Hugging Face's logo

Spaces:
JatinAutonomousLabs
/
HonestAI
Paused

App Files Community
HonestAI / scripts /security_check.sh
JatsTheAIGen's picture
JatsTheAIGen
Security Enhancements: Production WSGI, Rate Limiting, Security Headers, Secure Logging
79ea999
raw
history blame contribute delete
2.45 kB
#!/bin/bash
# Security Check Script
# Validates security configuration and provides security recommendations
set -e
echo "============================================================"
echo "Security Configuration Check"
echo "============================================================"
# Check OMP_NUM_THREADS
if [ -z "$OMP_NUM_THREADS" ]; then
 echo "⚠️ WARNING: OMP_NUM_THREADS not set"
elif ! [[ "$OMP_NUM_THREADS" =~ ^[0-9]+$ ]] || [ "$OMP_NUM_THREADS" -le 0 ]; then
 echo "❌ ERROR: OMP_NUM_THREADS is invalid: $OMP_NUM_THREADS"
else
 echo "✅ OMP_NUM_THREADS: $OMP_NUM_THREADS"
fi
# Check HF_TOKEN
if [ -z "$HF_TOKEN" ]; then
 echo "❌ ERROR: HF_TOKEN not set"
else
 echo "✅ HF_TOKEN is set"
fi
# Check rate limiting
if [ "$RATE_LIMIT_ENABLED" != "false" ]; then
 echo "✅ Rate limiting enabled"
else
 echo "⚠️ WARNING: Rate limiting disabled (not recommended for production)"
fi
# Check log directory
if [ -d "$LOG_DIR" ]; then
 echo "✅ Log directory exists: $LOG_DIR"
 if [ -w "$LOG_DIR" ]; then
 echo "✅ Log directory is writable"
 else
 echo "⚠️ WARNING: Log directory is not writable"
 fi
else
 echo "⚠️ WARNING: Log directory does not exist: ${LOG_DIR:-/tmp/logs}"
fi
# Check if running with Gunicorn
if pgrep -f "gunicorn" > /dev/null; then
 echo "✅ Running with Gunicorn (production server)"
else
 if pgrep -f "flask_api_standalone.py" > /dev/null; then
 echo "⚠️ WARNING: Running with Flask dev server (not recommended for production)"
 else
 echo "ℹ️ Application not running"
 fi
fi
# Check security headers (if app is running)
if curl -s -I http://localhost:7860/api/health > /dev/null 2>&1; then
 echo ""
 echo "Checking security headers..."
 headers=$(curl -s -I http://localhost:7860/api/health)
required_headers=(
 "X-Content-Type-Options"
 "X-Frame-Options"
 "X-XSS-Protection"
 "Strict-Transport-Security"
 "Content-Security-Policy"
 )
for header in "${required_headers[@]}"; do
 if echo "$headers" | grep -qi "$header"; then
 echo "✅ $header present"
 else
 echo "⚠️ WARNING: $header missing"
 fi
 done
fi
echo ""
echo "============================================================"
echo "Security Check Complete"
echo "============================================================"