akanealw/Charon
1
0
Fork 0
Code Issues Pull Requests Actions 16 Packages Projects Releases Wiki Activity

fix(ci): quote shell variables to prevent word splitting in integration test

Browse Source 
- All unquoted $i loop counter comparisons and ${TMP_COOKIE} curl
  option arguments in the rate limit integration script were flagged
  by shellcheck SC2086
- Unquoted variables in [ ] test expressions and curl -b/-c options
  can cause subtle failures if the value ever contains whitespace or
  glob characters, and are a shellcheck hard warning that blocks CI
  linting gates
- Quoted all affected variables in place with no logic changes
This commit is contained in:
GitHub Actions
2026-03-17 17:13:08 +00:00
parent fa6fbc8ce9
commit 287e85d232
1 changed files with 11 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
scripts/rate_limit_integration.sh
View File

@@ -170,7 +170,7 @@ for i in {1..30}; do
echo "✓ Charon API is ready" echo "✓ Charon API is ready"
break break
fi fi
if [ $i -eq 30 ]; then if [ "$i" -eq 30 ]; then
echo "✗ Charon API failed to start" echo "✗ Charon API failed to start"
exit 1 exit 1
fi fi
@@ -192,7 +192,7 @@ for i in {1..45}; do
echo "✓ httpbin backend is ready" echo "✓ httpbin backend is ready"
break break
fi fi
if [ $i -eq 45 ]; then if [ "$i" -eq 45 ]; then
echo "✗ httpbin backend failed to start" echo "✗ httpbin backend failed to start"
exit 1 exit 1
fi fi
@@ -212,7 +212,7 @@ curl -s -X POST -H "Content-Type: application/json" \
LOGIN_STATUS=$(curl -s -w "\n%{http_code}" -X POST -H "Content-Type: application/json" \ LOGIN_STATUS=$(curl -s -w "\n%{http_code}" -X POST -H "Content-Type: application/json" \
-d '{"email":"ratelimit@example.local","password":"password123"}' \ -d '{"email":"ratelimit@example.local","password":"password123"}' \
-c ${TMP_COOKIE} \ -c "${TMP_COOKIE}" \
http://localhost:8280/api/v1/auth/login | tail -n1) http://localhost:8280/api/v1/auth/login | tail -n1)
if [ "$LOGIN_STATUS" != "200" ]; then if [ "$LOGIN_STATUS" != "200" ]; then
@@ -240,7 +240,7 @@ EOF
CREATE_RESP=$(curl -s -w "\n%{http_code}" -X POST -H "Content-Type: application/json" \ CREATE_RESP=$(curl -s -w "\n%{http_code}" -X POST -H "Content-Type: application/json" \
-d "${PROXY_HOST_PAYLOAD}" \ -d "${PROXY_HOST_PAYLOAD}" \
-b ${TMP_COOKIE} \ -b "${TMP_COOKIE}" \
http://localhost:8280/api/v1/proxy-hosts) http://localhost:8280/api/v1/proxy-hosts)
CREATE_STATUS=$(echo "$CREATE_RESP" | tail -n1) CREATE_STATUS=$(echo "$CREATE_RESP" | tail -n1)
@@ -278,7 +278,7 @@ for i in {1..20}; do
echo "✓ Caddy admin API is ready" echo "✓ Caddy admin API is ready"
break break
fi fi
if [ $i -eq 20 ]; then if [ "$i" -eq 20 ]; then
echo "✗ Caddy admin API failed to become ready" echo "✗ Caddy admin API failed to become ready"
exit 1 exit 1
fi fi
@@ -288,7 +288,7 @@ done
SEC_CONFIG_RESP=$(curl -s -w "\n%{http_code}" -X POST -H "Content-Type: application/json" \ SEC_CONFIG_RESP=$(curl -s -w "\n%{http_code}" -X POST -H "Content-Type: application/json" \
-d "${SEC_CFG_PAYLOAD}" \ -d "${SEC_CFG_PAYLOAD}" \
