64 lines
1.8 KiB
Python
64 lines
1.8 KiB
Python
#!/usr/bin/env python3
|
|
"""Guard IwoooS public frontend text against host/topology leakage.
|
|
|
|
This guard is intentionally static and read-only. It does not connect to any
|
|
runtime host or API; it only prevents public IwoooS copy from exposing internal
|
|
host aliases, LAN endpoints, or working-lane identifiers as product text.
|
|
"""
|
|
|
|
from __future__ import annotations
|
|
|
|
import argparse
|
|
from pathlib import Path
|
|
|
|
|
|
PUBLIC_FILES = [
|
|
Path("apps/web/messages/zh-TW.json"),
|
|
Path("apps/web/messages/en.json"),
|
|
Path("apps/web/src/app/[locale]/iwooos/page.tsx"),
|
|
]
|
|
|
|
FORBIDDEN_FRAGMENTS = [
|
|
"host:",
|
|
"Kali host",
|
|
"Kali 112",
|
|
"kali_112",
|
|
"internal110",
|
|
"security_compliance_s2_110",
|
|
"127.0.0.1",
|
|
"192.168.",
|
|
"raw Wazuh payload",
|
|
"source_thread_id",
|
|
"批准!繼續",
|
|
"P2-110",
|
|
"P2-112",
|
|
]
|
|
|
|
|
|
def validate(root: Path) -> None:
|
|
violations: list[str] = []
|
|
for relative_path in PUBLIC_FILES:
|
|
path = root / relative_path
|
|
text = path.read_text(encoding="utf-8")
|
|
for line_number, line in enumerate(text.splitlines(), start=1):
|
|
for fragment in FORBIDDEN_FRAGMENTS:
|
|
if fragment in line:
|
|
violations.append(f"{relative_path}:{line_number}: forbidden {fragment!r}")
|
|
|
|
if violations:
|
|
formatted = "\n".join(violations[:20])
|
|
raise SystemExit(f"BLOCKED iwooos_frontend_display_redaction:\n{formatted}")
|
|
|
|
|
|
def main() -> int:
|
|
parser = argparse.ArgumentParser(description="Validate IwoooS public frontend display redaction.")
|
|
parser.add_argument("--root", default=".")
|
|
args = parser.parse_args()
|
|
validate(Path(args.root).resolve())
|
|
print("IWOOOS_FRONTEND_DISPLAY_REDACTION_GUARD_OK")
|
|
return 0
|
|
|
|
|
|
if __name__ == "__main__":
|
|
raise SystemExit(main())
|