From c4a041e6e1ff5768e5e0de323622d6e9c531f962 Mon Sep 17 00:00:00 2001 From: Adam Outler Date: Sat, 25 Oct 2025 17:58:21 +0000 Subject: [PATCH] Coderabit changes --- .devcontainer/devcontainer.json | 9 ++- .../resources/devcontainer-Dockerfile | 2 +- .vscode/tasks.json | 21 +++++ .../services/scripts/check-app-permissions.sh | 3 +- .../services/scripts/check-capabilities.sh | 3 +- .../scripts/check-first-run-config.sh | 6 +- .../services/scripts/check-ramdisk.sh | 6 +- .../services/scripts/check-storage-extra.sh | 7 +- .../dockerfiles/no-error-compose.yml | 76 ------------------- .../test_container_environment.py | 30 +------- test/test_compound_conditions.py | 3 +- 11 files changed, 45 insertions(+), 121 deletions(-) delete mode 100755 test/docker_tests/dockerfiles/no-error-compose.yml diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json index 2a2276c7..9a54132f 100755 --- a/.devcontainer/devcontainer.json +++ b/.devcontainer/devcontainer.json @@ -43,9 +43,12 @@ } }, - "postCreateCommand": "/opt/venv/bin/pip3 install pytest docker debugpy", - "postStartCommand": "${containerWorkspaceFolder}/.devcontainer/scripts/setup.sh", - + "postCreateCommand": { + "Install Pip Requriements": "/opt/venv/bin/pip3 install pytest docker debugpy" + }, + "postStartCommand": { + "Start Environment":"${containerWorkspaceFolder}/.devcontainer/scripts/setup.sh" + }, "customizations": { "vscode": { "extensions": [ diff --git a/.devcontainer/resources/devcontainer-Dockerfile b/.devcontainer/resources/devcontainer-Dockerfile index fc1709eb..939de992 100755 --- a/.devcontainer/resources/devcontainer-Dockerfile +++ b/.devcontainer/resources/devcontainer-Dockerfile @@ -18,7 +18,7 @@ COPY .devcontainer/resources/devcontainer-overlay/ / USER root # Install common tools, create user, and set up sudo RUN apk add --no-cache git nano vim jq php83-pecl-xdebug py3-pip nodejs sudo gpgconf pytest \ - pytest-cov fish shfmt github-cli py3-yaml py3-docker-py docker-cli + pytest-cov fish shfmt github-cli py3-yaml py3-docker-py docker-cli docker-cli-buildx RUN install -d -o netalertx -g netalertx -m 755 /services/php/modules && \ diff --git a/.vscode/tasks.json b/.vscode/tasks.json index 3f253188..815123bc 100755 --- a/.vscode/tasks.json +++ b/.vscode/tasks.json @@ -160,5 +160,26 @@ "color": "terminal.ansiBlue" } } + , + { + "label": "[Any] Build Unit Test Docker image", + "type": "shell", + "command": "docker build -t netalertx-test .", + "presentation": { + "echo": true, + "reveal": "always", + "panel": "shared", + "showReuseMessage": false + }, + "problemMatcher": [], + "group": { + "kind": "build", + "isDefault": false + }, + "icon": { + "id": "beaker", + "color": "terminal.ansiBlue" + } + } ] } diff --git a/install/production-filesystem/services/scripts/check-app-permissions.sh b/install/production-filesystem/services/scripts/check-app-permissions.sh index fb4535e7..3c130ddc 100644 --- a/install/production-filesystem/services/scripts/check-app-permissions.sh +++ b/install/production-filesystem/services/scripts/check-app-permissions.sh @@ -52,7 +52,8 @@ failures=0 # Check all paths ALL_PATHS="${READ_ONLY_PATHS} ${READ_WRITE_PATHS}" -for path in $ALL_PATHS; do +echo "${READ_ONLY_PATHS}" | while IFS= read -r path; do + [ -z "$path" ] && continue if [ ! -e "$path" ]; then failures=1 >&2 printf "%s" "${RED}" diff --git a/install/production-filesystem/services/scripts/check-capabilities.sh b/install/production-filesystem/services/scripts/check-capabilities.sh index 1733f8e5..a14e76ab 100755 --- a/install/production-filesystem/services/scripts/check-capabilities.sh +++ b/install/production-filesystem/services/scripts/check-capabilities.sh @@ -27,6 +27,5 @@ then ══════════════════════════════════════════════════════════════════════════════ EOF >&2 printf "%s" "${RESET}" - exit 0 fi -exit 0 \ No newline at end of file +exit 0 # Always exit success even after