avm/hassio-addons
1
0
Fork 0
mirror of https://github.com/alexbelgium/hassio-addons.git synced 2026-01-09 17:31:03 +01:00
Code Issues Packages Projects Releases Wiki Activity

fix: auto-fix linting issues

Browse Source
This commit is contained in:
alexbelgium
2025-08-17 00:34:15 +00:00
committed by github-actions[bot]
parent 205a7e9b84
commit 0d3c7619b4
28 changed files with 375 additions and 352 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
.claude/example_validated_init.sh
View File

@@ -25,7 +25,7 @@ if [[ "${ADDON_TYPE:-media}" == "media" ]]; then
if bashio::config.has_value "transcoding_quality"; then
validate_string "transcoding_quality" "^(low|medium|high|ultra)$" "Transcoding quality (low, medium, high, ultra)" false
fi
# Validate maximum concurrent streams
if bashio::config.has_value "max_streams"; then
validate_numeric "max_streams" 1 20 "Maximum concurrent streams (1-20)" false
@@ -38,7 +38,7 @@ if [[ "${ADDON_TYPE:-file}" == "file" ]]; then
if bashio::config.has_value "base_folder"; then
validate_path "base_folder" "/config" "Base folder for file browsing" false
fi
# Validate disable thumbnails setting
if bashio::config.has_value "disable_thumbnails"; then
validate_boolean "disable_thumbnails" "Disable thumbnail generation" false
@@ -51,12 +51,12 @@ if [[ "${ADDON_TYPE:-network}" == "network" ]]; then
if bashio::config.has_value "target_ip"; then
validate_ip "target_ip" "Target device IP address"
fi
# Validate gateway IP
if bashio::config.has_value "gateway_ip"; then
validate_ip "gateway_ip" "Network gateway IP address"
fi
# Validate block duration
if bashio::config.has_value "block_duration"; then
validate_numeric "block_duration" 1 3600 "Block duration in seconds (1-3600)"
@@ -70,25 +70,25 @@ fi
# Validate authentication settings
if bashio::config.has_value "enable_auth"; then
validate_boolean "enable_auth" "Enable authentication"
if bashio::config.true "enable_auth"; then
# If auth is enabled, validate credentials
validate_string "username" "^[a-zA-Z0-9_-]{3,20}$" "Username (3-20 alphanumeric characters)"
# Validate password strength
if bashio::config.has_value "password"; then
local password
password=$(bashio::config "password")
if [[ ${#password} -lt 8 ]]; then
bashio::log.fatal "Password too short. Minimum 8 characters required."
exit 1
fi
if [[ ! "$password" =~ [A-Z] ]] || [[ ! "$password" =~ [a-z] ]] || [[ ! "$password" =~ [0-9] ]]; then
bashio::log.warning "⚠️ Weak password detected. Consider using uppercase, lowercase, and numbers."
fi
bashio::log.debug "✅ Validated password strength"
fi
fi
@@ -108,4 +108,4 @@ bashio::log.info "Starting application with validated configuration..."
export VALIDATED_CONFIG="true"
export CONFIG_VALIDATION_TIME="$(date -Iseconds)"
bashio::log.debug "Environment prepared with validated configuration"
bashio::log.debug "Environment prepared with validated configuration"

