# Security Rules Configuration
# ============================
# Security-focused validation rules for the codebase.
# Run with: python scripts/validate/validate_security.py

version: "1.0"
project: "letzshop-product-import"

description: |
  Security validation rules to detect common vulnerabilities and ensure
  secure coding practices across the application.

principles:
  - name: "Defense in Depth"
    description: "Multiple layers of security controls"
  - name: "Least Privilege"
    description: "Minimal access rights for users and processes"
  - name: "Secure by Default"
    description: "Secure configurations out of the box"
  - name: "Fail Securely"
    description: "Errors should not compromise security"
  - name: "Input Validation"
    description: "Never trust user input"

includes:
  - authentication.yaml
  - injection.yaml
  - data_protection.yaml
  - api_security.yaml
  - cryptography.yaml
  - audit.yaml

severity_levels:
  error:
    description: "Critical security vulnerability that must be fixed"
    exit_code: 1
  warning:
    description: "Security concern that should be addressed"
    exit_code: 0
  info:
    description: "Security best practice recommendation"
    exit_code: 0

ignore:
  files:
    - "**/test_*.py"
    - "**/tests/**"
    - "**/*_test.py"
    - "**/conftest.py"
    - "**/migrations/**"
    - "**/.venv/**"
    - "**/venv/**"
    - "**/node_modules/**"
    - "**/site/**"
    - "**/scripts/**"
    - "**/__pycache__/**"
    - "**/*.pyc"
    - "**/vendor/**"  # Third-party libraries
  patterns:
    # Allow test credentials in test files
    - file: "**/tests/**"
      pattern: "password.*=.*test"
      reason: "Test fixtures use dummy credentials"
    # Allow example patterns in documentation
    - file: "**/docs/**"
      pattern: ".*"
      reason: "Documentation examples"