-b ${TMP_COOKIE} \ -b "${TMP_COOKIE}" \
http://localhost:8280/api/v1/security/config) http://localhost:8280/api/v1/security/config)
SEC_CONFIG_STATUS=$(echo "$SEC_CONFIG_RESP" | tail -n1) SEC_CONFIG_STATUS=$(echo "$SEC_CONFIG_RESP" | tail -n1)
SEC_CONFIG_BODY=$(echo "$SEC_CONFIG_RESP" | head -n-1) SEC_CONFIG_BODY=$(echo "$SEC_CONFIG_RESP" | head -n-1)
@@ -313,7 +313,7 @@ if ! verify_rate_limit_config; then
curl -s http://localhost:2119/config/ 2>/dev/null | head -200 || echo "Admin API not responding" curl -s http://localhost:2119/config/ 2>/dev/null | head -200 || echo "Admin API not responding"
echo "" echo ""
echo "=== Security config from API ===" echo "=== Security config from API ==="
curl -s -b ${TMP_COOKIE} http://localhost:8280/api/v1/security/config 2>/dev/null || echo "API not responding" curl -s -b "${TMP_COOKIE}" http://localhost:8280/api/v1/security/config 2>/dev/null || echo "API not responding"
exit 1 exit 1
fi fi
@@ -369,10 +369,10 @@ else
echo " ✗ Expected HTTP 429, got HTTP $BLOCKED_STATUS" echo " ✗ Expected HTTP 429, got HTTP $BLOCKED_STATUS"
echo "" echo ""
echo "=== DEBUG: SecurityConfig from API ===" echo "=== DEBUG: SecurityConfig from API ==="
curl -s -b ${TMP_COOKIE} http://localhost:8280/api/v1/security/config | jq . curl -s -b "${TMP_COOKIE}" http://localhost:8280/api/v1/security/config | jq .
echo "" echo ""
echo "=== DEBUG: SecurityStatus from API ===" echo "=== DEBUG: SecurityStatus from API ==="
curl -s -b ${TMP_COOKIE} http://localhost:8280/api/v1/security/status | jq . curl -s -b "${TMP_COOKIE}" http://localhost:8280/api/v1/security/status | jq .
echo "" echo ""
echo "=== DEBUG: Caddy config (first proxy route handlers) ===" echo "=== DEBUG: Caddy config (first proxy route handlers) ==="
curl -s http://localhost:2119/config/ | jq '.apps.http.servers.charon_server.routes[0].handle // []' curl -s http://localhost:2119/config/ | jq '.apps.http.servers.charon_server.routes[0].handle // []'
@@ -427,12 +427,12 @@ echo ""
# Remove test proxy host from database # Remove test proxy host from database
echo "Removing test proxy host from database..." echo "Removing test proxy host from database..."
INTEGRATION_UUID=$(curl -s -b ${TMP_COOKIE} http://localhost:8280/api/v1/proxy-hosts | \ INTEGRATION_UUID=$(curl -s -b "${TMP_COOKIE}" http://localhost:8280/api/v1/proxy-hosts | \
grep -o '"uuid":"[^"]*"[^}]*"domain_names":"'${TEST_DOMAIN}'"' | head -n1 | \ grep -o '"uuid":"[^"]*"[^}]*"domain_names":"'${TEST_DOMAIN}'"' | head -n1 | \
grep -o '"uuid":"[^"]*"' | sed 's/"uuid":"\([^"]*\)"/\1/') grep -o '"uuid":"[^"]*"' | sed 's/"uuid":"\([^"]*\)"/\1/')
if [ -n "$INTEGRATION_UUID" ]; then if [ -n "$INTEGRATION_UUID" ]; then
curl -s -X DELETE -b ${TMP_COOKIE} \ curl -s -X DELETE -b "${TMP_COOKIE}" \
"http://localhost:8280/api/v1/proxy-hosts/${INTEGRATION_UUID}?delete_uptime=true" >/dev/null "http://localhost:8280/api/v1/proxy-hosts/${INTEGRATION_UUID}?delete_uptime=true" >/dev/null
echo "✓ Deleted test proxy host ${INTEGRATION_UUID}" echo "✓ Deleted test proxy host ${INTEGRATION_UUID}"
fi fi