Hugging Face's logo

Spaces:
JatinAutonomousLabs
/
HonestAI
Paused

App Files Community
HonestAI / scripts /security_check.sh
JatsTheAIGen's picture
JatsTheAIGen
Security Enhancements: Production WSGI, Rate Limiting, Security Headers, Secure Logging
79ea999
raw
history blame contribute delete
2.45 kB
 #!/bin/bash
# Security Check Script
# Validates security configuration and provides security recommendations
set -e
echo "============================================================"
echo "Security Configuration Check"
echo "============================================================"
# Check OMP_NUM_THREADS
if [ -z "$OMP_NUM_THREADS" ]; then
echo "⚠️ WARNING: OMP_NUM_THREADS not set"
elif ! [[ "$OMP_NUM_THREADS" =~ ^[0-9]+$ ]] || [ "$OMP_NUM_THREADS" -le 0 ]; then
echo "❌ ERROR: OMP_NUM_THREADS is invalid: $OMP_NUM_THREADS"
else
echo "✅ OMP_NUM_THREADS: $OMP_NUM_THREADS"
fi
# Check HF_TOKEN
if [ -z "$HF_TOKEN" ]; then
echo "❌ ERROR: HF_TOKEN not set"
else
echo "✅ HF_TOKEN is set"
fi
# Check rate limiting
if [ "$RATE_LIMIT_ENABLED" != "false" ]; then
echo "✅ Rate limiting enabled"
else
echo "⚠️ WARNING: Rate limiting disabled (not recommended for production)"
fi
# Check log directory
if [ -d "$LOG_DIR" ]; then
echo "✅ Log directory exists: $LOG_DIR"
if [ -w "$LOG_DIR" ]; then
echo "✅ Log directory is writable"
else
echo "⚠️ WARNING: Log directory is not writable"
fi
else
echo "⚠️ WARNING: Log directory does not exist: ${LOG_DIR:-/tmp/logs}"
fi
# Check if running with Gunicorn
if pgrep -f "gunicorn" > /dev/null; then
echo "✅ Running with Gunicorn (production server)"
else
if pgrep -f "flask_api_standalone.py" > /dev/null; then
echo "⚠️ WARNING: Running with Flask dev server (not recommended for production)"
else
echo "ℹ️ Application not running"
fi
fi
# Check security headers (if app is running)
if curl -s -I http://localhost:7860/api/health > /dev/null 2>&1; then
echo ""
echo "Checking security headers..."
headers=$(curl -s -I http://localhost:7860/api/health)
required_headers=(
"X-Content-Type-Options"
"X-Frame-Options"
"X-XSS-Protection"
"Strict-Transport-Security"
"Content-Security-Policy"
)
for header in "${required_headers[@]}"; do
if echo "$headers" | grep -qi "$header"; then
echo "✅ $header present"
else
echo "⚠️ WARNING: $header missing"
fi
done
fi
echo ""
echo "============================================================"
echo "Security Check Complete"
echo "============================================================"