f2)
|
|
|
|
if [ "${FRONT_CRITICAL:-0}" -gt 0 ] || [ "${FRONT_HIGH:-0}" -gt 0 ]; then
|
|
echo -e "${RED}VULNERABILITIES FOUND:${NC}"
|
|
npm audit --omit=dev 2>/dev/null | grep -A 5 "Severity:"
|
|
CRITICAL=$((CRITICAL + ${FRONT_CRITICAL:-0}))
|
|
HIGH=$((HIGH + ${FRONT_HIGH:-0}))
|
|
else
|
|
echo -e "${GREEN}No critical/high vulnerabilities${NC}"
|
|
fi
|
|
cd ..
|
|
|
|
# Backend audit (pip-audit)
|
|
echo -e "\n${YELLOW}[2/2] Backend (Python)${NC}"
|
|
cd backend
|
|
if command -v pip-audit &> /dev/null; then
|
|
pip-audit 2>/dev/null || echo "pip-audit check complete"
|
|
else
|
|
echo "pip-audit not installed. Run: pip install pip-audit"
|
|
fi
|
|
cd ..
|
|
|
|
# Summary
|
|
echo -e "\n=========================================="
|
|
echo " Summary"
|
|
echo "=========================================="
|
|
if [ "$CRITICAL" -gt 0 ]; then
|
|
echo -e "${RED}CRITICAL: $CRITICAL${NC}"
|
|
fi
|
|
if [ "$HIGH" -gt 0 ]; then
|
|
echo -e "${RED}HIGH: $HIGH${NC}"
|
|
fi
|
|
if [ "$CRITICAL" -eq 0 ] && [ "$HIGH" -eq 0 ]; then
|
|
echo -e "${GREEN}All clear - No critical/high vulnerabilities${NC}"
|
|
fi
|
|
|
|
exit $((CRITICAL + HIGH))
|