pezkuwichain/pwap
1
0
Fork 0
mirror of https://github.com/pezkuwichain/pwap.git synced 2026-04-22 21:47:56 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
9d2069fd1457b00a043742c9aa51add71e3dee75
pwap/.git-hooks/README.md
T
pezkuwichain 93767711d9 feat: Add comprehensive GitHub security integration 
Security Infrastructure:
- Add .gitattributes for merge conflict protection and sensitive file handling
- Add SECURITY.md with detailed security policies and procedures
- Add pre-commit hook template for local secret detection
- Add GitHub Actions workflow for automated security scanning
- Add comprehensive documentation for git hooks

Code Security Improvements:
- Fix AuthContext.tsx: Remove hardcoded credentials, use environment variables
- Migrate WalletContext.tsx: Replace Ethereum/MetaMask with Polkadot.js
- Refactor lib/wallet.ts: Complete Substrate configuration with asset management
- Update TokenSwap.tsx: Add real API integration for balance queries
- Update StakingDashboard.tsx: Add blockchain integration placeholders

Environment Management:
- Update .env with proper security warnings
- Update .env.example with comprehensive template
- All sensitive data now uses environment variables
- Demo mode controllable via VITE_ENABLE_DEMO_MODE flag

Security Measures Implemented:
 4-layer protection (gitignore + gitattributes + pre-commit + CI/CD)
 Automated secret scanning (TruffleHog + Gitleaks)
 Pre-commit hooks prevent accidental commits
 CI/CD pipeline validates all PRs
 Environment variable validation
 Dependency security auditing

Breaking Changes:
- WalletContext now uses Polkadot.js instead of MetaMask
- lib/wallet.ts completely rewritten for Substrate
- ASSET_IDs and CHAIN_CONFIG exported from lib/wallet.ts
- Demo mode must be explicitly enabled

Migration Notes:
- Install pre-commit hook: cp .git-hooks/pre-commit.example .git/hooks/pre-commit
- Copy environment: cp .env.example .env
- Update .env with your credentials
- Enable GitHub Actions in repository settings

