1b4f3a7bbe
Some checks failed
CD Pipeline / deploy (push) Failing after 59s
- 建立 Gitea Actions CD pipeline (.gitea/workflows/cd.yaml) - 部署模式: rsync Python 檔案至 188 → docker restart (volume mount) - Dockerfile/requirements 變動時自動重建 Docker image - 部署通知: Telegram (開始/成功/失敗) - 健康檢查: https://mo.wooo.work/health (最多 5 次重試) - 同步最新 CLAUDE.md / ADR-008 / memory (2026-04-19) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
248 lines
7.7 KiB
Bash
Executable File
248 lines
7.7 KiB
Bash
Executable File
#!/bin/bash
|
|
# ============================================================
|
|
# MOMO 監控系統 - 安全修復驗證測試套件
|
|
# ============================================================
|
|
|
|
# 顏色定義
|
|
GREEN='\033[0;32m'
|
|
RED='\033[0;31m'
|
|
YELLOW='\033[1;33m'
|
|
BLUE='\033[0;34m'
|
|
NC='\033[0m' # No Color
|
|
|
|
# 測試計數
|
|
PASSED=0
|
|
FAILED=0
|
|
|
|
echo "============================================================"
|
|
echo "MOMO 監控系統 - 安全修復驗證測試"
|
|
echo "============================================================"
|
|
echo ""
|
|
|
|
# ============================================================
|
|
# 1. 環境變數測試
|
|
# ============================================================
|
|
echo -e "${BLUE}【測試 1】環境變數與憑證管理${NC}"
|
|
echo "------------------------------------------------------------"
|
|
|
|
# 測試 1.1: 檢查 .env 是否被 gitignore
|
|
echo -n "1.1 檢查 .env 是否被 gitignore ... "
|
|
if git check-ignore .env > /dev/null 2>&1; then
|
|
echo -e "${GREEN}✅ 通過${NC}"
|
|
((PASSED++))
|
|
else
|
|
echo -e "${RED}❌ 失敗${NC}"
|
|
((FAILED++))
|
|
fi
|
|
|
|
# 測試 1.2: 檢查 config.py 是否移除硬編碼憑證
|
|
echo -n "1.2 檢查 config.py 無硬編碼憑證 ... "
|
|
if ! grep -qE "8075645931|jopokbhdpnnborjd|36e27NM5V7s" config.py 2>/dev/null; then
|
|
echo -e "${GREEN}✅ 通過${NC}"
|
|
((PASSED++))
|
|
else
|
|
echo -e "${RED}❌ 失敗 (發現硬編碼憑證)${NC}"
|
|
((FAILED++))
|
|
fi
|
|
|
|
# 測試 1.3: 檢查環境變數是否正確載入
|
|
echo -n "1.3 檢查環境變數載入 ... "
|
|
if python3 -c "from config import LOGIN_PASSWORD, TELEGRAM_BOT_TOKEN; assert LOGIN_PASSWORD and isinstance(TELEGRAM_BOT_TOKEN, str)" 2>/dev/null; then
|
|
echo -e "${GREEN}✅ 通過${NC}"
|
|
((PASSED++))
|
|
else
|
|
echo -e "${RED}❌ 失敗${NC}"
|
|
((FAILED++))
|
|
fi
|
|
|
|
echo ""
|
|
|
|
# ============================================================
|
|
# 2. SQL 注入防護測試
|
|
# ============================================================
|
|
echo -e "${BLUE}【測試 2】SQL 注入防護${NC}"
|
|
echo "------------------------------------------------------------"
|
|
|
|
echo -n "2.1 執行 SQL 注入防護測試 ... "
|
|
if python3 test_sql_security.py > /tmp/sql_test.log 2>&1; then
|
|
echo -e "${GREEN}✅ 通過${NC}"
|
|
