jiangkai
/
microservice-helm


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205
							# Configuration Security Analysis Script
$services = @(
    'shop-recycle-account',
    'shop-recycle-agent-pc-web',
    'shop-recycle-async-web',
    'shop-recycle-customer-wechat-web',
    'shop-recycle-data-statistics',
    'shop-recycle-dealdata-service',
    'shop-recycle-dispatcher',
    'shop-recycle-erp-pc-web',
    'shop-recycle-gateway',
    'shop-recycle-gateway-out',
    'shop-recycle-gateway-out-upgrade',
    'shop-recycle-import-web',
    'shop-recycle-login-center',
    'shop-recycle-marketer-pc-web',
    'shop-recycle-merchant',
    'shop-recycle-merchant-pc-web',
    'shop-recycle-merchant-wechat-web',
    'shop-recycle-msg',
    'shop-recycle-order-center',
    'shop-recycle-order-search',
    'shop-recycle-oss-web',
    'shop-recycle-out-web',
    'shop-recycle-payment',
    'shop-recycle-payment-web',
    'shop-recycle-pis',
    'shop-recycle-platform',
    'shop-recycle-platform-pc-web',
    'shop-recycle-sche',
    'shop-recycle-store',
    'shop-recycle-store-pc-web',
    'shop-recycle-store-wechat-web',
    'shop-recycle-wechat',
    'shop-recycle-wechat-web',
    'shop-recycle-ws-web'
)

$basePath = "d:\coding-area\devops\helm\conf"

# Define sensitive information patterns
$sensitivePatterns = @{
    'database_password' = @(
        '^\s*password\s*:\s*(?!null|"")',
        '^\s*jdbc-password\s*:\s*',
        '^\s*datasource.*password\s*:\s*'
    )
    'database_username' = @(
        '^\s*user(name)?\s*:\s*(?!null|"")',
        '^\s*jdbc-user(name)?\s*:\s*'
    )
    'database_host' = @(
        '^\s*(host|server|url)\s*:\s*(?!null|"")',
        '^\s*jdbc-url\s*:\s*'
    )
    'redis_password' = @(
        '^\s*redis.*password\s*:\s*(?!null|"")',
        '^\s*spring\.redis\.password\s*:\s*'
    )
    'rabbitmq_password' = @(
        '^\s*rabbitmq.*password\s*:\s*(?!null|"")',
        '^\s*spring\.rabbitmq\.password\s*:\s*'
    )
    'wechat_app_id' = @(
        '^\s*(app[_-]?id|appid|wechat[_-]?id)\s*:\s*(?!null|"")',
        'wechat.*app[_-]?id\s*:\s*'
    )
    'wechat_app_secret' = @(
        '^\s*(app[_-]?secret|secret|wechat[_-]?secret)\s*:\s*(?!null|"")',
        'wechat.*secret\s*:\s*'
    )
    'mongodb_password' = @(
        '^\s*mongodb.*password\s*:\s*(?!null|"")',
        '^\s*spring\.data\.mongodb\.password\s*:\s*'
    )
    'mongodb_username' = @(
        '^\s*mongodb.*user(name)?\s*:\s*(?!null|"")',
        '^\s*spring\.data\.mongodb\.user(name)?\s*:\s*'
    )
    'nacos_username' = @(
        '^\s*nacos.*user(name)?\s*:\s*(?!null|"")',
        'nacos\.authentication\.user(name)?\s*:\s*'
    )
    'nacos_password' = @(
        '^\s*nacos.*password\s*:\s*(?!null|"")',
        'nacos\.authentication\.password\s*:\s*'
    )
    'seata_password' = @(
        '^\s*seata.*password\s*:\s*(?!null|"")',
        'seata.*password\s*:\s*'
    )
    'api_key' = @(
        '^\s*(api[_-]?key|key)\s*:\s*(?!null|"")',
        'secret[_-]?key\s*:\s*'
    )
    'token' = @(
        '^\s*token\s*:\s*(?!null|"")',
        '^\s*access[_-]?token\s*:\s*'
    )
}

