coderabbit suggestions

docs/docker-troubleshooting/arp-flux-sysctls.md

@@ -40,6 +40,10 @@ Set these sysctls at container runtime.
     jokob-sk/netalertx:latest
   ```
 
+> **Note:** Setting `net.ipv4.conf.all.arp_ignore` and `net.ipv4.conf.all.arp_announce` may fail with "operation not permitted" unless the container is run with elevated privileges. To resolve this, you can:
+> - Use `--privileged` with `docker run`.
+> - Use the more restrictive `--cap-add=NET_ADMIN` (or `cap_add: [NET_ADMIN]` in `docker-compose` service definitions) to allow the sysctls to be applied at runtime.
+
 ## Additional Resources
 
 For broader Docker Compose guidance, see:

install/production-filesystem/entrypoint.d/36-override-individual-settings.sh

@@ -12,10 +12,13 @@ fi
 if [ -n "${LOADED_PLUGINS:-}" ]; then
     echo "[ENV] Applying LOADED_PLUGINS override"
     value=$(printf '%s' "$LOADED_PLUGINS" | tr -d '\n\r')
-    escaped=$(printf '%s\n' "$value" | sed 's/[\/&]/\\&/g')
+    # declare delimiter for sed and escape it along with / and &
+    delim='|'
+    escaped=$(printf '%s\n' "$value" | sed "s/[\/${delim}&]/\\&/g")
 
     if grep -q '^LOADED_PLUGINS=' "${NETALERTX_CONFIG}/app.conf"; then
-        sed -i "s|^LOADED_PLUGINS=.*|LOADED_PLUGINS=${escaped}|" "${NETALERTX_CONFIG}/app.conf"
+        # use same delimiter when substituting
+        sed -i "s${delim}^LOADED_PLUGINS=.*${delim}LOADED_PLUGINS=${escaped}${delim}" "${NETALERTX_CONFIG}/app.conf"
     else
         echo "LOADED_PLUGINS=${value}" >> "${NETALERTX_CONFIG}/app.conf"
     fi

install/production-filesystem/entrypoint.sh

@@ -86,10 +86,11 @@ for script in "${ENTRYPOINT_CHECKS}"/*; do
     fi
     script_name=$(basename "$script" | sed 's/^[0-9]*-//;s/\.(sh|py)$//;s/-/ /g')
     echo "--> ${script_name} "
-    if [ -n "${SKIP_STARTUP_CHECKS:-}" ] && echo "${SKIP_STARTUP_CHECKS}" | grep -Fq "${script_name}"; then
-    printf "%sskip%s\n" "${GREY}" "${RESET}"
-		continue
-	fi
+    if [ -n "${SKIP_STARTUP_CHECKS:-}" ] &&
+       printf '%s' "${SKIP_STARTUP_CHECKS}" | grep -wFq -- "${script_name}"; then
+        printf "%sskip%s\n" "${GREY}" "${RESET}"
+        continue
+    fi
 
     "$script"
     NETALERTX_DOCKER_ERROR_CHECK=$?

install/production-filesystem/services/healthcheck.sh

@@ -48,8 +48,9 @@ else
     log_error "python /app/server is not running"
 fi
 
-# 5. Check port 20211 is open and contains "netalertx"
-[ "${LISTEN_ADDR}" == "0.0.0.0" ] && CHECK_ADDR="127.0.0.1" || CHECK_ADDR="${LISTEN_ADDR}";
+# 5. Check port 20211 is open
+CHECK_ADDR="${LISTEN_ADDR:-127.0.0.1}"
+[ "${CHECK_ADDR}" == "0.0.0.0" ] && CHECK_ADDR="127.0.0.1"
 if timeout 10 bash -c "</dev/tcp/${CHECK_ADDR}/${PORT:-20211}" 2>/dev/null; then
     log_success "Port ${PORT:-20211} is responding"
 else

test/api_endpoints/test_devices_endpoints.py

@@ -168,8 +168,12 @@ def test_devices_totals(client, api_token, test_mac):
         expected_length = len(conditions)
         assert len(data) == expected_length
 
-        # 4. Check that at least 1 device exists
-        assert data[0] >= 1  # 'devices' count includes the dummy device
+        # 4. Check that at least 1 device exists when there are any conditions
+        if expected_length > 0:
+            assert data[0] >= 1  # 'devices' count includes the dummy device
+        else:
+            # no conditions defined; data should be an empty list
+            assert data == []
     finally:
         delete_dummy(client, api_token, test_mac)