UNPKG

@syntropysoft/praetorian

Version:

Praetorian CLI – A universal multi-environment configuration validator for DevSecOps teams. Validate, compare, and secure YAML/ENV files with ease.

github.com/syntropysoft/praetorian

syntropysoft/praetorian

84 lines (71 loc) 2.17 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
# INSECURE Configuration - FAILS Security Rules # This configuration demonstrates what NOT to do app: name: "InsecureApp" version: "1.0.0" environment: "development" # Security Configuration - INSECURE EXAMPLES security: authentication: enabled: true method: "basic" # Weak authentication # HARDCODED SECRETS - This will trigger security rules clientId: "my-client-id-12345" clientSecret: "super-secret-password-123" apiKey: "sk-1234567890abcdef1234567890abcdef" adminPassword: "admin123" # Forbidden key rootPassword: "root123" # Forbidden key encryption: enabled: false # No encryption - security risk algorithm: "DES" # Weak encryption ssl: enabled: false # No SSL - major security risk # No certificates configured # Database Configuration - INSECURE database: host: "localhost" port: 5432 name: "myapp" # HARDCODED PASSWORD - Security violation password: "database-password-123" ssl: false # No SSL encryption: false # No encryption # Missing connection pooling # API Configuration - INSECURE api: baseUrl: "http://api.example.com" # HTTP instead of HTTPS timeout: 30000 retries: 3 # HARDCODED API KEY apiKey: "pk_live_1234567890abcdef1234567890abcdef" token: "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c" # No rate limiting rateLimit: enabled: false # Logging Configuration - INSECURE logging: level: "debug" format: "text" # Not structured # LOGGING SENSITIVE DATA - Security risk includeFields: - "password" - "secret" - "token" - "apiKey" destination: "console" # Not secure for production # No log rotation or encryption # Monitoring Configuration - INSECURE monitoring: enabled: false # No monitoring # No health checks # No metrics collection # Cache Configuration - INSECURE cache: enabled: true type: "memory" # Insecure for production # No authentication # No encryption # No SSL # Missing backup configuration # Missing security headers # Missing input validation