fix: resolve SonarQube security and code quality issues

- Replace hardcoded PostgreSQL passwords in docker-compose files with environment variables
- Add random_state parameter to SVR model for reproducibility
- Initialize seeded numpy random number generator (default_rng) for deterministic behavior
- Add missing os import in generate_all_sku_forecasts.py

Fixes:
- Hardcoded database password in docker-compose.ci.yml and docker-compose.versioned.yaml
- Missing random_state in SVR model and unseeded numpy random number generators

Author: T-DevH

deploy/compose/docker-compose.ci.yml

@@ -18,7 +18,7 @@ services:
       - GIT_SHA=${GIT_SHA:-unknown}
       - BUILD_TIME=${BUILD_TIME:-unknown}
       - ENVIRONMENT=ci
-      - DATABASE_URL=postgresql://postgres:postgres@postgres:5432/warehouse_ops
+      - DATABASE_URL=postgresql://${POSTGRES_USER:-postgres}:${POSTGRES_PASSWORD:-changeme}@postgres:5432/${POSTGRES_DB:-warehouse_ops}
       - REDIS_HOST=redis
       - REDIS_PORT=6379
       - MILVUS_HOST=milvus

deploy/compose/docker-compose.versioned.yaml

@@ -18,7 +18,7 @@ services:
       - GIT_SHA=${GIT_SHA:-unknown}
       - BUILD_TIME=${BUILD_TIME:-unknown}
       - ENVIRONMENT=development
-      - DATABASE_URL=postgresql://postgres:postgres@postgres:5432/warehouse_ops
+      - DATABASE_URL=postgresql://${POSTGRES_USER:-postgres}:${POSTGRES_PASSWORD:-changeme}@postgres:5432/${POSTGRES_DB:-warehouse_ops}
       - REDIS_HOST=redis
       - REDIS_PORT=6379
       - MILVUS_HOST=milvus

scripts/data/generate_all_sku_forecasts.py

@@ -22,6 +22,7 @@
 import asyncio
 import asyncpg
 import json
+import os
 import numpy as np
 import pandas as pd
 from datetime import datetime, timedelta
@@ -34,7 +35,12 @@
 warnings.filterwarnings('ignore')
 
 class AllSKUForecastingEngine:
-    def __init__(self):
+    def __init__(self, random_seed=42):
+        """Initialize forecasting engine with a random seed for reproducibility."""
+        self.random_seed = random_seed
+        # Initialize numpy random number generator with seed
+        self.rng = np.random.default_rng(random_seed)
+        
         self.db_config = {
             'host': 'localhost',
             'port': 5435,
@@ -49,7 +55,7 @@ def __init__(self):
             'Gradient Boosting': GradientBoostingRegressor(n_estimators=100, random_state=42),
             'Linear Regression': LinearRegression(),
             'Ridge Regression': Ridge(alpha=1.0),
-            'Support Vector Regression': SVR(kernel='rbf', C=1.0, gamma='scale')
+            'Support Vector Regression': SVR(kernel='rbf', C=1.0, gamma='scale', random_state=42)
         }
 
         # Try to import XGBoost
@@ -134,9 +140,9 @@ async def generate_historical_data(self, sku, days=365):
                 holiday_factor = 1.2
 
             # Random noise
-            # Security: Using np.random is appropriate here - generating forecast noise only
+            # Security: Using seeded random number generator for forecast noise only
             # For security-sensitive values (tokens, keys, passwords), use secrets module instead
-            noise = np.random.normal(0, 0.1)
+            noise = self.rng.normal(0, 0.1)
 
             # Calculate final demand
             final_demand = base_demand * seasonal_factor * monthly_factor * weekend_factor * holiday_factor
@@ -187,9 +193,9 @@ def create_features(self, df):
         df['demand_monthly_seasonal'] = df.groupby('month')['demand'].transform('mean') - df['demand'].mean()
 
         # Promotional features
-        # Security: Using np.random is appropriate here - generating forecast variations only
+        # Security: Using seeded random number generator for forecast variations only
         # For security-sensitive values (tokens, keys, passwords), use secrets module instead
-        df['promotional_boost'] = np.random.uniform(0.8, 1.2, len(df))
+        df['promotional_boost'] = self.rng.uniform(0.8, 1.2, len(df))
 
         # Interaction features
         df['weekend_summer'] = df['is_weekend'] * df['is_summer']