((PASSED++))
|
|
else
|
|
echo -e "${RED}❌ 失敗${NC}"
|
|
echo " 詳細日誌: /tmp/sql_test.log"
|
|
((FAILED++))
|
|
fi
|
|
|
|
echo ""
|
|
|
|
# ============================================================
|
|
# 3. 路徑遍歷防護測試
|
|
# ============================================================
|
|
echo -e "${BLUE}【測試 3】路徑遍歷防護${NC}"
|
|
echo "------------------------------------------------------------"
|
|
|
|
echo -n "3.1 執行路徑遍歷防護測試 ... "
|
|
if python3 test_path_traversal.py > /tmp/path_test.log 2>&1; then
|
|
echo -e "${GREEN}✅ 通過${NC}"
|
|
((PASSED++))
|
|
else
|
|
echo -e "${RED}❌ 失敗${NC}"
|
|
echo " 詳細日誌: /tmp/path_test.log"
|
|
((FAILED++))
|
|
fi
|
|
|
|
echo ""
|
|
|
|
# ============================================================
|
|
# 4. 檔案上傳驗證測試
|
|
# ============================================================
|
|
echo -e "${BLUE}【測試 4】檔案上傳驗證${NC}"
|
|
echo "------------------------------------------------------------"
|
|
|
|
echo -n "4.1 執行檔案上傳驗證測試 ... "
|
|
if python3 test_file_upload.py > /tmp/upload_test.log 2>&1; then
|
|
echo -e "${GREEN}✅ 通過${NC}"
|
|
((PASSED++))
|
|
else
|
|
echo -e "${RED}❌ 失敗${NC}"
|
|
echo " 詳細日誌: /tmp/upload_test.log"
|
|
((FAILED++))
|
|
fi
|
|
|
|
echo ""
|
|
|
|
# ============================================================
|
|
# 5. CSRF 防護檢查
|
|
# ============================================================
|
|
echo -e "${BLUE}【測試 5】CSRF 防護檢查${NC}"
|
|
echo "------------------------------------------------------------"
|
|
|
|
# 測試 5.1: 檢查 Flask-WTF 是否已安裝
|
|
echo -n "5.1 檢查 Flask-WTF 套件 ... "
|
|
if python3 -c "import flask_wtf" 2>/dev/null; then
|
|
echo -e "${GREEN}✅ 通過${NC}"
|
|
((PASSED++))
|
|
else
|
|
echo -e "${RED}❌ 失敗 (未安裝 Flask-WTF)${NC}"
|
|
((FAILED++))
|
|
fi
|
|
|
|
# 測試 5.2: 檢查 HTML 檔案是否包含 CSRF token (meta tag 或 hidden input)
|
|
echo -n "5.2 檢查 HTML 檔案包含 CSRF token ... "
|
|
CSRF_COUNT=$(grep -l 'csrf-token\|csrf_token' *.html 2>/dev/null | wc -l)
|
|
if [ "$CSRF_COUNT" -ge 5 ]; then
|
|
echo -e "${GREEN}✅ 通過 (找到 $CSRF_COUNT 個檔案)${NC}"
|
|
((PASSED++))
|
|
else
|
|
echo -e "${RED}❌ 失敗 (只找到 $CSRF_COUNT 個檔案)${NC}"
|
|
((FAILED++))
|
|
fi
|
|
|
|
echo ""
|
|
|
|
# ============================================================
|
|
# 6. 登入驗證強化檢查
|
|
# ============================================================
|
|
echo -e "${BLUE}【測試 6】登入驗證強化${NC}"
|
|
echo "------------------------------------------------------------"
|
|
|
|
# 測試 6.1: 檢查 auth.py 是否包含帳號鎖定機制
|
|
echo -n "6.1 檢查帳號鎖定機制 ... "
|
|
if grep -q "LOGIN_ATTEMPTS" auth.py && grep -q "LOCKOUT_DURATION" auth.py; then
|
|
echo -e "${GREEN}✅ 通過${NC}"
|
|
((PASSED++))
