If you discover a security vulnerability in Room Finder AI Bot, please email the maintainer privately instead of using the issue tracker.

Do not create a public GitHub issue reporting the vulnerability.

Please include:

• A detailed description of the vulnerability
• Steps to reproduce the issue
• Potential impact
• Suggested fix (if you have one)

We take security seriously and will work with you to address any issues promptly.

1. Never commit secrets to Git

   • Keep .env file in .gitignore
   • Use .env.example as a template instead
   • Rotate API keys periodically

2. Secure your .env file

   chmod 600 .env  # Restrict to owner only

3. Use environment variables

   • Never hardcode API keys in source code
   • Always load sensitive data from .env

4. Telegram API Security

   • Don't share your TELEGRAM_API_HASH
   • Regenerate API credentials if compromised
   • Use unique sessions for different bots

5. DeepSeek API Security

   • Generate new API keys for different environments (dev, prod)
   • Monitor API usage for suspicious activity
   • Set API rate limits if available

6. WhatsApp/WAHA Security

   • Keep WAHA server behind firewall
   • Use strong API keys
   • Restrict API access to localhost if possible

• Keep dependencies updated: pip install --upgrade -r requirements.txt
• Review dependencies before installing
• Use virtual environments to isolate dependencies
• Don't run untrusted code modifications

• Use official APIs only
• Don't use unofficial WhatsApp clients (stick to WAHA)
• Regularly audit connected applications
• Remove access from unused services

• We address reported vulnerabilities as soon as possible
• Security updates are released with priority
• Affected users will be notified through GitHub security advisories

This project depends on:

• telethon - Telegram client library
• requests - HTTP library
• langdetect - Language detection
• flask - Web framework
• python-dotenv - Environment variable management

Please check for vulnerabilities in these dependencies:

pip install safety
safety check

We follow responsible disclosure practices:

• Issues are addressed privately before public disclosure
• CVEs are requested for critical vulnerabilities
• Patches are released promptly

Thank you for helping keep Room Finder AI Bot secure! 🔒