diff --git a/dc-build.sh b/dc-build.sh index 8793ee97463..69981941d6e 100755 --- a/dc-build.sh +++ b/dc-build.sh @@ -3,15 +3,16 @@ bash ./docker/docker-compose-check.sh if [[ $? -eq 1 ]]; then exit 1; fi +# Building images for all configurations +# The docker build doesn't supply any environment variables to the Dockerfile, so we can use any profile. + if [ $# -eq 0 ] then echo "Building docker compose" + # Compose V2 integrates compose functions into the Docker platform, continuing to support most of the previous docker-compose features and flags. You can run Compose V2 by replacing the hyphen (-) with a space, using docker compose, instead of docker-compose. + docker compose --profile mysql-rabbitmq --profile postgres-redis --env-file ./docker/environments/postgres-redis.env build else echo "Building docker compose with additional parameter $1 ..." + # Compose V2 integrates compose functions into the Docker platform, continuing to support most of the previous docker-compose features and flags. You can run Compose V2 by replacing the hyphen (-) with a space, using docker compose, instead of docker-compose. + docker compose --profile mysql-rabbitmq --profile postgres-redis --env-file ./docker/environments/postgres-redis.env build "$1" fi - -# Building images for all configurations -# The docker build doesn't supply any environment variables to the Dockerfile, so we can use any profile. - -# Compose V2 integrates compose functions into the Docker platform, continuing to support most of the previous docker-compose features and flags. You can run Compose V2 by replacing the hyphen (-) with a space, using docker compose, instead of docker-compose. -docker compose --profile mysql-rabbitmq --profile postgres-redis --env-file ./docker/environments/postgres-redis.env build $1 diff --git a/dc-down.sh b/dc-down.sh index 13dd5006364..258e3df49c5 100755 --- a/dc-down.sh +++ b/dc-down.sh @@ -3,15 +3,16 @@ bash ./docker/docker-compose-check.sh if [[ $? -eq 1 ]]; then exit 1; fi +# Stopping containers for all configurations +# The environment must be provided but it doesn't make a difference which one + if [ $# -eq 0 ] then echo "Stopping docker compose and removing containers" + # Compose V2 integrates compose functions into the Docker platform, continuing to support most of the previous docker-compose features and flags. You can run Compose V2 by replacing the hyphen (-) with a space, using docker compose, instead of docker-compose. + docker compose --profile mysql-rabbitmq --profile postgres-redis --env-file ./docker/environments/postgres-redis.env down else echo "Stopping docker compose and removing containers with additional parameter $1 ..." + # Compose V2 integrates compose functions into the Docker platform, continuing to support most of the previous docker-compose features and flags. You can run Compose V2 by replacing the hyphen (-) with a space, using docker compose, instead of docker-compose. + docker compose --profile mysql-rabbitmq --profile postgres-redis --env-file ./docker/environments/postgres-redis.env down "$1" fi - -# Stopping containers for all configurations -# The environment must be provided but it doesn't make a difference which one - -# Compose V2 integrates compose functions into the Docker platform, continuing to support most of the previous docker-compose features and flags. You can run Compose V2 by replacing the hyphen (-) with a space, using docker compose, instead of docker-compose. -docker compose --profile mysql-rabbitmq --profile postgres-redis --env-file ./docker/environments/postgres-redis.env down $1 diff --git a/dc-stop.sh b/dc-stop.sh index c1bbdd5b61e..4b74c26a9ca 100755 --- a/dc-stop.sh +++ b/dc-stop.sh @@ -3,15 +3,16 @@ bash ./docker/docker-compose-check.sh if [[ $? -eq 1 ]]; then exit 