vh/NetAlertX
1
0
Fork 0
mirror of https://github.com/jokob-sk/NetAlertX.git synced 2025-12-07 09:36:05 -08:00
Code Issues Actions Packages Projects Releases Wiki Activity

Coderabit changes

Browse Source
This commit is contained in:
Adam Outler
2025-10-25 17:58:21 +00:00
parent 32f9111f66
commit c4a041e6e1
11 changed files with 45 additions and 121 deletions
Download Patch File Download Diff File Expand all files Collapse all files

76
test/docker_tests/dockerfiles/no-error-compose.yml
View File

@@ -1,76 +0,0 @@
services:
netalertx:
network_mode: host # Use host networking for ARP scanning and other services
build:
context: . # Build context is the current directory
dockerfile: Dockerfile # Specify the Dockerfile to use
image: netalertx:latest
container_name: netalertx # The name when you docker contiainer ls
read_only: true # Make the container filesystem read-only
cap_drop: # Drop all capabilities for enhanced security
- ALL
cap_add: # Add only the necessary capabilities
- NET_ADMIN # Required for ARP scanning
- NET_RAW # Required for raw socket operations
- NET_BIND_SERVICE # Required to bind to privileged ports (nbtscan)
volumes:
- type: volume
source: netalertx_config
target: /app/config
read_only: false
- type: volume
source: netalertx_db
target: /app/db
read_only: false
- type: bind
source: /etc/localtime
target: /etc/localtime
read_only: true
# Use a custom Enterprise-configured nginx config for ldap or other settings
# - /custom-enterprise.conf:/services/config/nginx/conf.active/netalertx.conf:ro
# Test your plugin on the production container
# - /path/on/host:/app/front/plugins/custom
# Retain logs - comment out tmpfs /app/log if you want to retain logs between container restarts
# - /path/on/host/log:/app/log
# Tempfs mounts for writable directories in a read-only container and improve system performance
tmpfs:
# Speed up logging. This can be commented out to retain logs between container restarts
- "/app/log:uid=20211,gid=20211,mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
# Speed up API access as frontend/backend API is very chatty
- "/app/api:uid=20211,gid=20211,mode=1700,rw,noexec,nosuid,nodev,sync,noatime,nodiratime"
# Required for customization of the nginx listen addr/port without rebuilding the container
- "/services/config/nginx/conf.active:uid=20211,gid=20211,mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
# /services/config/nginx/conf.d is required for nginx and php to start
- "/services/run:uid=20211,gid=20211,mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
# /tmp is required by php for session save this should be reworked to /services/run/tmp
- "/tmp:uid=20211,gid=20211,mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
environment:
LISTEN_ADDR: 0.0.0.0 # Listen for connections on all interfaces
PORT: 20211 # Application port
GRAPHQL_PORT: 20212 # GraphQL API port
ALWAYS_FRESH_INSTALL: false # Set to true to reset your config and database on each container start
NETALERTX_DEBUG: 0 # 0=kill all services and restart if any dies. 1 keeps running dead services.
# Resource limits to prevent resource exhaustion
mem_limit: 2048m
mem_reservation: 1024m
cpus: 4
pids_limit: 512
logging:
driver: "json-file"
options:
max-size: "10m"
max-file: "3"
restart: unless-stopped
volumes:
netalertx_config_test:
netalertx_db_test:

30
test/docker_tests/test_container_environment.py
View File

@@ -211,7 +211,7 @@ def _run_container(
script = (
mounts_ls
+ f"sh /entrypoint.sh & pid=$!; "
+ "sh /entrypoint.sh & pid=$!; "
+ f"sleep {sleep_seconds}; "
+ "if kill -0 $pid >/dev/null 2>&1; then kill -TERM $pid >/dev/null 2>&1 || true; fi; "
+ "wait $pid; code=$?; if [ $code -eq 143 ]; then exit 0; fi; exit $code"
@@ -283,30 +283,6 @@ def test_first_run_creates_config_and_db(tmp_path: pathlib.Path) -> None:
assert result.returncode == 0
def test_second_run_starts_clean() -> None:
"""Test that containers start successfully with proper configuration.
0.2 After config/db generation: Subsequent runs start cleanly with existing files
This test validates that after initial configuration and database files exist,
the container starts cleanly without regenerating defaults.
"""
base = pathlib.Path("/tmp/NETALERTX_SECOND_RUN_CLEAN_TEST_MOUNT_INTENTIONAL")
paths = _setup_fixed_mount_tree(base)
volumes = _build_volume_args(paths)
try:
shutil.copyfile("/workspaces/NetAlertX/back/app.conf", paths["app_config"] / "app.conf")
shutil.copyfile("/workspaces/NetAlertX/db/app.db", paths["app_db"] / "app.db")
(paths["app_config"] / "app.conf").chmod(0o600)
(paths["app_db"] / "app.db").chmod(0o600)
second = _run_container("second-run", volumes, user="0:0", sleep_seconds=3)
assert "Default configuration written" not in second.stdout
assert "Building initial database schema" not in second.stdout
finally:
shutil.rmtree(base, ignore_errors=True)
def test_root_owned_app_db_mount(tmp_path: pathlib.Path) -> None:
"""Test root-owned mounts - simulates mounting host directories owned by root.
@@ -717,7 +693,7 @@ def test_missing_mount_app_db(tmp_path: pathlib.Path) -> None:
volumes = _build_volume_args(paths, skip={"app_db"})
result = _run_container("missing-mount-app-db", volumes, user="20211:20211")
_assert_contains(result.stdout, "Write permission denied")
_assert_contains(result.stdout, "/app/api")
_assert_contains(result.stdout, "/app/db")
assert result.returncode != 0
@@ -732,7 +708,7 @@ def test_missing_mount_app_config(tmp_path: pathlib.Path) -> None:
volumes = _build_volume_args(paths, skip={"app_config"})
result = _run_container("missing-mount-app-config", volumes, user="20211:20211")
_assert_contains(result.stdout, "Write permission denied")
_assert_contains(result.stdout, "/app/api")
_assert_contains(result.stdout, "/app/config")
assert result.returncode != 0