# Security Test Notebook

This notebook demonstrates security considerations and safe coding practices.
It includes examples that should pass security scanning.

In [1]:
import os
import hashlib
import secrets
import json
from pathlib import Path

print("Security test notebook - demonstrating safe practices")

Security test notebook - demonstrating safe practices


In [2]:
# Safe file operations
def safe_file_operation(filename):
    """Demonstrate safe file operations with proper validation"""
    
    # Validate filename
    if not filename or '..' in filename or filename.startswith('/'):
        raise ValueError("Invalid filename")
    
    # Use pathlib for safe path operations
    safe_path = Path(filename).resolve()
    
    # Check if file exists safely
    if safe_path.exists():
        print(f"File exists: {safe_path}")
    else:
        print(f"File does not exist: {safe_path}")
    
    return str(safe_path)

# Test safe file operations
test_file = "test_file.txt"
safe_path = safe_file_operation(test_file)
print(f"✅ Safe file operation completed: {safe_path}")

File does not exist: /mnt/f/actions/dev-actions/notebooks/testing/test_file.txt
✅ Safe file operation completed: /mnt/f/actions/dev-actions/notebooks/testing/test_file.txt


In [3]:
# Secure random number generation
def generate_secure_token(length=32):
    """Generate cryptographically secure random token"""
    return secrets.token_hex(length)

# Secure hashing
def secure_hash(data):
    """Create secure hash of data"""
    if isinstance(data, str):
        data = data.encode('utf-8')
    return hashlib.sha256(data).hexdigest()

# Test secure operations
token = generate_secure_token()
print(f"Generated secure token: {token[:16]}...")

test_data = "This is test data for hashing"
data_hash = secure_hash(test_data)
print(f"Secure hash: {data_hash}")

print("✅ Secure cryptographic operations completed")

Generated secure token: 6e5b6883624cee07...
Secure hash: 59474e66f6e13257ee1fd418848c642b25c2f90ef4d2830b094dc4b673803fb5
✅ Secure cryptographic operations completed


In [4]:
# Safe data handling
def safe_json_parse(json_string):
    """Safely parse JSON with error handling"""
    try:
        return json.loads(json_string)
    except json.JSONDecodeError as e:
        print(f"JSON parsing error: {e}")
        return None

# Safe environment variable access
def get_env_var(var_name, default=None):
    """Safely get environment variable with default"""
    return os.environ.get(var_name, default)

# Test safe data operations
test_json = '{"key": "value", "number": 42}'
parsed_data = safe_json_parse(test_json)
print(f"Parsed JSON: {parsed_data}")

# Safe environment access (won't expose real secrets)
test_env = get_env_var('NON_EXISTENT_VAR', 'default_value')
print(f"Environment variable: {test_env}")

print("✅ Safe data handling completed")

Parsed JSON: {'key': 'value', 'number': 42}
Environment variable: default_value
✅ Safe data handling completed


In [5]:
# Input validation example
def validate_input(user_input):
    """Validate user input safely"""
    if not isinstance(user_input, str):
        raise TypeError("Input must be a string")
    
    if len(user_input) > 1000:
        raise ValueError("Input too long")
    
    # Remove potentially dangerous characters
    safe_chars = set('abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789 .-_')
    filtered_input = ''.join(c for c in user_input if c in safe_chars)
    
    return filtered_input

# Test input validation
test_inputs = [
    "Hello World",
    "test123",
    "safe-input_test.example"
]

for test_input in test_inputs:
    validated = validate_input(test_input)
    print(f"Input: '{test_input}' -> Validated: '{validated}'")

print("✅ Input validation completed")

Input: 'Hello World' -> Validated: 'Hello World'
Input: 'test123' -> Validated: 'test123'
Input: 'safe-input_test.example' -> Validated: 'safe-input_test.example'
✅ Input validation completed


## Security Test Summary

This notebook demonstrates:
- 🔒 Safe file operations with path validation
- 🎲 Cryptographically secure random generation
- 🔐 Secure hashing with SHA-256
- 📝 Safe JSON parsing with error handling
- 🛡️ Input validation and sanitization
- 🌍 Safe environment variable access

Security best practices followed:
- No hardcoded secrets or credentials
- Proper input validation
- Safe file path handling
- Secure cryptographic functions
- Error handling for all operations

This notebook should pass security scanning (bandit) in the CI/CD pipeline.