1f68ea1058
- Fix CRITICAL: safe config parser replacing shell source, sshpass -e, CSRF with /dev/urandom, symlink-safe file I/O - Fix HIGH: input validation for timestamps/accounts, path traversal prevention in Runner.pm, AJAX CSRF on all endpoints - Fix MEDIUM: umask 077, chmod 700 on config dirs, Config.pm TOCTOU lock, rsync exit code capture bug, RSYNC_EXTRA_OPTS character validation - ShellCheck: fix word-splitting in notify.sh, safe rm in pkgacct.sh, suppress cross-file SC2034 false positives - Perl::Critic: return undef→bare return, return (sort), unpack @_, explicit return on void subs, rename Config::write→save - Remove dead code: enforce_retention_all(), rsync_dry_run() - Add require_cmd checks for rsync/ssh/hostname/gzip at startup - Escape $hint/$tip in CGI helper functions for defense-in-depth - Expand tests from 17→40: validate_timestamp, validate_account_name, _safe_source_config (including malicious input), numeric validation Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
56 lines
1.6 KiB
Bash
56 lines
1.6 KiB
Bash
#!/usr/bin/env bash
|
|
# gniza/lib/constants.sh — Version, exit codes, colors
|
|
# shellcheck disable=SC2034 # constants are used by sourcing scripts
|
|
|
|
[[ -n "${_GNIZA_CONSTANTS_LOADED:-}" ]] && return 0
|
|
_GNIZA_CONSTANTS_LOADED=1
|
|
|
|
readonly GNIZA_VERSION="0.1.0"
|
|
readonly GNIZA_NAME="gniza"
|
|
|
|
# Exit codes
|
|
readonly EXIT_OK=0
|
|
readonly EXIT_FATAL=1
|
|
readonly EXIT_LOCKED=2
|
|
readonly EXIT_PARTIAL=5
|
|
|
|
# Colors (disabled if not a terminal)
|
|
if [[ -t 1 ]]; then
|
|
readonly C_RED=$'\033[0;31m'
|
|
readonly C_GREEN=$'\033[0;32m'
|
|
readonly C_YELLOW=$'\033[0;33m'
|
|
readonly C_BLUE=$'\033[0;34m'
|
|
readonly C_BOLD=$'\033[1m'
|
|
readonly C_RESET=$'\033[0m'
|
|
else
|
|
readonly C_RED=""
|
|
readonly C_GREEN=""
|
|
readonly C_YELLOW=""
|
|
readonly C_BLUE=""
|
|
readonly C_BOLD=""
|
|
readonly C_RESET=""
|
|
fi
|
|
|
|
# Defaults
|
|
readonly DEFAULT_REMOTE_AUTH_METHOD="key"
|
|
readonly DEFAULT_REMOTE_PORT=22
|
|
readonly DEFAULT_REMOTE_USER="root"
|
|
readonly DEFAULT_REMOTE_BASE="/backups"
|
|
readonly DEFAULT_TEMP_DIR="/usr/local/gniza/workdir"
|
|
readonly DEFAULT_EXCLUDE_ACCOUNTS="nobody"
|
|
readonly DEFAULT_BWLIMIT=0
|
|
readonly DEFAULT_RETENTION_COUNT=30
|
|
readonly DEFAULT_LOG_DIR="/var/log/gniza"
|
|
readonly DEFAULT_LOG_LEVEL="info"
|
|
readonly DEFAULT_LOG_RETAIN=90
|
|
readonly DEFAULT_NOTIFY_ON="failure"
|
|
readonly DEFAULT_LOCK_FILE="/var/run/gniza.lock"
|
|
readonly DEFAULT_SSH_TIMEOUT=30
|
|
readonly DEFAULT_SSH_RETRIES=3
|
|
readonly DEFAULT_REMOTE_TYPE="ssh"
|
|
readonly DEFAULT_S3_REGION="us-east-1"
|
|
readonly DEFAULT_SMTP_PORT=587
|
|
readonly DEFAULT_SMTP_SECURITY="tls"
|
|
readonly DEFAULT_USER_RESTORE_REMOTES="all"
|
|
readonly DEFAULT_CONFIG_FILE="/etc/gniza/gniza.conf"
|