34
.claude/ha_autoapps_secure.sh
View File

@@ -13,17 +13,17 @@ echo "📦 Installing packages securely: $PACKAGES"
# Install dependencies securely
install_dependencies() {
echo "🔧 Installing required dependencies..."
# Install bash if needed
if ! command -v bash > /dev/null 2>&1; then
(apt-get update && apt-get install -yqq --no-install-recommends bash || apk add --no-cache bash) > /dev/null
fi
# Install curl if needed
# Install curl if needed
if ! command -v curl > /dev/null 2>&1; then
(apt-get update && apt-get install -yqq --no-install-recommends curl || apk add --no-cache curl) > /dev/null
fi
# Install ca-certificates for SSL verification
(apt-get update && apt-get install -yqq --no-install-recommends ca-certificates || apk add --no-cache ca-certificates) > /dev/null 2>&1 || true
}
@@ -33,9 +33,9 @@ secure_download() {
local url="$1"
local output_file="$2"
local expected_sha256="${3:-}"
echo "🔒 Downloading: $(basename "$output_file")"
# Download with security headers and timeouts
if ! curl -fsSL \
--retry 3 \
@@ -48,15 +48,15 @@ secure_download() {
echo "❌ Failed to download: $url" >&2
return 1
fi
# Verify checksum if provided
if [ -n "$expected_sha256" ]; then
local actual_sha256
actual_sha256=$(sha256sum "$output_file" | cut -d' ' -f1)
if [ "$actual_sha256" != "$expected_sha256" ]; then
echo "❌ Checksum verification failed for $output_file" >&2
echo "Expected: $expected_sha256" >&2
echo "Expected: $expected_sha256" >&2
echo "Actual: $actual_sha256" >&2
rm -f "$output_file"
return 1
@@ -65,7 +65,7 @@ secure_download() {
else
echo "⚠️ No checksum provided - consider adding one for security"
fi
# Set secure permissions
chmod 755 "$output_file"
}
@@ -73,21 +73,21 @@ secure_download() {
# Main execution
main() {
echo "🛡️ Starting secure package installation..."
# Install dependencies
install_dependencies
# For now, we'll download without checksum but with secure practices
# TODO: Add checksums for ha_automatic_packages.sh in future releases
echo "📥 Downloading package installer..."
local script_url="https://raw.githubusercontent.com/alexbelgium/hassio-addons/master/.templates/ha_automatic_packages.sh"
local script_file="/ha_automatic_packages.sh"
# Download securely (without checksum for now - to be added)
if secure_download "$script_url" "$script_file" ""; then
echo "🏃 Executing package installer..."
# Execute with error handling
if bash "$script_file" "${PACKAGES:-}"; then
echo "✅ Package installation completed successfully"
@@ -95,7 +95,7 @@ main() {
echo "❌ Package installation failed" >&2
exit 1
fi
# Clean up
rm -f "$script_file"
echo "🧹 Cleanup completed"
@@ -106,4 +106,4 @@ main() {
}
# Execute main function
main "$@"
main "$@"

