akanealw/Charon
1
0
Fork 0
Code Issues Pull Requests Actions 16 Packages Projects Releases Wiki Activity

chore: replace wget with curl in various scripts for consistency and reliability

Browse Source 
- Updated WafConfig.tsx to correct regex for common bad bots.
- Modified cerberus_integration.sh to use curl instead of wget for backend readiness check.
- Changed coraza_integration.sh to utilize curl for checking httpbin backend status.
- Updated crowdsec_startup_test.sh to use curl for LAPI health check.
- Replaced wget with curl in install-go-1.25.5.sh for downloading Go.
- Modified rate_limit_integration.sh to use curl for backend readiness check.
- Updated waf_integration.sh to replace wget with curl for checking httpbin backend status.
This commit is contained in:
GitHub Actions
2026-01-21 08:16:08 +00:00
parent d6b68ce81a
commit 710d729022
20 changed files with 25 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
.docker/compose/docker-compose.e2e.yml
View File

@@ -35,7 +35,7 @@ services:
# Use tmpfs for E2E test data - fresh on every run
- e2e_data:/app/data
healthcheck:
test: ["CMD", "wget", "--no-verbose", "--tries=1", "--spider", "http://localhost:8080/api/v1/health"]
test: ["CMD", "curl", "--no-verbose", "--tries=1", "--spider", "http://localhost:8080/api/v1/health"]
interval: 5s
timeout: 5s
retries: 10

2
.docker/compose/docker-compose.local.yml
View File

@@ -43,7 +43,7 @@ services:
# - <PATH_TO_YOUR_CADDYFILE>:/import/Caddyfile:ro
# - <PATH_TO_YOUR_SITES_DIR>:/import/sites:ro # If your Caddyfile imports other files
healthcheck:
test: ["CMD", "wget", "--no-verbose", "--tries=1", "--spider", "http://localhost:8080/api/v1/health"]
test: ["CMD", "curl", "--no-verbose", "--tries=1", "--spider", "http://localhost:8080/api/v1/health"]
interval: 30s
timeout: 10s
retries: 3

2
.docker/compose/docker-compose.yml
View File

@@ -53,7 +53,7 @@ services:
# - ./my-existing-Caddyfile:/import/Caddyfile:ro
# - ./sites:/import/sites:ro # If your Caddyfile imports other files
healthcheck:
test: ["CMD", "wget", "--no-verbose", "--tries=1", "--spider", "http://localhost:8080/api/v1/health"]
test: ["CMD", "curl", "--no-verbose", "--tries=1", "--spider", "http://localhost:8080/api/v1/health"]
interval: 30s
timeout: 10s
retries: 3

2
.github/workflows/docker-build.yml vendored
View File

@@ -478,7 +478,7 @@ jobs:
# Wait for container to be healthy (max 2 minutes)
echo "Waiting for container to start..."
timeout 120s bash -c 'until docker exec test-container wget -q -O- http://localhost:8080/api/v1/health 2>/dev/null | grep -q "status"; do echo "Waiting..."; sleep 2; done' || {
timeout 120s bash -c 'until docker exec test-container curl -q -O- http://localhost:8080/api/v1/health 2>/dev/null | grep -q "status"; do echo "Waiting..."; sleep 2; done' || {
echo "❌ Container failed to become healthy"
docker logs test-container
exit 1

2
docs/features/custom-plugins.md
View File

@@ -67,7 +67,7 @@ sha256sum powerdns.so
Download the `.so` file for your platform:
```bash
wget https://example.com/plugins/powerdns-linux-amd64.so -O powerdns.so
curl https://example.com/plugins/powerdns-linux-amd64.so -O powerdns.so
```
2. **Verify Plugin Integrity (Recommended)**

2
docs/plans/container-hardening-fix.md
View File

@@ -217,7 +217,7 @@ services:
# - ./my-existing-Caddyfile:/import/Caddyfile:ro
healthcheck:
test: ["CMD", "wget", "--no-verbose", "--tries=1", "--spider", "http://localhost:8080/api/v1/health"]
test: ["CMD", "curl", "--no-verbose", "--tries=1", "--spider", "http://localhost:8080/api/v1/health"]
interval: 30s
timeout: 10s
retries: 3