$analysisResults = @()
$sensitiveInfoSummary = @{}

foreach ($service in $services) {
    $ymlPath = "$basePath\$service\conf\application.yml"
    
    if (Test-Path $ymlPath) {
        $content = Get-Content $ymlPath -Raw
        $lines = $content -split "`n"
        
        $detectedSensitiveInfo = @{}
        $sensitiveFields = @()
        
        foreach ($line in $lines) {
            # Skip empty lines and comments
            if ($line.Trim() -eq '' -or $line.TrimStart().StartsWith('#')) {
                continue
            }
            
            # Check each sensitive information pattern
            foreach ($category in $sensitivePatterns.Keys) {
                $patterns = $sensitivePatterns[$category]
                
                foreach ($pattern in $patterns) {
                    if ($line -match $pattern) {
                        # Ensure this line is not a comment
                        if (-not $line.TrimStart().StartsWith('#')) {
                            if (-not $detectedSensitiveInfo.ContainsKey($category)) {
                                $detectedSensitiveInfo[$category] = @()
                            }
                            
                            $fieldName = ($line -split ':')[0].Trim()
                            $detectedSensitiveInfo[$category] += $fieldName
                            $sensitiveFields += $fieldName
                        }
                    }
                }
            }
        }
        
        $needsSecret = $detectedSensitiveInfo.Count -gt 0
        
        $result = [PSCustomObject]@{
            Service = $service
            NeedsSecret = $needsSecret
            SensitiveTypes = @($detectedSensitiveInfo.Keys)
            SensitiveFields = ($sensitiveFields | Select-Object -Unique)
            FieldCount = ($sensitiveFields | Select-Object -Unique).Count
        }
        
        $analysisResults += $result
        
        # Collect statistics for sensitive information types
        foreach ($type in $detectedSensitiveInfo.Keys) {
            if (-not $sensitiveInfoSummary.ContainsKey($type)) {
                $sensitiveInfoSummary[$type] = 0
            }
            $sensitiveInfoSummary[$type]++
        }
    }
}

# Output results
Write-Host "========== SERVICE CONFIGURATION ANALYSIS REPORT ==========" -ForegroundColor Cyan
Write-Host ""

# Output each service
foreach ($result in $analysisResults) {
    Write-Host "Service Name: $($result.Service)" -ForegroundColor Yellow
    $needsSecretStr = if($result.NeedsSecret) { "YES" } else { "NO" }
    $color = if($result.NeedsSecret) { 'Red' } else { 'Green' }
    Write-Host "Requires Secret: $needsSecretStr" -ForegroundColor $color
    
    if ($result.NeedsSecret) {
        Write-Host "Sensitive Info Types: $($result.SensitiveTypes -join ', ')"
        Write-Host "Sensitive Fields: $($result.SensitiveFields -join ', ')"
        Write-Host "Field Count: $($result.FieldCount)"
    }
    Write-Host ""
}

# Summary statistics
Write-Host "========== SUMMARY REPORT ==========" -ForegroundColor Cyan
$needsSecretCount = ($analysisResults | Where-Object { $_.NeedsSecret }).Count
Write-Host "Total Services: $($services.Count)"
Write-Host "Services Requiring Secret: $needsSecretCount"
Write-Host "Services without Sensitive Info: $($services.Count - $needsSecretCount)"
Write-Host ""

Write-Host "========== SENSITIVE INFO TYPE STATISTICS ==========" -ForegroundColor Cyan
foreach ($type in ($sensitiveInfoSummary.Keys | Sort-Object)) {
    Write-Host "$type : $($sensitiveInfoSummary[$type]) services"
}

Write-Host ""
Write-Host "========== DETAILED ANALYSIS RESULTS (JSON FORMAT) ==========" -ForegroundColor Cyan
$jsonOutput = $analysisResults | ConvertTo-Json
Write-Host $jsonOutput

# Save to file
$outputPath = "d:\coding-area\devops\helm\config-analysis-report.json"
$analysisResults | ConvertTo-Json | Out-File $outputPath -Encoding UTF8
Write-Host ""
Write-Host "Detailed report saved to: $outputPath" -ForegroundColor Green