add daily tool scripts: hardcode_scanner, branch_scanner, prune_branches

This commit is contained in:
知微
2026-06-24 00:04:59 +08:00
parent e33a236bc1
commit 6c97870a8d
3 changed files with 198 additions and 0 deletions
+109
View File
@@ -0,0 +1,109 @@
#!/usr/bin/env python3
"""
hardcode_scanner.py — 自成长扫描器
检测脚本中可能已过时的硬编码数值,写审计 JSON 供 system_audit 调用。
扫描规则:
1. 财务类硬编码(cash/金额/仓位)— 应来自 data/*.json
2. 汇率类硬编码(0.86xx, 0.87xx, 0.93等)— 应来自 hk_rate 模块
3. 数字 fallbackreturn X, fallback=X)— 应来自实时数据源
4. 每手股数硬编码(500, 1000 等)— 应来自 Tencent API field[60]
输出:/home/hmo/web-dashboard/data/hardcode_audit.json
"""
import re, ast, json, os, sys
SCAN_DIRS = [
"/home/hmo/.hermes/profiles/position-analyst/scripts",
"/home/hmo/MoFin",
"/home/hmo/web-dashboard",
]
SAFE_FALLBACK_PATTERNS = [
# Known valid fallbacks where network data is genuinely optional
"rate = 0.87", # hk_rate module's own fallback
"retry_for_secs=5", # timeouts
"timeout=5",
"timeout=10",
"timeout=30",
"timeout=60",
"port 5805",
"127.0.0.1:5805",
]
SUSPICIOUS_NUMBERS = [
# (pattern, reason)
(r'return\s+\d{4,}\b', '可能的硬编码现金/金额'),
(r'=\s*\d{5,}\b', '可能的硬编码大额数字'),
(r'0\.8[5-9]\d{1,3}', '可能的硬编码汇率值'),
(r'0\.9[0-5]\d{1,3}', '可能的硬编码汇率值'),
(r'1手\s*[:=]\s*\d{3,}', '可能的每手股数硬编码'),
]
def scan_file(filepath):
findings = []
try:
with open(filepath, 'r', encoding='utf-8', errors='ignore') as f:
content = f.read()
except Exception:
return []
lines = content.split('\n')
for i, line in enumerate(lines, 1):
stripped = line.strip()
# Skip comments and empty lines
if not stripped or stripped.startswith('#') or '"""' in stripped:
continue
for pat, reason in SUSPICIOUS_NUMBERS:
if re.search(pat, stripped):
# Check if it's a safe fallback
if any(safe in stripped for safe in SAFE_FALLBACK_PATTERNS):
continue
findings.append({
"file": filepath,
"line": i,
"code": stripped[:120],
"reason": reason,
"suggestion": "考虑从 data/*.json 或 API 实时读取,不使用硬编码值"
})
break # one finding per line
return findings
def main():
all_findings = []
for directory in SCAN_DIRS:
if not os.path.isdir(directory):
continue
for root, _, files in os.walk(directory):
for f in files:
if f.endswith('.py'):
path = os.path.join(root, f)
findings = scan_file(path)
all_findings.extend(findings)
# Only output to stdout for cron
if all_findings:
print(f"[HARDCODE_SCAN] 发现 {len(all_findings)} 处可能硬编码:")
for f in all_findings:
rel = f['file'].replace('/home/hmo/', '')
print(f"{rel}:L{f['line']} {f['reason']}")
print(f" {f['code']}")
print(f"{f['suggestion']}")
else:
print("[HARDCODE_SCAN] 未发现可疑硬编码")
# Write audit log
os.makedirs(os.path.dirname(AUDIT_PATH), exist_ok=True)
json.dump({
"timestamp": __import__('datetime').datetime.now().isoformat(),
"findings": all_findings,
"count": len(all_findings),
}, open(AUDIT_PATH, 'w'), ensure_ascii=False, indent=2)
if __name__ == '__main__':
AUDIT_PATH = "/home/hmo/web-dashboard/data/hardcode_audit.json" if 'AUDIT_PATH' not in dir() else AUDIT_PATH
main()