78
.claude/ha_input_validation.sh
View File

@@ -13,27 +13,27 @@ validate_string() {
local pattern="$2"
local description="$3"
local required="${4:-true}"
if ! bashio::config.has_value "$config_key"; then
if [[ "$required" == "true" ]]; then
bashio::log.fatal "Required configuration '$config_key' not found"
bashio::log.fatal "Expected: $description"
exit 1
else
return 0 # Optional field not provided
return 0 # Optional field not provided
fi
fi
local value
value=$(bashio::config "$config_key")
if [[ ! $value =~ $pattern ]]; then
bashio::log.fatal "Invalid format for '$config_key': '$value'"
bashio::log.fatal "Expected: $description"
bashio::log.fatal "Pattern: $pattern"
exit 1
fi
bashio::log.debug "✅ Validated $config_key: $value"
}
@@ -44,7 +44,7 @@ validate_numeric() {
local max_val="$3"
local description="$4"
local required="${5:-true}"
if ! bashio::config.has_value "$config_key"; then
if [[ "$required" == "true" ]]; then
bashio::log.fatal "Required configuration '$config_key' not found"
@@ -53,24 +53,24 @@ validate_numeric() {
return 0
fi
fi
local value
value=$(bashio::config "$config_key")
# Check if it's a valid number
if ! [[ "$value" =~ ^[0-9]+$ ]]; then
bashio::log.fatal "Invalid numeric value for '$config_key': '$value'"
bashio::log.fatal "Expected: $description"
exit 1
fi
# Check bounds
if [[ $value -lt $min_val ]] || [[ $value -gt $max_val ]]; then
bashio::log.fatal "Value for '$config_key' out of range: $value"
bashio::log.fatal "Expected: $description (range: $min_val-$max_val)"
exit 1
fi
bashio::log.debug "✅ Validated $config_key: $value"
}
@@ -79,7 +79,7 @@ validate_boolean() {
local config_key="$1"
local description="$2"
local required="${3:-true}"
if ! bashio::config.has_value "$config_key"; then
if [[ "$required" == "true" ]]; then
bashio::log.fatal "Required configuration '$config_key' not found"
@@ -88,16 +88,16 @@ validate_boolean() {
return 0
fi
fi
local value
value=$(bashio::config "$config_key")
if [[ ! "$value" =~ ^(true|false)$ ]]; then
bashio::log.fatal "Invalid boolean value for '$config_key': '$value'"
bashio::log.fatal "Expected: $description (true or false)"
exit 1
fi
bashio::log.debug "✅ Validated $config_key: $value"
}
@@ -107,7 +107,7 @@ validate_path() {
local base_path="$2"
local description="$3"
local required="${4:-true}"
if ! bashio::config.has_value "$config_key"; then
if [[ "$required" == "true" ]]; then
bashio::log.fatal "Required configuration '$config_key' not found"
@@ -116,10 +116,10 @@ validate_path() {
return 0
fi
fi
local value
value=$(bashio::config "$config_key")
# Check for directory traversal attempts
if [[ "$value" =~ \.\. ]] || [[ "$value" =~ ^/ ]]; then
bashio::log.fatal "Invalid path for '$config_key': '$value'"
@@ -127,30 +127,30 @@ validate_path() {
bashio::log.fatal "Expected: $description"
exit 1
fi
# Normalize path and check if it's within base path
local full_path="$base_path/$value"
local real_path
real_path=$(realpath -m "$full_path" 2>/dev/null || echo "$full_path")
real_path=$(realpath -m "$full_path" 2> /dev/null || echo "$full_path")
local real_base
real_base=$(realpath -m "$base_path")
if [[ ! "$real_path" =~ ^"$real_base" ]]; then
bashio::log.fatal "Path '$config_key' outside allowed base: '$value'"
bashio::log.fatal "Expected: $description"
exit 1
fi
bashio::log.debug "✅ Validated path $config_key: $value"
}
# Function to validate URL
validate_url() {
local config_key="$1"
local allowed_schemes="$2" # e.g., "http|https"
local allowed_schemes="$2" # e.g., "http|https"
local description="$3"
local required="${4:-true}"
if ! bashio::config.has_value "$config_key"; then
if [[ "$required" == "true" ]]; then
bashio::log.fatal "Required configuration '$config_key' not found"
@@ -159,20 +159,20 @@ validate_url() {
return 0
fi
fi
local value
value=$(bashio::config "$config_key")
# Basic URL validation
local url_pattern="^($allowed_schemes)://[A-Za-z0-9.-]+(:[0-9]+)?(/.*)?$"
if [[ ! "$value" =~ $url_pattern ]]; then
bashio::log.fatal "Invalid URL for '$config_key': '$value'"
bashio::log.fatal "Expected: $description"
bashio::log.fatal "Allowed schemes: $allowed_schemes"
exit 1
fi
bashio::log.debug "✅ Validated URL $config_key: $value"
}
@@ -181,7 +181,7 @@ validate_ip() {
local config_key="$1"
local description="$2"
local required="${3:-true}"
if ! bashio::config.has_value "$config_key"; then
if [[ "$required" == "true" ]]; then
bashio::log.fatal "Required configuration '$config_key' not found"
@@ -190,13 +190,13 @@ validate_ip() {
return 0
fi
fi
local value
value=$(bashio::config "$config_key")
# IPv4 validation
local ipv4_pattern="^([0-9]{1,3}\.){3}[0-9]{1,3}$"
if [[ "$value" =~ $ipv4_pattern ]]; then
# Validate each octet is 0-255
IFS='.' read -ra octets <<< "$value"
@@ -212,38 +212,38 @@ validate_ip() {
bashio::log.fatal "Expected: $description"
exit 1
fi
bashio::log.debug "✅ Validated IP $config_key: $value"
}
# Function to validate common add-on configurations
validate_common_config() {
bashio::log.info "🔍 Validating common configuration parameters..."
# Validate SSL configuration if present
if bashio::config.has_value "ssl"; then
validate_boolean "ssl" "Enable/disable SSL"
if bashio::config.true "ssl"; then
validate_string "certfile" "^[a-zA-Z0-9._-]+\.pem$" "SSL certificate filename" true
validate_string "keyfile" "^[a-zA-Z0-9._-]+\.pem$" "SSL private key filename" true
fi
fi
# Validate user/group IDs if present
if bashio::config.has_value "PUID"; then
validate_numeric "PUID" 0 65535 "User ID (0-65535)"
fi
if bashio::config.has_value "PGID"; then
validate_numeric "PGID" 0 65535 "Group ID (0-65535)"
fi
# Validate timezone if present
if bashio::config.has_value "TZ"; then
validate_string "TZ" "^[A-Za-z0-9/_+-]+$" "Timezone (e.g., Europe/London)" false
fi
bashio::log.info "✅ Common configuration validation completed"
}
@@ -253,4 +253,4 @@ if [[ "${BASH_SOURCE[0]}" == "${0}" ]]; then
bashio::log.info "This library provides secure validation functions for add-on configurations"
echo ""
bashio::log.info "Usage: source /ha_input_validation.sh"
fi
fi