6
docs/plans/crowdsec_full_implementation.md
View File

@@ -541,7 +541,7 @@ if [ "$SECURITY_CROWDSEC_MODE" = "local" ]; then
# Wait for LAPI to be ready
echo "Waiting for CrowdSec LAPI..."
for i in $(seq 1 30); do
if wget -q -O- http://127.0.0.1:8085/health >/dev/null 2>&1; then
if curl -q -O- http://127.0.0.1:8085/health >/dev/null 2>&1; then
echo "CrowdSec LAPI is ready!"
break
fi
@@ -1770,7 +1770,7 @@ if docker logs ${CONTAINER_NAME} 2>&1 | grep -q "no datasource enabled"; then
fi
# Check if LAPI is healthy
LAPI_HEALTH=$(docker exec ${CONTAINER_NAME} wget -q -O- http://127.0.0.1:8085/health 2>/dev/null || echo "failed")
LAPI_HEALTH=$(docker exec ${CONTAINER_NAME} curl -q -O- http://127.0.0.1:8085/health 2>/dev/null || echo "failed")
if [ "$LAPI_HEALTH" != "failed" ]; then
echo "✅ PASS: CrowdSec LAPI is healthy"
else
@@ -2026,7 +2026,7 @@ RUN chmod +x /usr/local/bin/register_bouncer.sh /usr/local/bin/install_hub_items
3. **LAPI Health Test:**
```bash
docker exec charon-test wget -q -O- http://127.0.0.1:8085/health
docker exec charon-test curl -q -O- http://127.0.0.1:8085/health
```
4. **Integration Test:**

8
docs/plans/debian_migration_spec.md
View File

@@ -350,13 +350,13 @@ RUN setcap 'cap_net_bind_service=+ep' /usr/bin/caddy
**File**: `.docker/docker-entrypoint.sh`
> **⚠️ CRITICAL**: Debian slim does NOT include `wget`. The entrypoint uses wget for the Caddy readiness check. All `wget` calls must be replaced with `curl` equivalents.
> **⚠️ CRITICAL**: Debian slim does NOT include `curl`. The entrypoint uses curl for the Caddy readiness check. All `curl` calls must be replaced with `curl` equivalents.
#### Step 3.0: Replace wget with curl for Caddy Readiness Check
#### Step 3.0: Replace curl with curl for Caddy Readiness Check
```bash
# BEFORE (Alpine - uses wget)
wget -q --spider http://localhost:2019/config/ || exit 1
# BEFORE (Alpine - uses curl)
curl -q --spider http://localhost:2019/config/ || exit 1
# AFTER (Debian - uses curl)
curl -sf http://localhost:2019/config/ > /dev/null || exit 1

2
docs/plans/prev_spec_websocket_fix_dec16.md
View File

@@ -351,7 +351,7 @@ Key behaviors:
```yaml
healthcheck:
test: ["CMD", "wget", "--no-verbose", "--tries=1", "--spider", "http://localhost:8080/api/v1/health"]
test: ["CMD", "curl", "--no-verbose", "--tries=1", "--spider", "http://localhost:8080/api/v1/health"]
interval: 30s
timeout: 10s
retries: 3

2
docs/plans/security_vulnerability_remediation.md
View File

@@ -1975,7 +1975,7 @@ The Charon Security Team
- busybox: Provides core Unix utilities in Alpine
- busybox-binsh: Shell interpreter (used by scripts)
- ssl_client: SSL/TLS client library (used by wget)
- ssl_client: SSL/TLS client library (used by curl)
**Mitigation:** Update Alpine base image or packages via `apk upgrade`.

2
docs/security.md
View File

@@ -871,7 +871,7 @@ services:
# - ./my-existing-Caddyfile:/import/Caddyfile:ro
healthcheck:
test: ["CMD", "wget", "--no-verbose", "--tries=1", "--spider", "http://localhost:8080/api/v1/health"]
test: ["CMD", "curl", "--no-verbose", "--tries=1", "--spider", "http://localhost:8080/api/v1/health"]
interval: 30s
timeout: 10s
retries: 3

2
frontend/public/banner.svg
View File

File diff suppressed because one or more lines are too long
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 1.5 MiB

After

Width:  |  Height:  |  Size: 1.5 MiB

2
frontend/public/logo.svg
View File

File diff suppressed because one or more lines are too long
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 497 KiB

After

Width:  |  Height:  |  Size: 497 KiB

2
frontend/src/pages/WafConfig.tsx
View File

@@ -35,7 +35,7 @@ SecRule REQUEST_BODY "@detectXSS" "id:2002,phase:2,deny,status:403,msg:'XSS in B
{
name: 'Common Bad Bots',
url: '',
content: `SecRule REQUEST_HEADERS:User-Agent "@rx (?i)(curl|wget|python|scrapy|httpclient|libwww|nikto|sqlmap)" "id:3001,phase:1,deny,status:403,msg:'Bad Bot Detected'"
content: `SecRule REQUEST_HEADERS:User-Agent "@rx (?i)(curl|curl|python|scrapy|httpclient|libwww|nikto|sqlmap)" "id:3001,phase:1,deny,status:403,msg:'Bad Bot Detected'"
SecRule REQUEST_HEADERS:User-Agent "@streq -" "id:3002,phase:1,deny,status:403,msg:'Empty User-Agent'"`,
description: 'Block known malicious bots and scanners.',
},

