KNEL/KNELServerBuild
2
0
Fork 0
Code Pull Requests Actions Packages Releases 1 Activity
Files
e3685f68ada7ff8c6a958e55c8fa8e06a9537a32
KNELServerBuild/Project-Tests/security/https-enforcement.sh
ReachableCEO f6acf660f6 Implement comprehensive testing framework and enhance documentation 
- Add Project-Tests directory with complete testing infrastructure
- Create main test runner with JSON reporting and categorized tests
- Implement system validation tests (RAM, disk, network, permissions)
- Add security testing for HTTPS enforcement and deployment methods
- Create unit tests for framework functions and syntax validation
- Add ConfigValidation.sh framework for pre-flight system checks
- Enhance documentation with SECURITY.md and DEPLOYMENT.md guides
- Provide comprehensive testing README with usage instructions

The testing framework validates system compatibility, security configurations,
and deployment requirements before execution, preventing deployment failures
and providing clear error reporting for troubleshooting.

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-07-14 09:35:27 -05:00

143 lines
4.4 KiB
Bash
Executable File
Raw Blame History

#!/bin/bash
# HTTPS Enforcement Security Test
# Validates that all scripts use HTTPS instead of HTTP
set -euo pipefail
PROJECT_ROOT="$(dirname "$(realpath "${BASH_SOURCE[0]}")")/../.."
function test_no_http_urls() {
echo "🔍 Checking for HTTP URLs in scripts..."
local http_violations=0
local script_dirs=("ProjectCode" "Framework-Includes" "Project-Includes")
for dir in "${script_dirs[@]}"; do
if [[ -d "$PROJECT_ROOT/$dir" ]]; then
# Find HTTP URLs in shell scripts (excluding comments)
while IFS= read -r -d '' file; do
if grep -n "http://" "$file" | grep -v "^[[:space:]]*#" | grep -v "schema.org" | grep -v "xmlns"; then
echo "❌ HTTP URL found in: $file"
((http_violations++))
fi
done < <(find "$PROJECT_ROOT/$dir" -name "*.sh" -type f -print0)
fi
done
if [[ $http_violations -eq 0 ]]; then
echo "✅ No HTTP URLs found in active scripts"
return 0
else
echo "❌ Found $http_violations HTTP URL violations"
return 1
fi
}
function test_https_urls_valid() {
echo "🔍 Validating HTTPS URLs are accessible..."
local script_dirs=("ProjectCode" "Framework-Includes" "Project-Includes")
local https_failures=0
# Extract HTTPS URLs from scripts
for dir in "${script_dirs[@]}"; do
if [[ -d "$PROJECT_ROOT/$dir" ]]; then
while IFS= read -r -d '' file; do
# Extract HTTPS URLs from non-comment lines
grep -o "https://[^[:space:]\"']*" "$file" | grep -v "schema.org" | while read -r url; do
# Test connectivity with timeout
if timeout 30 curl -s --head --fail "$url" >/dev/null 2>&1; then
echo "✅ HTTPS URL accessible: $url"
else
echo "❌ HTTPS URL not accessible: $url"
((https_failures++))
fi
done
done < <(find "$PROJECT_ROOT/$dir" -name "*.sh" -type f -print0)
fi
done
return $https_failures
}
function test_ssl_certificate_validation() {
echo "🔍 Testing SSL certificate validation..."
local test_urls=(
"https://archive.ubuntu.com"
"https://linux.dell.com"
"https://download.proxmox.com"
)
local ssl_failures=0
for url in "${test_urls[@]}"; do
# Test with strict SSL verification
if curl -s --fail --ssl-reqd --cert-status "$url" >/dev/null 2>&1; then
echo "✅ SSL certificate valid: $url"
else
echo "❌ SSL certificate validation failed: $url"
((ssl_failures++))
fi
done
return $ssl_failures
}
function test_deployment_security() {
echo "🔍 Testing deployment method security..."
local readme_file="$PROJECT_ROOT/README.md"
if [[ -f "$readme_file" ]]; then
# Check for insecure curl | bash patterns
if grep -q "curl.*|.*bash" "$readme_file" || grep -q "wget.*|.*bash" "$readme_file"; then
echo "❌ Insecure deployment method found in README.md"
return 1
else
echo "✅ Secure deployment method in README.md"
fi
# Check for git clone method
if grep -q "git clone" "$readme_file"; then
echo "✅ Git clone deployment method found"
return 0
else
echo "⚠️ No git clone method found in README.md"
return 1
fi
else
echo "❌ README.md not found"
return 1
fi
}
# Main test execution
function main() {
echo "🔒 Running HTTPS Enforcement Security Tests"
echo "=========================================="
local total_failures=0
# Run all security tests
test_no_http_urls || ((total_failures++))
test_https_urls_valid || ((total_failures++))
test_ssl_certificate_validation || ((total_failures++))
test_deployment_security || ((total_failures++))
echo "=========================================="
if [[ $total_failures -eq 0 ]]; then
echo "✅ All HTTPS enforcement security tests passed"
exit 0
else
echo "$total_failures HTTPS enforcement security tests failed"
exit 1
fi
}
# Run main if executed directly
if [[ "${BASH_SOURCE[0]}" == "${0}" ]]; then
main "$@"
fi
View Git Blame Copy Permalink