Co-authored-by: Claude <noreply@anthropic.com>
2025-10-28 21:48:48 +03:00

252 lines
4.9 KiB
Markdown
Raw Blame History

This file contains invisible Unicode characters
This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
# Git Hooks - PezkuwiChain
## =Ë Overview
This directory contains Git hook templates that help prevent security issues and maintain code quality.
---
## =' Installation
### Quick Install (Recommended)
Run this command from the project root:
```bash
cp .git-hooks/pre-commit.example .git/hooks/pre-commit
chmod +x .git/hooks/pre-commit
```
### Verify Installation
```bash
# Check if hook is installed
ls -la .git/hooks/pre-commit
# Test the hook
git add .
git commit -m "test" --dry-run
```
---
## =Ú Available Hooks
### pre-commit
**Purpose:** Prevents committing sensitive data and enforces code quality
**Checks:**
- L Blocks `.env` files from being committed
- L Blocks files with sensitive patterns (passwords, API keys, etc.)
- L Blocks secret files (.key, .pem, .cert, etc.)
-   Warns about large files (>500KB)
-   Warns about debug code (console.log, debugger)
-   Warns about hardcoded credentials
**Example output:**
```
=
Running pre-commit security checks...
Checking for .env files...
Scanning for sensitive patterns...
Checking for secret files...
Checking for large files...
Checking for debug code...
 All security checks passed!
```
---
## =à Configuration
### Bypass Hook (Not Recommended)
If you absolutely need to bypass the hook:
```bash
git commit --no-verify -m "message"
```
  **WARNING:** Only bypass if you're sure there are no secrets!
### Customize Checks
Edit `.git-hooks/pre-commit.example` and adjust:
- `PATTERNS` - Secret detection patterns
- `SECRET_FILES` - File patterns to block
- `MAX_FILE_SIZE` - Maximum file size in KB
- `DEBUG_PATTERNS` - Debug code patterns
---
## >ê Testing
### Test with Sample Commits
```bash
# Test 1: Try to commit .env (should fail)
echo "SECRET=test" > .env
git add .env
git commit -m "test"
# Expected: L ERROR: Attempting to commit .env file!
# Test 2: Try to commit hardcoded password (should fail)
echo 'const password = "mysecret123"' >> test.ts
git add test.ts
git commit -m "test"
# Expected: L ERROR: Potential secrets detected!
# Test 3: Normal commit (should pass)
echo 'const x = 1' >> test.ts
git add test.ts
git commit -m "test"
# Expected:  All security checks passed!
```
---
## =
What Each Check Does
### 1. `.env` File Check
```bash
# Blocks any .env file
.env
.env.local
.env.production
.env.staging
```
### 2. Sensitive Pattern Detection
Searches for patterns like:
- `password = "..."`
- `api_key = "..."`
- `secret = "..."`
- `token = "..."`
- Private key headers
- AWS access keys
### 3. Secret File Detection
Blocks files matching:
- `*.key`, `*.pem`, `*.cert`
- `*.p12`, `*.pfx`
- `*secret*`, `*credential*`
- `.npmrc`, `.dockercfg`
### 4. Large File Warning
Warns if file is larger than 500KB:
```
  WARNING: Large file detected: image.png (1024KB)
Consider using Git LFS for large files
```
### 5. Debug Code Detection
Warns about:
- `console.log()`
- `debugger`
- `TODO security`
- `FIXME security`
### 6. Hardcoded Credentials Check
Special check for `AuthContext.tsx`:
```typescript
// L BAD - Will be blocked
const password = "mysecret123"
//  GOOD - Will pass
const password = import.meta.env.VITE_PASSWORD
```
---
## =¨ Troubleshooting
### Hook Not Running
```bash
# Check if hook exists
ls -la .git/hooks/pre-commit
# Check if executable
chmod +x .git/hooks/pre-commit
# Verify hook content
cat .git/hooks/pre-commit
```
### False Positives
If the hook incorrectly flags a file:
1. Review the pattern that triggered
2. Confirm the file is safe
3. Use `--no-verify` to bypass (with caution)
4. Update the pattern in `.git-hooks/pre-commit.example`
### Hook Errors
```bash
# If hook fails to run
bash -x .git/hooks/pre-commit
# Check for syntax errors
bash -n .git/hooks/pre-commit
```
---
## =Ê Integration with CI/CD
The pre-commit hook works alongside:
### GitHub Actions
- `.github/workflows/security-check.yml` - Automated security scanning
- Runs on every PR and push to main
- Catches issues missed locally
### Pre-push Hook (Optional)
You can also add a pre-push hook:
```bash
# .git-hooks/pre-push.example
#!/bin/bash
npm test
npm run lint
```
---
## = Best Practices
1. **Install hooks immediately** after cloning the repo
2. **Never use `--no-verify`** unless absolutely necessary
3. **Keep hooks updated** - run `git pull` regularly
4. **Test hooks** before committing important changes
5. **Report false positives** to improve the hook
---
## =Ú Additional Resources
### Git Hooks Documentation
- [Git Hooks Official Docs](https://git-scm.com/book/en/v2/Customizing-Git-Git-Hooks)
- [Pre-commit Framework](https://pre-commit.com/)
### Security Tools
- [git-secrets](https://github.com/awslabs/git-secrets)
- [gitleaks](https://github.com/zricethezav/gitleaks)
- [TruffleHog](https://github.com/trufflesecurity/trufflehog)
---
## <˜ Support
If you encounter issues:
1. Check this README
2. Review `SECURITY.md` in project root
3. Contact: security@pezkuwichain.io
---
**Last Updated:** October 28, 2024
Reference in New Issue View Git Blame Copy Permalink