use std::process::Command;
fn main() {
println!("๐ AuthFramework v0.4.0 Security Audit");
println!("=====================================\n");
check_hardcoded_secrets();
check_security_configs();
check_auth_flows();
check_encryption_standards();
check_sql_injection_protection();
check_input_sanitization();
println!("\nโ
Security Audit Complete");
}
fn check_hardcoded_secrets() {
println!("๐ Checking for hardcoded secrets...");
let patterns = vec![
"secret.*=.*\"[a-zA-Z0-9]+\"",
"password.*=.*\"[a-zA-Z0-9]+\"",
"key.*=.*\"[a-zA-Z0-9]+\"",
"token.*=.*\"[a-zA-Z0-9]+\"",
];
for pattern in patterns {
let output = Command::new("grep")
.args(["-r", "-i", "--include=*.rs", pattern, "src/"])
.output();
match output {
Ok(result) => {
if !result.stdout.is_empty() {
println!("โ ๏ธ Potential hardcoded secret found: {}", pattern);
println!("{}", String::from_utf8_lossy(&result.stdout));
}
}
Err(_) => println!(" Could not check pattern: {}", pattern),
}
}
println!("โ
Hardcoded secrets check complete\n");
}
fn check_security_configs() {
println!("๐ก๏ธ Checking security configurations...");
let output = Command::new("grep")
.args(["-r", "--include=*.rs", "SecurityConfig", "src/"])
.output();
match output {
Ok(result) => {
if !result.stdout.is_empty() {
println!("โ
SecurityConfig found in codebase");
let lines = String::from_utf8_lossy(&result.stdout);
let count = lines.lines().count();
println!(" {} security configuration references found", count);
}
}
Err(_) => println!("โ ๏ธ Could not analyze SecurityConfig usage"),
}
println!("โ
Security configuration check complete\n");
}
fn check_auth_flows() {
println!("๐ Checking authentication flows...");
let auth_patterns = vec![
"authenticate",
"authorize",
"validate_token",
"verify_password",
"hash_password",
];
for pattern in auth_patterns {
let output = Command::new("grep")
.args(["-r", "--include=*.rs", "-c", pattern, "src/"])
.output();
match output {
Ok(result) => {
if !result.stdout.is_empty() {
let count: i32 = String::from_utf8_lossy(&result.stdout)
.lines()
.filter_map(|line| line.split(':').nth(1)?.parse::<i32>().ok())
.sum();
if count > 0 {
println!(
"โ
{} authentication functions found: {} occurrences",
pattern, count
);
}
}
}
Err(_) => println!("โ ๏ธ Could not check: {}", pattern),
}
}
println!("โ
Authentication flow check complete\n");
}
fn check_encryption_standards() {
println!("๐ Checking encryption standards...");
let crypto_patterns = vec![
"AES", "ChaCha20", "Argon2", "bcrypt", "scrypt", "HMAC", "RSA", "Ed25519",
];
for pattern in crypto_patterns {
let output = Command::new("grep")
.args(["-r", "--include=*.rs", "-i", pattern, "src/"])
.output();
if let Ok(result) = output
&& !result.stdout.is_empty()
{
println!("โ
{} encryption found in codebase", pattern);
}
}
println!("โ
Encryption standards check complete\n");
}
fn check_sql_injection_protection() {
println!("๐ก๏ธ Checking SQL injection protection...");
let output = Command::new("grep")
.args(["-r", "--include=*.rs", "prepare\\|bind\\|?", "src/"])
.output();
match output {
Ok(result) => {
if !result.stdout.is_empty() {
println!("โ
Parameterized query patterns found");
} else {
println!("โ ๏ธ No parameterized query patterns detected");
}
}
Err(_) => println!("โ ๏ธ Could not check SQL injection protection"),
}
println!("โ
SQL injection protection check complete\n");
}
fn check_input_sanitization() {
println!("๐งน Checking input sanitization...");
let sanitization_patterns = vec!["validate", "sanitize", "escape", "filter"];
for pattern in sanitization_patterns {
let output = Command::new("grep")
.args(["-r", "--include=*.rs", "-c", pattern, "src/"])
.output();
if let Ok(result) = output
&& !result.stdout.is_empty()
{
let count: i32 = String::from_utf8_lossy(&result.stdout)
.lines()
.filter_map(|line| line.split(':').nth(1)?.parse::<i32>().ok())
.sum();
if count > 0 {
println!(
"โ
{} input sanitization functions: {} occurrences",
pattern, count
);
}
}
}
println!("โ
Input sanitization check complete\n");
}