2
scripts/cerberus_integration.sh
View File

@@ -211,7 +211,7 @@ echo ""
log_info "Waiting for httpbin backend to be ready..."
for i in {1..20}; do
if docker exec ${CONTAINER_NAME} sh -c "wget -q -O- http://${BACKEND_CONTAINER}/get 2>/dev/null || curl -s http://${BACKEND_CONTAINER}/get" >/dev/null 2>&1; then
if docker exec ${CONTAINER_NAME} sh -c "curl -q -O- http://${BACKEND_CONTAINER}/get 2>/dev/null || curl -s http://${BACKEND_CONTAINER}/get" >/dev/null 2>&1; then
log_info "httpbin backend is ready"
break
fi

2
scripts/coraza_integration.sh
View File

@@ -160,7 +160,7 @@ docker run -d --name coraza-backend --network containers_default kennethreitz/ht
echo "Waiting for httpbin backend to be ready..."
for i in {1..20}; do
# Check if container is running and has network connectivity
if docker exec charon-debug sh -c 'wget -q -O- http://coraza-backend/get 2>/dev/null || curl -s http://coraza-backend/get' >/dev/null 2>&1; then
if docker exec charon-debug sh -c 'curl -q -O- http://coraza-backend/get 2>/dev/null || curl -s http://coraza-backend/get' >/dev/null 2>&1; then
echo "✓ httpbin backend is ready"
break
fi

2
scripts/crowdsec_startup_test.sh
View File

@@ -175,7 +175,7 @@ fi
log_test "Check 2: CrowdSec LAPI health (127.0.0.1:8085/health)"
# Use docker exec to check LAPI health from inside the container
LAPI_HEALTH=$(docker exec ${CONTAINER_NAME} wget -q -O- http://127.0.0.1:8085/health 2>/dev/null || echo "FAILED")
LAPI_HEALTH=$(docker exec ${CONTAINER_NAME} curl -q -O- http://127.0.0.1:8085/health 2>/dev/null || echo "FAILED")
if [ "$LAPI_HEALTH" != "FAILED" ] && [ -n "$LAPI_HEALTH" ]; then
log_info " LAPI is healthy"

2
scripts/install-go-1.25.5.sh
View File

@@ -15,7 +15,7 @@ TMPFILE="/tmp/${TARFILE}"
# Download
if [ ! -f "$TMPFILE" ]; then
echo "Downloading go${GO_VERSION}..."
wget -q -O "$TMPFILE" "https://go.dev/dl/${TARFILE}"
curl -q -O "$TMPFILE" "https://go.dev/dl/${TARFILE}"
fi
# Remove existing installation

2
scripts/rate_limit_integration.sh
View File

@@ -187,7 +187,7 @@ docker run -d --name ${BACKEND_CONTAINER} --network containers_default kennethre
echo "Waiting for httpbin backend to be ready..."
for i in {1..20}; do
if docker exec ${CONTAINER_NAME} sh -c "wget -q -O- http://${BACKEND_CONTAINER}/get 2>/dev/null || curl -s http://${BACKEND_CONTAINER}/get" >/dev/null 2>&1; then
if docker exec ${CONTAINER_NAME} sh -c "curl -q -O- http://${BACKEND_CONTAINER}/get 2>/dev/null || curl -s http://${BACKEND_CONTAINER}/get" >/dev/null 2>&1; then
echo "✓ httpbin backend is ready"
break
fi

2
scripts/waf_integration.sh
View File

@@ -202,7 +202,7 @@ echo ""
log_info "Waiting for httpbin backend to be ready..."
for i in {1..20}; do
if docker exec ${CONTAINER_NAME} sh -c "wget -q -O- http://${BACKEND_CONTAINER}/get 2>/dev/null || curl -s http://${BACKEND_CONTAINER}/get" >/dev/null 2>&1; then
if docker exec ${CONTAINER_NAME} sh -c "curl -q -O- http://${BACKEND_CONTAINER}/get 2>/dev/null || curl -s http://${BACKEND_CONTAINER}/get" >/dev/null 2>&1; then
log_info "httpbin backend is ready"
break
fi