20
.claude/ha_secure_download.sh
View File

@@ -11,13 +11,13 @@ secure_download() {
local url="$1"
local output_file="$2"
local expected_sha256="$3"
echo "🔒 Securely downloading: $(basename "$output_file")"
# Download with retry logic
local retries=3
local retry_delay=2
for i in $(seq 1 $retries); do
if curl -fsSL --retry 3 --retry-delay 1 --connect-timeout 10 --max-time 30 "$url" -o "$output_file"; then
break
@@ -29,13 +29,13 @@ secure_download() {
sleep $retry_delay
fi
done
# Verify SHA256 checksum if provided
if [ -n "$expected_sha256" ]; then
echo "🔍 Verifying integrity..."
local actual_sha256
actual_sha256=$(sha256sum "$output_file" | cut -d' ' -f1)
if [ "$actual_sha256" = "$expected_sha256" ]; then
echo "✅ Integrity verification passed"
else
@@ -48,7 +48,7 @@ secure_download() {
else
echo "⚠️ No checksum provided - skipping integrity verification"
fi
# Set secure permissions
chmod 755 "$output_file"
echo "🔧 Set secure permissions (755)"
@@ -57,17 +57,17 @@ secure_download() {
# Function to install common dependencies securely
install_dependencies() {
echo "📦 Installing secure dependencies..."
# Install bash if needed
if ! command -v bash > /dev/null 2>&1; then
(apt-get update && apt-get install -yqq --no-install-recommends bash || apk add --no-cache bash) > /dev/null
fi
# Install curl if needed
if ! command -v curl > /dev/null 2>&1; then
(apt-get update && apt-get install -yqq --no-install-recommends curl || apk add --no-cache curl) > /dev/null
fi
# Install ca-certificates for SSL verification
(apt-get update && apt-get install -yqq --no-install-recommends ca-certificates || apk add --no-cache ca-certificates) > /dev/null 2>&1 || true
}
@@ -83,4 +83,4 @@ if [[ "${BASH_SOURCE[0]}" == "${0}" ]]; then
echo ""
echo "Example:"
echo " secure_download 'https://example.com/script.sh' '/tmp/script.sh' 'abc123...'"
fi
fi