vh/NetAlertX
1
0
Fork 0
mirror of https://github.com/jokob-sk/NetAlertX.git synced 2025-12-06 17:15:38 -08:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Coderabit changes

Browse Source
This commit is contained in:
Adam Outler
2025-10-25 17:58:21 +00:00
parent 32f9111f66
commit c4a041e6e1
11 changed files with 45 additions and 121 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
.devcontainer/devcontainer.json
View File

@@ -43,9 +43,12 @@
} }
}, },
"postCreateCommand": "/opt/venv/bin/pip3 install pytest docker debugpy", "postCreateCommand": {
"postStartCommand": "${containerWorkspaceFolder}/.devcontainer/scripts/setup.sh", "Install Pip Requriements": "/opt/venv/bin/pip3 install pytest docker debugpy"
},
"postStartCommand": {
"Start Environment":"${containerWorkspaceFolder}/.devcontainer/scripts/setup.sh"
},
"customizations": { "customizations": {
"vscode": { "vscode": {
"extensions": [ "extensions": [

2
.devcontainer/resources/devcontainer-Dockerfile
View File

@@ -18,7 +18,7 @@ COPY .devcontainer/resources/devcontainer-overlay/ /
USER root USER root
# Install common tools, create user, and set up sudo # Install common tools, create user, and set up sudo
RUN apk add --no-cache git nano vim jq php83-pecl-xdebug py3-pip nodejs sudo gpgconf pytest \ RUN apk add --no-cache git nano vim jq php83-pecl-xdebug py3-pip nodejs sudo gpgconf pytest \
pytest-cov fish shfmt github-cli py3-yaml py3-docker-py docker-cli pytest-cov fish shfmt github-cli py3-yaml py3-docker-py docker-cli docker-cli-buildx
RUN install -d -o netalertx -g netalertx -m 755 /services/php/modules && \ RUN install -d -o netalertx -g netalertx -m 755 /services/php/modules && \

21
.vscode/tasks.json vendored
View File

@@ -160,5 +160,26 @@
"color": "terminal.ansiBlue" "color": "terminal.ansiBlue"
} }
} }
,
{
"label": "[Any] Build Unit Test Docker image",
"type": "shell",
"command": "docker build -t netalertx-test .",
"presentation": {
"echo": true,
"reveal": "always",
"panel": "shared",
"showReuseMessage": false
},
"problemMatcher": [],
"group": {
"kind": "build",
"isDefault": false
},
"icon": {
"id": "beaker",
"color": "terminal.ansiBlue"
}
}
] ]
} }

3
install/production-filesystem/services/scripts/check-app-permissions.sh
View File

@@ -52,7 +52,8 @@ failures=0
# Check all paths # Check all paths
ALL_PATHS="${READ_ONLY_PATHS} ${READ_WRITE_PATHS}" ALL_PATHS="${READ_ONLY_PATHS} ${READ_WRITE_PATHS}"
for path in $ALL_PATHS; do echo "${READ_ONLY_PATHS}" | while IFS= read -r path; do
[ -z "$path" ] && continue
if [ ! -e "$path" ]; then if [ ! -e "$path" ]; then
failures=1 failures=1
>&2 printf "%s" "${RED}" >&2 printf "%s" "${RED}"

3
install/production-filesystem/services/scripts/check-capabilities.sh
View File

@@ -27,6 +27,5 @@ then
══════════════════════════════════════════════════════════════════════════════ ══════════════════════════════════════════════════════════════════════════════
EOF EOF
>&2 printf "%s" "${RESET}" >&2 printf "%s" "${RESET}"
exit 0
fi fi
exit 0 exit 0 # Always exit success even after warnings

6
install/production-filesystem/services/scripts/check-first-run-config.sh
View File

@@ -5,14 +5,14 @@
if [ ! -f ${NETALERTX_CONFIG}/app.conf ]; then if [ ! -f ${NETALERTX_CONFIG}/app.conf ]; then
mkdir -p "${NETALERTX_CONFIG}" || { mkdir -p "${NETALERTX_CONFIG}" || {
>&2 echo "ERROR: Failed to create config directory ${NETALERTX_CONFIG}" >&2 echo "ERROR: Failed to create config directory ${NETALERTX_CONFIG}"
exit 0 exit 1
} }
cp /app/back/app.conf "${NETALERTX_CONFIG}/app.conf" || { cp /app/back/app.conf "${NETALERTX_CONFIG}/app.conf" || {
>&2 echo "ERROR: Failed to copy default config to ${NETALERTX_CONFIG}/app.conf" >&2 echo "ERROR: Failed to copy default config to ${NETALERTX_CONFIG}/app.conf"
exit 0 exit 2
} }
RESET='\033[0m' RESET='\033[0m'
>&2 cat <<'EOF' >&2 cat <<EOF
══════════════════════════════════════════════════════════════════════════════ ══════════════════════════════════════════════════════════════════════════════
🆕 First run detected. Default configuration written to ${NETALERTX_CONFIG}/app.conf. 🆕 First run detected. Default configuration written to ${NETALERTX_CONFIG}/app.conf.