1; fi +# Stopping containers for all configurations +# The environment must be provided but it doesn't make a difference which one + if [ $# -eq 0 ] then echo "Stopping docker compose" + # Compose V2 integrates compose functions into the Docker platform, continuing to support most of the previous docker-compose features and flags. You can run Compose V2 by replacing the hyphen (-) with a space, using docker compose, instead of docker-compose. + docker compose --profile mysql-rabbitmq --profile postgres-redis --env-file ./docker/environments/postgres-redis.env stop else echo "Stopping docker compose with additional parameter $1 ..." + # Compose V2 integrates compose functions into the Docker platform, continuing to support most of the previous docker-compose features and flags. You can run Compose V2 by replacing the hyphen (-) with a space, using docker compose, instead of docker-compose. + docker compose --profile mysql-rabbitmq --profile postgres-redis --env-file ./docker/environments/postgres-redis.env stop "$1" fi - -# Stopping containers for all configurations -# The environment must be provided but it doesn't make a difference which one - -# Compose V2 integrates compose functions into the Docker platform, continuing to support most of the previous docker-compose features and flags. You can run Compose V2 by replacing the hyphen (-) with a space, using docker compose, instead of docker-compose. -docker compose --profile mysql-rabbitmq --profile postgres-redis --env-file ./docker/environments/postgres-redis.env stop $1 diff --git a/dc-unittest.sh b/dc-unittest.sh index 0a566e9f760..9dfd2937fc2 100755 --- a/dc-unittest.sh +++ b/dc-unittest.sh @@ -41,7 +41,7 @@ while [[ $# -gt 0 ]]; do usage exit 0 ;; - -*|--*) + -*) echo "Unknown option $1" usage exit 1 @@ -53,9 +53,9 @@ while [[ $# -gt 0 ]]; do esac done -if [ -z $PROFILE ] +if [ -z "$PROFILE" ] then - if [ -z $DD_PROFILE ] + if [ -z "$DD_PROFILE" ] then echo "No profile supplied." usage @@ -65,7 +65,7 @@ then fi fi -if [ -z $TEST_CASE ] +if [ -z "$TEST_CASE" ] then echo "No test case supplied." usage @@ -75,4 +75,4 @@ fi echo "Running docker compose unit tests with profile $PROFILE and test case $TEST_CASE ..." # Compose V2 integrates compose functions into the Docker platform, continuing to support most of the previous docker-compose features and flags. You can run Compose V2 by replacing the hyphen (-) with a space, using docker compose, instead of docker-compose. -docker compose --profile $PROFILE --env-file ./docker/environments/$PROFILE.env exec uwsgi bash -c "python manage.py test $TEST_CASE -v2 --keepdb" +docker compose --profile "$PROFILE" --env-file "./docker/environments/$PROFILE.env" exec uwsgi bash -c "python manage.py test $TEST_CASE -v2 --keepdb" diff --git a/dc-up-d.sh b/dc-up-d.sh index 2ad26c12c01..1c805ad8593 100755 --- a/dc-up-d.sh +++ b/dc-up-d.sh @@ -7,7 +7,7 @@ if [[ $? -eq 1 ]]; then exit 1; fi if [ $# -eq 0 ] then - if [ -z $DD_PROFILE ] + if [ -z "$DD_PROFILE" ] then echo "No profile supplied, running default: postgres-redis" PROFILE="postgres-redis" @@ -29,4 +29,4 @@ fi echo "Starting docker compose with profile $PROFILE in the background ..." # Compose V2 integrates compose functions into the Docker platform, continuing to support most of the previous docker-compose features and flags. You can run Compose V2 by replacing the hyphen (-) with a space, using docker compose, instead of docker-compose. -docker compose --profile $PROFILE --env-file ./docker/environments/$PROFILE.env up --no-deps -d +docker compose --profile "$PROFILE" --env-file "./docker/environments/$PROFILE.env" up --no-deps -d diff --git a/dc-up.sh b/dc-up.sh index 2b07d9addb3..34c5803088d 100755 --- a/dc-up.sh +++ b/dc-up.sh @@ -6,7 +6,7 @@ bash ./docker/docker-compose-check.sh