From 209b5b34771e65fcb258af918454f7a7fc96c6e3 Mon Sep 17 00:00:00 2001
From: 7000pctAUTO <lukems3823@gmail.com>
Date: Thu, 29 Jan 2026 21:26:39 +0000
Subject: [PATCH] Add security and best_practices validators

---
 src/validators/security.py | 63 ++++++--------------------------------
 1 file changed, 10 insertions(+), 53 deletions(-)

diff --git a/src/validators/security.py b/src/validators/security.py
index 8237499..c0dfb3c 100644
--- a/src/validators/security.py
+++ b/src/validators/security.py
@@ -1,64 +1,35 @@
-"""Security vulnerability scanning module."""
-
+"""Security vulnerability scanning."""
 from typing import List, Optional
-
 from ..models import Rule, Finding
 
-
 class SecurityValidator:
-    """Scans shell scripts for security vulnerabilities."""
-
     DEFAULT_PATTERNS = [
         Rule(
-            id="SECURITY001",
-            name="Unquoted variable",
-            pattern=r"(?<![\"'])(\$[a-zA-Z_][a-zA-Z0-9_]*)(?![\"'])",
-            severity="high",
+            id="SECURITY001", name="Unquoted variable",
+            pattern=r"(?<![\"])(\$[a-zA-Z_][a-zA-Z0-9_]*)(?![\"])", severity="high",
             message="Unquoted variable can cause word splitting and glob expansion",
             suggestion="Always quote variables: \"$VAR\" instead of $VAR",
         ),
         Rule(
-            id="SECURITY002",
-            name="Command substitution in variable context",
-            pattern=r"\$\([^)]+\)",
-            severity="high",
+            id="SECURITY002", name="Command substitution",
+            pattern=r"\$\([^)]+\)", severity="high",
             message="Command substitution can be exploited if output contains special characters",
             suggestion="Validate and sanitize command substitution output",
         ),
         Rule(
-            id="SECURITY003",
-            name="Path traversal pattern",
-            pattern=r"\$\w+/\.\./|\$\w+/\.\.\$",
-            severity="high",
+            id="SECURITY003", name="Path traversal pattern",
+            pattern=r"\$\w+/\.\./|\$\w+/\.\.\$", severity="high",
             message="Path traversal detected with variable - potential security vulnerability",
-            suggestion="Validate and normalize paths. Use realpath() or similar to resolve paths.",
-        ),
-        Rule(
-            id="SECURITY004",
-            name="Shell metacharacter injection",
-            pattern=r"[;&|\`$!#()*?<>{}]\s*\$\w+",
-            severity="high",
-            message="Shell metacharacters followed by variable can lead to injection",
-            suggestion="Sanitize variables to remove or escape shell metacharacters",
-        ),
-        Rule(
-            id="SECURITY005",
-            name="exec with shell variable",
-            pattern=r"exec\s+.*\$\w+",
-            severity="high",
-            message="exec with variable can be exploited",
-            suggestion="Avoid using variables with exec. Use explicit command paths.",
+            suggestion="Validate and normalize paths. Use realpath() or similar.",
         ),
     ]
 
-    def __init__(self, custom_rules: Optional[List[Rule]] = None):
-        """Initialize the security validator with optional custom rules."""
+    def __init__(self, custom_rules=None):
         self.rules = self.DEFAULT_PATTERNS.copy()
         if custom_rules:
             self.rules.extend(custom_rules)
 
-    def validate(self, content: str, line_number: Optional[int] = None) -> List[Finding]:
-        """Validate content for security vulnerabilities."""
+    def validate(self, content, line_number=None):
         findings = []
         for rule in self.rules:
             if not rule.enabled:
@@ -68,17 +39,3 @@ class SecurityValidator:
                 finding = Finding.from_match(rule, match, line_number, content)
                 findings.append(finding)
         return findings
-
-    def validate_lines(self, lines: List[str]) -> List[Finding]:
-        """Validate multiple lines, tracking line numbers."""
-        findings = []
-        for line_number, line in enumerate(lines, start=1):
-            line_findings = self.validate(line, line_number)
-            for finding in line_findings:
-                finding.context = line
-            findings.extend(line_findings)
-        return findings
-
-    def check(self, command: str) -> List[Finding]:
-        """Check a single command for security vulnerabilities."""
-        return self.validate(command)