|
|
else
|
|
echo -e "${RED}❌ 失敗${NC}"
|
|
((FAILED++))
|
|
fi
|
|
|
|
# 測試 6.2: 檢查是否支援密碼雜湊
|
|
echo -n "6.2 檢查密碼雜湊支援 ... "
|
|
if grep -q "check_password_hash" auth.py && grep -q "pbkdf2:sha256" auth.py; then
|
|
echo -e "${GREEN}✅ 通過${NC}"
|
|
((PASSED++))
|
|
else
|
|
echo -e "${RED}❌ 失敗${NC}"
|
|
((FAILED++))
|
|
fi
|
|
|
|
# 測試 6.3: 檢查密碼生成工具是否存在
|
|
echo -n "6.3 檢查密碼雜湊生成工具 ... "
|
|
if [ -f "generate_password_hash.py" ]; then
|
|
echo -e "${GREEN}✅ 通過${NC}"
|
|
((PASSED++))
|
|
else
|
|
echo -e "${RED}❌ 失敗${NC}"
|
|
((FAILED++))
|
|
fi
|
|
|
|
echo ""
|
|
|
|
# ============================================================
|
|
# 7. 安全配置檢查
|
|
# ============================================================
|
|
echo -e "${BLUE}【測試 7】Flask 安全配置${NC}"
|
|
echo "------------------------------------------------------------"
|
|
|
|
# 測試 7.1: 檢查 Session 安全配置
|
|
echo -n "7.1 檢查 Session 安全配置 ... "
|
|
if grep -q "SESSION_COOKIE_HTTPONLY" app.py && grep -q "SESSION_COOKIE_SAMESITE" app.py; then
|
|
echo -e "${GREEN}✅ 通過${NC}"
|
|
((PASSED++))
|
|
else
|
|
echo -e "${RED}❌ 失敗${NC}"
|
|
((FAILED++))
|
|
fi
|
|
|
|
# 測試 7.2: 檢查檔案大小限制
|
|
echo -n "7.2 檢查檔案上傳大小限制 ... "
|
|
if grep -q "MAX_CONTENT_LENGTH" app.py; then
|
|
echo -e "${GREEN}✅ 通過${NC}"
|
|
((PASSED++))
|
|
else
|
|
echo -e "${RED}❌ 失敗${NC}"
|
|
((FAILED++))
|
|
fi
|
|
|
|
echo ""
|
|
|
|
# ============================================================
|
|
# 測試結果摘要
|
|
# ============================================================
|
|
echo "============================================================"
|
|
echo "測試結果摘要"
|
|
echo "============================================================"
|
|
echo -e "通過: ${GREEN}$PASSED${NC}"
|
|
echo -e "失敗: ${RED}$FAILED${NC}"
|
|
echo "總計: $((PASSED + FAILED))"
|
|
echo ""
|
|
|
|
# 顯示詳細測試日誌位置
|
|
if [ $FAILED -gt 0 ]; then
|
|
echo -e "${YELLOW}詳細測試日誌:${NC}"
|
|
echo " - SQL 測試: /tmp/sql_test.log"
|
|
echo " - 路徑遍歷測試: /tmp/path_test.log"
|
|
echo " - 檔案上傳測試: /tmp/upload_test.log"
|
|
echo ""
|
|
fi
|
|
|
|
# 計算通過率
|
|
PASS_RATE=$((PASSED * 100 / (PASSED + FAILED)))
|
|
|
|
echo "============================================================"
|
|
if [ $FAILED -eq 0 ]; then
|
|
echo -e "${GREEN}🎉 所有測試通過!安全修復驗證成功!${NC}"
|
|
echo "============================================================"
|
|
exit 0
|
|
else
|
|
echo -e "${RED}⚠️ 有 $FAILED 個測試失敗 (通過率: ${PASS_RATE}%)${NC}"
|
|
echo "============================================================"
|
|
echo ""
|
|
echo "建議採取的行動:"
|
|
echo " 1. 查看上方詳細測試日誌"
|
|
echo " 2. 修復失敗的測試項目"
|
|
echo " 3. 重新執行測試腳本"
|
|
echo ""
|
|
exit 1
|
|
fi
|