6
install/production-filesystem/services/scripts/check-ramdisk.sh
View File

@@ -41,10 +41,8 @@ failures=0
warn_if_not_dedicated_mount "${NETALERTX_API}" warn_if_not_dedicated_mount "${NETALERTX_API}"
warn_if_not_dedicated_mount "${NETALERTX_LOG}" warn_if_not_dedicated_mount "${NETALERTX_LOG}"
if [ "${failures}" -ne 0 ]; then
exit 0
fi
if [ ! -d "${SYSTEM_NGINX_CONFIG}/conf.active" ]; then if [ ! -L "${SYSTEM_NGINX_CONFIG}/conf.active" ]; then
echo "Note: Using default listen address ${LISTEN_ADDR}:${PORT} (no ${SYSTEM_NGINX_CONFIG}/conf.active override)." echo "Note: Using default listen address ${LISTEN_ADDR}:${PORT} (no ${SYSTEM_NGINX_CONFIG}/conf.active override)."
fi fi
exit 0

7
install/production-filesystem/services/scripts/check-storage-extra.sh
View File

@@ -25,12 +25,13 @@ warn_if_not_persistent_mount() {
══════════════════════════════════════════════════════════════════════════════ ══════════════════════════════════════════════════════════════════════════════
EOF EOF
>&2 printf "%s" "${RESET}" >&2 printf "%s" "${RESET}"
return 1
} }
failures=0 failures=0
warn_if_not_persistent_mount "${NETALERTX_LOG}" "Logs" warn_if_not_persistent_mount "${NETALERTX_LOG}" "Logs" || failures=$((failures + 1))
warn_if_not_persistent_mount "${NETALERTX_API}" "API JSON cache" warn_if_not_persistent_mount "${NETALERTX_API}" "API JSON cache" || failures=$((failures + 1))
warn_if_not_persistent_mount "${SYSTEM_SERVICES_RUN}" "Runtime work directory" warn_if_not_persistent_mount "${SYSTEM_SERVICES_RUN}" "Runtime work directory" || failures=$((failures + 1))
if [ "${failures}" -ne 0 ]; then if [ "${failures}" -ne 0 ]; then
sleep 5 sleep 5

76
test/docker_tests/dockerfiles/no-error-compose.yml
View File

@@ -1,76 +0,0 @@
services:
netalertx:
network_mode: host # Use host networking for ARP scanning and other services
build:
context: . # Build context is the current directory
dockerfile: Dockerfile # Specify the Dockerfile to use
image: netalertx:latest
container_name: netalertx # The name when you docker contiainer ls
read_only: true # Make the container filesystem read-only
cap_drop: # Drop all capabilities for enhanced security
- ALL
cap_add: # Add only the necessary capabilities
- NET_ADMIN # Required for ARP scanning
- NET_RAW # Required for raw socket operations
- NET_BIND_SERVICE # Required to bind to privileged ports (nbtscan)
volumes:
- type: volume
source: netalertx_config
target: /app/config
read_only: false
- type: volume
source: netalertx_db
target: /app/db
read_only: false
- type: bind
source: /etc/localtime
target: /etc/localtime
read_only: true
# Use a custom Enterprise-configured nginx config for ldap or other settings
# - /custom-enterprise.conf:/services/config/nginx/conf.active/netalertx.conf:ro
# Test your plugin on the production container
# - /path/on/host:/app/front/plugins/custom
# Retain logs - comment out tmpfs /app/log if you want to retain logs between container restarts
# - /path/on/host/log:/app/log
# Tempfs mounts for writable directories in a read-only container and improve system performance
tmpfs:
# Speed up logging. This can be commented out to retain logs between container restarts
- "/app/log:uid=20211,gid=20211,mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
# Speed up API access as frontend/backend API is very chatty
- "/app/api:uid=20211,gid=20211,mode=1700,rw,noexec,nosuid,nodev,sync,noatime,nodiratime"
# Required for customization of the nginx listen addr/port without rebuilding the container
- "/services/config/nginx/conf.active:uid=20211,gid=20211,mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
# /services/config/nginx/conf.d is required for nginx and php to start
- "/services/run:uid=20211,gid=20211,mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
# /tmp is required by php for session save this should be reworked to /services/run/tmp
- "/tmp:uid=20211,gid=20211,mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
environment:
LISTEN_ADDR: 0.0.0.0 # Listen for connections on all interfaces
PORT: 20211 # Application port
GRAPHQL_PORT: 20212 # GraphQL API port
ALWAYS_FRESH_INSTALL: false # Set to true to reset your config and database on each container start
NETALERTX_DEBUG: 0 # 0=kill all services and restart if any dies. 1 keeps running dead services.
# Resource limits to prevent resource exhaustion
mem_limit: 2048m
mem_reservation: 1024m
cpus: 4
pids_limit: 512
logging:
driver: "json-file"
options:
max-size: "10m"
max-file: "3"
restart: unless-stopped
volumes:
netalertx_config_test:
netalertx_db_test:

