john/tractatus
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
tractatus/scripts/validate-document-security.js
TheFlow ac2db33732 fix(submissions): restructure Economist package and fix article display 
- Create Economist SubmissionTracking package correctly:
  * mainArticle = full blog post content
  * coverLetter = 216-word SIR— letter
  * Links to blog post via blogPostId
- Archive 'Letter to The Economist' from blog posts (it's the cover letter)
- Fix date display on article cards (use published_at)
- Target publication already displaying via blue badge

Database changes:
- Make blogPostId optional in SubmissionTracking model
- Economist package ID: 68fa85ae49d4900e7f2ecd83
- Le Monde package ID: 68fa2abd2e6acd5691932150

Next: Enhanced modal with tabs, validation, export

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-10-24 08:47:42 +13:00

154 lines
5.3 KiB
JavaScript
Executable file
Raw Blame History

#!/usr/bin/env node
/**
* Document Security Validation Script
* Validates that documents being deployed are appropriate for their visibility level
*
* This script is called before document import/deployment to prevent
* accidental exposure of sensitive internal documentation.
*/
const SECURITY_KEYWORDS = {
credentials: ['password', 'api_key', 'secret', 'token', 'mongodb_uri', 'stripe_secret', 'auth'],
financial: ['stripe', 'payment', 'pricing', 'revenue', 'cost', 'billing'],
vulnerability: ['security audit', 'vulnerability', 'exploit', 'cve-', 'penetration test'],
infrastructure: ['deployment', 'server', 'ssh', 'production environment', 'database credentials']
};
/**
* Classify document security level based on content and metadata
*/
function classifyDocumentSecurity(docConfig, contentMarkdown) {
const classification = {
contains_credentials: false,
contains_financial_info: false,
contains_vulnerability_info: false,
contains_infrastructure_details: false,
recommended_visibility: 'public'
};
const lowerContent = contentMarkdown.toLowerCase();
const lowerTitle = docConfig.title.toLowerCase();
// Check for credentials
if (SECURITY_KEYWORDS.credentials.some(kw => lowerContent.includes(kw) || lowerTitle.includes(kw))) {
classification.contains_credentials = true;
}
// Check for financial information
if (SECURITY_KEYWORDS.financial.some(kw => lowerContent.includes(kw) || lowerTitle.includes(kw))) {
classification.contains_financial_info = true;
}
// Check for vulnerability information
if (SECURITY_KEYWORDS.vulnerability.some(kw => lowerContent.includes(kw) || lowerTitle.includes(kw))) {
classification.contains_vulnerability_info = true;
}
// Check for infrastructure details
if (SECURITY_KEYWORDS.infrastructure.some(kw => lowerContent.includes(kw) || lowerTitle.includes(kw))) {
classification.contains_infrastructure_details = true;
}
// Determine recommended visibility
if (classification.contains_credentials || classification.contains_vulnerability_info) {
classification.recommended_visibility = 'confidential';
} else if (classification.contains_financial_info || classification.contains_infrastructure_details) {
classification.recommended_visibility = 'internal';
}
return classification;
}
/**
* Validate document configuration before deployment
*/
function validateDocumentSecurity(docConfig, contentMarkdown) {
const classification = classifyDocumentSecurity(docConfig, contentMarkdown);
const visibility = docConfig.visibility || 'public';
const issues = [];
const warnings = [];
// CRITICAL: Credentials or vulnerabilities marked as public
if (visibility === 'public') {
if (classification.contains_credentials) {
issues.push('❌ BLOCKED: Document contains credentials but is marked public');
}
if (classification.contains_vulnerability_info) {
issues.push('❌ BLOCKED: Document contains vulnerability information but is marked public');
}
if (classification.contains_financial_info) {
warnings.push('⚠️ WARNING: Document contains financial information but is marked public');
}
if (classification.contains_infrastructure_details) {
warnings.push('⚠️ WARNING: Document contains infrastructure details but is marked public');
}
}
// Recommendations
if (classification.recommended_visibility !== visibility) {
warnings.push(`⚠️ RECOMMEND: Change visibility from '${visibility}' to '${classification.recommended_visibility}'`);
}
return {
valid: issues.length === 0,
issues,
warnings,
classification,
recommended_visibility: classification.recommended_visibility
};
}
module.exports = {
classifyDocumentSecurity,
validateDocumentSecurity,
SECURITY_KEYWORDS
};
// CLI usage
if (require.main === module) {
const args = process.argv.slice(2);
if (args.length < 2) {
console.log('Usage: node validate-document-security.js <title> <markdown-file>');
process.exit(1);
}
const fs = require('fs');
const title = args[0];
const filePath = args[1];
if (!fs.existsSync(filePath)) {
console.error(`File not found: ${filePath}`);
process.exit(1);
}
const content = fs.readFileSync(filePath, 'utf-8');
const result = validateDocumentSecurity({ title, visibility: 'public' }, content);
console.log(`\n🔒 Security Validation: ${title}`);
console.log('─'.repeat(60));
if (result.issues.length > 0) {
console.log('\nISSUES:');
result.issues.forEach(issue => console.log(` ${issue}`));
}
if (result.warnings.length > 0) {
console.log('\nWARNINGS:');
result.warnings.forEach(warning => console.log(` ${warning}`));
}
console.log('\nCLASSIFICATION:');
console.log(` Credentials: ${result.classification.contains_credentials}`);
console.log(` Financial Info: ${result.classification.contains_financial_info}`);
console.log(` Vulnerabilities: ${result.classification.contains_vulnerability_info}`);
console.log(` Infrastructure: ${result.classification.contains_infrastructure_details}`);
console.log(` Recommended: ${result.classification.recommended_visibility}`);
console.log('\n' + '─'.repeat(60));
console.log(result.valid ? '✅ VALIDATION PASSED' : '❌ VALIDATION FAILED');
console.log();
process.exit(result.valid ? 0 : 1);
}
Reference in a new issue View git blame Copy permalink