shukivaknin/gniza4cp
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
5b2319ae6eae14ae7bc09779322569cca9f1ef7e
gniza4cp/lib/constants.sh
shuki 1f68ea1058 Security hardening, static analysis fixes, and expanded test coverage 
- Fix CRITICAL: safe config parser replacing shell source, sshpass -e,
  CSRF with /dev/urandom, symlink-safe file I/O
- Fix HIGH: input validation for timestamps/accounts, path traversal
  prevention in Runner.pm, AJAX CSRF on all endpoints
- Fix MEDIUM: umask 077, chmod 700 on config dirs, Config.pm TOCTOU lock,
  rsync exit code capture bug, RSYNC_EXTRA_OPTS character validation
- ShellCheck: fix word-splitting in notify.sh, safe rm in pkgacct.sh,
  suppress cross-file SC2034 false positives
- Perl::Critic: return undef→bare return, return (sort), unpack @_,
  explicit return on void subs, rename Config::write→save
- Remove dead code: enforce_retention_all(), rsync_dry_run()
- Add require_cmd checks for rsync/ssh/hostname/gzip at startup
- Escape $hint/$tip in CGI helper functions for defense-in-depth
- Expand tests from 17→40: validate_timestamp, validate_account_name,
  _safe_source_config (including malicious input), numeric validation

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-04 23:57:26 +02:00

56 lines
1.6 KiB
Bash
Raw Blame History

#!/usr/bin/env bash
# gniza/lib/constants.sh — Version, exit codes, colors
# shellcheck disable=SC2034 # constants are used by sourcing scripts
[[ -n "${_GNIZA_CONSTANTS_LOADED:-}" ]] && return 0
_GNIZA_CONSTANTS_LOADED=1
readonly GNIZA_VERSION="0.1.0"
readonly GNIZA_NAME="gniza"
# Exit codes
readonly EXIT_OK=0
readonly EXIT_FATAL=1
readonly EXIT_LOCKED=2
readonly EXIT_PARTIAL=5
# Colors (disabled if not a terminal)
if [[ -t 1 ]]; then
readonly C_RED=$'\033[0;31m'
readonly C_GREEN=$'\033[0;32m'
readonly C_YELLOW=$'\033[0;33m'
readonly C_BLUE=$'\033[0;34m'
readonly C_BOLD=$'\033[1m'
readonly C_RESET=$'\033[0m'
else
readonly C_RED=""
readonly C_GREEN=""
readonly C_YELLOW=""
readonly C_BLUE=""
readonly C_BOLD=""
readonly C_RESET=""
fi
# Defaults
readonly DEFAULT_REMOTE_AUTH_METHOD="key"
readonly DEFAULT_REMOTE_PORT=22
readonly DEFAULT_REMOTE_USER="root"
readonly DEFAULT_REMOTE_BASE="/backups"
readonly DEFAULT_TEMP_DIR="/usr/local/gniza/workdir"
readonly DEFAULT_EXCLUDE_ACCOUNTS="nobody"
readonly DEFAULT_BWLIMIT=0
readonly DEFAULT_RETENTION_COUNT=30
readonly DEFAULT_LOG_DIR="/var/log/gniza"
readonly DEFAULT_LOG_LEVEL="info"
readonly DEFAULT_LOG_RETAIN=90
readonly DEFAULT_NOTIFY_ON="failure"
readonly DEFAULT_LOCK_FILE="/var/run/gniza.lock"
readonly DEFAULT_SSH_TIMEOUT=30
readonly DEFAULT_SSH_RETRIES=3
readonly DEFAULT_REMOTE_TYPE="ssh"
readonly DEFAULT_S3_REGION="us-east-1"
readonly DEFAULT_SMTP_PORT=587
readonly DEFAULT_SMTP_SECURITY="tls"
readonly DEFAULT_USER_RESTORE_REMOTES="all"
readonly DEFAULT_CONFIG_FILE="/etc/gniza/gniza.conf"
Reference in New Issue View Git Blame Copy Permalink