30
test/docker_tests/test_container_environment.py
View File

@@ -211,7 +211,7 @@ def _run_container(
script = ( script = (
mounts_ls mounts_ls
+ f"sh /entrypoint.sh & pid=$!; " + "sh /entrypoint.sh & pid=$!; "
+ f"sleep {sleep_seconds}; " + f"sleep {sleep_seconds}; "
+ "if kill -0 $pid >/dev/null 2>&1; then kill -TERM $pid >/dev/null 2>&1 || true; fi; " + "if kill -0 $pid >/dev/null 2>&1; then kill -TERM $pid >/dev/null 2>&1 || true; fi; "
+ "wait $pid; code=$?; if [ $code -eq 143 ]; then exit 0; fi; exit $code" + "wait $pid; code=$?; if [ $code -eq 143 ]; then exit 0; fi; exit $code"
@@ -283,30 +283,6 @@ def test_first_run_creates_config_and_db(tmp_path: pathlib.Path) -> None:
assert result.returncode == 0 assert result.returncode == 0
def test_second_run_starts_clean() -> None:
"""Test that containers start successfully with proper configuration.
0.2 After config/db generation: Subsequent runs start cleanly with existing files
This test validates that after initial configuration and database files exist,
the container starts cleanly without regenerating defaults.
"""
base = pathlib.Path("/tmp/NETALERTX_SECOND_RUN_CLEAN_TEST_MOUNT_INTENTIONAL")
paths = _setup_fixed_mount_tree(base)
volumes = _build_volume_args(paths)
try:
shutil.copyfile("/workspaces/NetAlertX/back/app.conf", paths["app_config"] / "app.conf")
shutil.copyfile("/workspaces/NetAlertX/db/app.db", paths["app_db"] / "app.db")
(paths["app_config"] / "app.conf").chmod(0o600)
(paths["app_db"] / "app.db").chmod(0o600)
second = _run_container("second-run", volumes, user="0:0", sleep_seconds=3)
assert "Default configuration written" not in second.stdout
assert "Building initial database schema" not in second.stdout
finally:
shutil.rmtree(base, ignore_errors=True)
def test_root_owned_app_db_mount(tmp_path: pathlib.Path) -> None: def test_root_owned_app_db_mount(tmp_path: pathlib.Path) -> None:
"""Test root-owned mounts - simulates mounting host directories owned by root. """Test root-owned mounts - simulates mounting host directories owned by root.
@@ -717,7 +693,7 @@ def test_missing_mount_app_db(tmp_path: pathlib.Path) -> None:
volumes = _build_volume_args(paths, skip={"app_db"}) volumes = _build_volume_args(paths, skip={"app_db"})
result = _run_container("missing-mount-app-db", volumes, user="20211:20211") result = _run_container("missing-mount-app-db", volumes, user="20211:20211")
_assert_contains(result.stdout, "Write permission denied") _assert_contains(result.stdout, "Write permission denied")
_assert_contains(result.stdout, "/app/api") _assert_contains(result.stdout, "/app/db")
assert result.returncode != 0 assert result.returncode != 0
@@ -732,7 +708,7 @@ def test_missing_mount_app_config(tmp_path: pathlib.Path) -> None:
volumes = _build_volume_args(paths, skip={"app_config"}) volumes = _build_volume_args(paths, skip={"app_config"})
result = _run_container("missing-mount-app-config", volumes, user="20211:20211") result = _run_container("missing-mount-app-config", volumes, user="20211:20211")
_assert_contains(result.stdout, "Write permission denied") _assert_contains(result.stdout, "Write permission denied")
_assert_contains(result.stdout, "/app/api") _assert_contains(result.stdout, "/app/config")
assert result.returncode != 0 assert result.returncode != 0

3
test/test_compound_conditions.py
View File

@@ -12,7 +12,8 @@ from unittest.mock import MagicMock
sys.modules['logger'] = MagicMock() sys.modules['logger'] = MagicMock()
# Add parent directory to path for imports # Add parent directory to path for imports
sys.path.insert(0, '/workspaces/NetAlertX') import os
sys.path.insert(0, os.path.join(os.path.dirname(__file__), '..'))
from server.db.sql_safe_builder import SafeConditionBuilder from server.db.sql_safe_builder import SafeConditionBuilder