Critical issues: malformed requirements, hardcoded/mock data, unused config, and missing safeguards

[MUBENDIRAN]

Description

I identified several concrete issues affecting reliability, correctness, and production readiness:

1. Broken Dependency Installation
   requirements.txt is incorrectly formatted (numbered like Markdown).
   This causes pip install -r requirements.txt to fail.

Expected: Plain dependency list
Impact: Project cannot be set up properly

2. Mock / Hardcoded Data in Core Logic
   src/json_report_generator.py generates simulated output (fake timestamps, account data).
   This bypasses actual processed data.

Expected: Output should strictly reflect processed input data
Impact: Misleading results, not production-ready

3. Unused Configuration Parameter
   cost_increase_alert_percent is read in analyzer.py but never used.

Expected: Threshold should drive anomaly detection
Impact: Configuration is misleading / ineffective

4. Division by Zero Risk
   In src/cost_processor.py, first_cost can be 0, leading to division by zero.

Suggested Fix:

if first_cost == 0:
percentage_change = 0

Impact: Runtime crash

5. Sensitive Data in Config
   config.yaml contains real email addresses.

Expected: Use environment variables or .env
Impact: Security and privacy risk

6. Hardcoded S3 URL in Frontend
   script.js uses a fixed S3 endpoint.

Expected: Config-driven or environment-based URL
Impact: Poor portability and reuse

7. Weak CI Pipeline
   .github/workflows/deploy.yml only builds and pushes Docker image
   No:
   tests
   linting
   type checking

Impact: No quality gate before deployment

8. Overuse of Broad Exception Handling
   Multiple except Exception: blocks hide root causes

Expected: Catch specific exceptions and log details
Impact: Debugging becomes difficult

[GhazanfarTaqi]

I would like to work on this!

[MUBENDIRAN]

I would like to work on this!

Thanks for your interest in contributing!

Before getting started, please check the Discussions section and the "good first issue" label to understand the current priorities.

For this issue, we are focusing on:

• Cleaning malformed requirements
• Removing hardcoded/mock data
• Eliminating unused configurations
• Adding proper validation and safeguards

Let me know which part you’d like to work on, and I’ll assign it to you.

Also, please create a separate branch for your work — do not push directly to main.

Note: I’m planning to evolve this project into a pip-installable library, so contributions in that direction are welcome once the core issues are stabilized.

[GhazanfarTaqi]

I would like to work on "Cleaning malformed requirements".

[MUBENDIRAN]

I would like to work on "Cleaning malformed requirements".

Hii, currently I have planned to replace the requirements.txt file to pyproject.toml you can create one and contribute

[GhazanfarTaqi]

will do!

[MUBENDIRAN]

will do!

I will soon share the updated project
I have changed the logic completely for cloud independent and library motive

[AdithyaKotian]

Hi! I went through the discussion about migrating from requirements.txt to pyproject.toml.

I’d like to contribute to this migration. Please let me know how I can help or if there are specific parts I can take up.

[MUBENDIRAN]

Hi! I went through the discussion about migrating from requirements.txt to pyproject.toml.

I’d like to contribute to this migration. Please let me know how I can help or if there are specific parts I can take up.

Hii Yes soon i will release the Library based project type soon where you can contribute to pyproject.toml
fork the repo and have a local clone with new branch