warnings \ No newline at end of file diff --git a/install/production-filesystem/services/scripts/check-first-run-config.sh b/install/production-filesystem/services/scripts/check-first-run-config.sh index 7643a921..d5848edc 100755 --- a/install/production-filesystem/services/scripts/check-first-run-config.sh +++ b/install/production-filesystem/services/scripts/check-first-run-config.sh @@ -5,14 +5,14 @@ if [ ! -f ${NETALERTX_CONFIG}/app.conf ]; then mkdir -p "${NETALERTX_CONFIG}" || { >&2 echo "ERROR: Failed to create config directory ${NETALERTX_CONFIG}" - exit 0 + exit 1 } cp /app/back/app.conf "${NETALERTX_CONFIG}/app.conf" || { >&2 echo "ERROR: Failed to copy default config to ${NETALERTX_CONFIG}/app.conf" - exit 0 + exit 2 } RESET='\033[0m' - >&2 cat <<'EOF' + >&2 cat <&2 printf "%s" "${RESET}" + return 1 } failures=0 -warn_if_not_persistent_mount "${NETALERTX_LOG}" "Logs" -warn_if_not_persistent_mount "${NETALERTX_API}" "API JSON cache" -warn_if_not_persistent_mount "${SYSTEM_SERVICES_RUN}" "Runtime work directory" +warn_if_not_persistent_mount "${NETALERTX_LOG}" "Logs" || failures=$((failures + 1)) +warn_if_not_persistent_mount "${NETALERTX_API}" "API JSON cache" || failures=$((failures + 1)) +warn_if_not_persistent_mount "${SYSTEM_SERVICES_RUN}" "Runtime work directory" || failures=$((failures + 1)) if [ "${failures}" -ne 0 ]; then sleep 5 diff --git a/test/docker_tests/dockerfiles/no-error-compose.yml b/test/docker_tests/dockerfiles/no-error-compose.yml deleted file mode 100755 index 70787a74..00000000 --- a/test/docker_tests/dockerfiles/no-error-compose.yml +++ /dev/null @@ -1,76 +0,0 @@ -services: - netalertx: - network_mode: host # Use host networking for ARP scanning and other services - build: - context: . # Build context is the current directory - dockerfile: Dockerfile # Specify the Dockerfile to use - image: netalertx:latest - container_name: netalertx # The name when you docker contiainer ls - read_only: true # Make the container filesystem read-only - cap_drop: # Drop all capabilities for enhanced security - - ALL - cap_add: # Add only the necessary capabilities - - NET_ADMIN # Required for ARP scanning - - NET_RAW # Required for raw socket operations - - NET_BIND_SERVICE # Required to bind to privileged ports (nbtscan) - - volumes: - - type: volume - source: netalertx_config - target: /app/config - read_only: false - - - type: volume - source: netalertx_db - target: /app/db - read_only: false - - - type: bind - source: /etc/localtime - target: /etc/localtime - read_only: true - - # Use a custom Enterprise-configured nginx config for ldap or other settings - # - /custom-enterprise.conf:/services/config/nginx/conf.active/netalertx.conf:ro - - # Test your plugin on the production container - # - /path/on/host:/app/front/plugins/custom - - # Retain logs - comment out tmpfs /app/log if you want to retain logs between container restarts - # - /path/on/host/log:/app/log - - # Tempfs mounts for writable directories in a read-only container and improve system performance - tmpfs: - # Speed up logging. This can be commented out to retain logs between container restarts - - "/app/log:uid=20211,gid=20211,mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime" - # Speed up API access as frontend/backend API is very chatty - - "/app/api:uid=20211,gid=20211,mode=1700,rw,noexec,nosuid,nodev,sync,noatime,nodiratime" - # Required for customization of the nginx listen addr/port without rebuilding the container - - "/services/config/nginx/conf.active:uid=20211,gid=20211,mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime" - # /services/config/nginx/conf.d is required for nginx and php to start - - "/services/run:uid=20211,gid=20211,mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime" - # /tmp is required by php for session save this should be reworked to /services/run/tmp - - "/tmp:uid=20211,gid=20211,mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime" - environment: - LISTEN_ADDR: 0.0.0.0 # Listen for connections on all interfaces - PORT: 20211 # Application port - GRAPHQL_PORT: 20212 # GraphQL API port - ALWAYS_FRESH_INSTALL: false # Set to true to reset your config and database on each container start - NETALERTX_DEBUG: 0 # 0=kill all services and restart if any dies. 1 keeps running dead services. - - # Resource limits to prevent resource exhaustion - mem_limit: 2048m - mem_reservation: 1024m - cpus: 4 - pids_limit: 512 - logging: - driver: "json-file" - options: - max-size: "10m" - max-file: "3" - restart: unless-stopped - -volumes: - netalertx_config_test: - netalertx_db_test: - diff --git a/test/docker_tests/test_container_environment.py b/test/docker_tests/test_container_environment.py index 00dfaf1b..0fd04c75 100644 --- a/test/docker_tests/test_container_environment.py +++ b/test/docker_tests/test_container_environment.py @@ -211,7 +211,7 @@ def _run_container( script = ( mounts_ls - + f"sh /entrypoint.sh & pid=$!; " + + "sh /entrypoint.sh & pid=$!; " + f"sleep {sleep_seconds}; " + "if kill -0 $pid >/dev/null 2>&1; then kill -TERM $pid >/dev/null 2>&1 || true; fi; " + "wait $pid; code=$?; if [ $code -eq 143 ]; then exit 0; fi; exit $code" @@ -283,30 +283,6 @@ def test_first_run_creates_config_and_db(tmp_path: pathlib.Path) -> None: assert result.returncode == 0 -def test_second_run_starts_clean() -> None: - """Test that containers start successfully with proper configuration. - - 0.2 After config/db generation: Subsequent runs start cleanly with existing files - This test validates that after initial configuration and database files exist, - the container starts cleanly without regenerating defaults. - """ - base = pathlib.Path("/tmp/NETALERTX_SECOND_RUN_CLEAN_TEST_MOUNT_INTENTIONAL") - paths = _setup_fixed_mount_tree(base) - volumes = _build_volume_args(paths) - - try: - shutil.copyfile("/workspaces/NetAlertX/back/app.conf", paths["app_config"] / "app.conf") - shutil.copyfile("/workspaces/NetAlertX/db/app.db", paths["app_db"] / "app.db") - (paths["app_config"] / "app.conf").chmod(0o600) - (paths["app_db"] / "app.db").chmod(0o600) - - second = _run_container("second-run", volumes, user="0:0", sleep_seconds=3) - assert "Default configuration written" not in second.stdout - assert "Building initial database schema" not in second.stdout - finally: - shutil.rmtree(base, ignore_errors=True) - - def test_root_owned_app_db_mount(tmp_path: pathlib.Path) -> None: """Test root-owned mounts - simulates mounting host directories owned by root. @@ -717,7 +693,7 @@ def test_missing_mount_app_db(tmp_path: pathlib.Path) -> None: volumes = _build_volume_args(paths, skip={"app_db"}) result = _run_container("missing-mount-app-db", volumes, user="20211:20211") _assert_contains(result.stdout, "Write permission denied") - _assert_contains(result.stdout, "/app/api") + _assert_contains(result.stdout, "/app/db") assert result.returncode != 0 @@ -732,7 +708,7 @@ def test_missing_mount_app_config(tmp_path: pathlib.Path) -> None: volumes = _build_volume_args(paths, skip={"app_config"}) result = _run_container("missing-mount-app-config", volumes, user="20211:20211") _assert_contains(result.stdout, "Write permission denied") - _assert_contains(result.stdout, "/app/api") + _assert_contains(result.stdout, "/app/config") assert result.returncode != 0 diff --git a/test/test_compound_conditions.py b/test/test_compound_conditions.py index bfb9679a..5790dc4c 100755 --- a/test/test_compound_conditions.py +++ b/test/test_compound_conditions.py @@ -12,7 +12,8 @@ from unittest.mock import MagicMock sys.modules['logger'] = MagicMock() # Add parent directory to path for imports -sys.path.insert(0, '/workspaces/NetAlertX') +import os +sys.path.insert(0, os.path.join(os.path.dirname(__file__), '..')) from server.db.sql_safe_builder import SafeConditionBuilder