firefrost-gaming/claude-skills-reference
3
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

fix(security): add disclaimers to sample code and scaffolding templates

Browse Source 
- payment_processor.py: add disclaimer header + replace realistic-looking keys with EXAMPLE_NOT_REAL
- project_scaffolder.py: add SCAFFOLDING PLACEHOLDER comments to generated secrets
- pipeline_orchestrator.py: no change needed (compile() used for syntax validation only)
This commit is contained in:
Leo
2026-03-11 20:18:27 +01:00
parent 2c3b581b4a
commit a851de0f94
2 changed files with 13 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
engineering-team/senior-fullstack/scripts/project_scaffolder.py
View File

@@ -271,7 +271,7 @@ from typing import List
class Settings(BaseSettings):
DATABASE_URL: str = "postgresql://user:pass@localhost:5432/db"
ALLOWED_ORIGINS: List[str] = ["http://localhost:3000", "http://localhost:5173"]
SECRET_KEY: str = "change-me-in-production"
SECRET_KEY: str = "change-me-in-production" # ⚠️ SCAFFOLDING PLACEHOLDER — replace before deployment
class Config:
env_file = ".env"
@@ -627,7 +627,7 @@ export default config;
module.exports = { reactStrictMode: true };
''',
".env.example": '''DATABASE_URL="postgresql://user:password@localhost:5432/dbname"
SECRET_KEY="your-secret-here"
SECRET_KEY="your-secret-here" # ⚠️ SCAFFOLDING PLACEHOLDER — replace before deployment
''',
".gitignore": '''node_modules/
.next/

15
engineering/tech-debt-tracker/assets/sample_codebase/src/payment_processor.py
View File

@@ -1,5 +1,11 @@
"""
Payment processing module - contains various technical debt examples
Payment processing module - contains various technical debt examples.
⚠️ DISCLAIMER: This is an INTENTIONAL example of bad code patterns for
tech debt detection training. The hardcoded credentials, missing error
handling, and other issues are deliberate anti-patterns used by the
tech-debt-tracker skill to demonstrate detection capabilities.
DO NOT use this code in production.
"""
import json
@@ -13,9 +19,10 @@ class PaymentProcessor:
def __init__(self):
# TODO: These should come from environment or config
self.stripe_key = "sk_test_1234567890"
self.paypal_key = "paypal_secret_key_here"
self.square_key = "square_api_key"
# ⚠️ INTENTIONAL BAD PATTERN — hardcoded keys for tech debt detection demo
self.stripe_key = "sk_test_EXAMPLE_NOT_REAL"
self.paypal_key = "paypal_EXAMPLE_NOT_REAL"
self.square_key = "square_EXAMPLE_NOT_REAL"
def process_payment(self, amount, currency, payment_method, customer_data, billing_address, shipping_address, items, discount_code, tax_rate, processing_fee, metadata):
"""