if [[ $? -eq 1 ]]; then exit 1; fi if [ $# -eq 0 ]; then - if [ -z $DD_PROFILE ] + if [ -z "$DD_PROFILE" ] then echo "No profile supplied, running default: postgres-redis" PROFILE="postgres-redis" @@ -28,4 +28,4 @@ fi echo "Starting docker compose with profile $PROFILE in the foreground ..." # Compose V2 integrates compose functions into the Docker platform, continuing to support most of the previous docker-compose features and flags. You can run Compose V2 by replacing the hyphen (-) with a space, using docker compose, instead of docker-compose. -docker compose --profile $PROFILE --env-file ./docker/environments/$PROFILE.env up --no-deps +docker compose --profile "$PROFILE" --env-file "./docker/environments/$PROFILE.env" up --no-deps diff --git a/docker/docker-compose-check.sh b/docker/docker-compose-check.sh index 6f705ffcab2..b51cf45674f 100755 --- a/docker/docker-compose-check.sh +++ b/docker/docker-compose-check.sh @@ -1,8 +1,8 @@ #!/bin/bash -main=`docker compose version --short | cut -d '.' -f 1` -minor=`docker compose version --short | cut -d '.' -f 2` -current=`docker compose version --short` +main=$(docker compose version --short | cut -d '.' -f 1) +minor=$(docker compose version --short | cut -d '.' -f 2) +current=$(docker compose version --short) echo 'Checking docker compose version' if [[ $main -lt 2 ]]; then diff --git a/docker/dojo-data.bash b/docker/dojo-data.bash index 22c6827fc90..95ece5111c5 100644 --- a/docker/dojo-data.bash +++ b/docker/dojo-data.bash @@ -1,7 +1,7 @@ #!/bin/bash #Exports and loads sample data for dojo -if [ $# > 1 ] +if [ $# -gt 1 ] then if [[ "$1" = "load" ]] then diff --git a/docker/entrypoint-celery-beat.sh b/docker/entrypoint-celery-beat.sh index c6d5805ddfe..5dd6d9d999f 100755 --- a/docker/entrypoint-celery-beat.sh +++ b/docker/entrypoint-celery-beat.sh @@ -1,4 +1,4 @@ -#!/bin/sh +#!/bin/bash umask 0002 id @@ -7,7 +7,7 @@ id FILES=$(ls /app/docker/extra_settings/* 2>/dev/null) NUM_FILES=$(echo "$FILES" | wc -w) if [ "$NUM_FILES" -gt 0 ]; then - COMMA_LIST=$(echo $FILES | tr -s '[:blank:]' ', ') + COMMA_LIST=$(echo "$FILES" | tr -s '[:blank:]' ', ') echo "============================================================" echo " Overriding DefectDojo's local_settings.py with multiple" echo " Files: $COMMA_LIST" diff --git a/docker/entrypoint-celery-worker.sh b/docker/entrypoint-celery-worker.sh index 20b439eb2e4..a604db86d9e 100755 --- a/docker/entrypoint-celery-worker.sh +++ b/docker/entrypoint-celery-worker.sh @@ -1,4 +1,4 @@ -#!/bin/sh +#!/bin/bash umask 0002 id @@ -7,7 +7,7 @@ id FILES=$(ls /app/docker/extra_settings/* 2>/dev/null) NUM_FILES=$(echo "$FILES" | wc -w) if [ "$NUM_FILES" -gt 0 ]; then - COMMA_LIST=$(echo $FILES | tr -s '[:blank:]' ', ') + COMMA_LIST=$(echo "$FILES" | tr -s '[:blank:]' ', ') echo "============================================================" echo " Overriding DefectDojo's local_settings.py with multiple" echo " Files: $COMMA_LIST" @@ -25,8 +25,10 @@ done echo if [ "${DD_CELERY_WORKER_POOL_TYPE}" = "prefork" ]; then - EXTRA_PARAMS="--autoscale=${DD_CELERY_WORKER_AUTOSCALE_MAX},${DD_CELERY_WORKER_AUTOSCALE_MIN} - --prefetch-multiplier=${DD_CELERY_WORKER_PREFETCH_MULTIPLIER}" + EXTRA_PARAMS=("--autoscale=${DD_CELERY_WORKER_AUTOSCALE_MAX},${DD_CELERY_WORKER_AUTOSCALE_MIN}" + "--prefetch-multiplier=${DD_CELERY_WORKER_PREFETCH_MULTIPLIER}") +else + EXTRA_PARAMS=() fi # do the check with Django stack @@ -36,5 +38,5 @@ exec celery --app=dojo \ worker \ --loglevel="${DD_CELERY_LOG_LEVEL}" \ --pool="${DD_CELERY_WORKER_POOL_TYPE}" \ - --concurrency=${DD_CELERY_WORKER_CONCURRENCY:-1} \ - ${EXTRA_PARAMS} + --concurrency="${DD_CELERY_WORKER_CONCURRENCY:-1}" \ + "${EXTRA_PARAMS[@]}" \ No newline at end of file diff --git a/docker/entrypoint-initializer.sh b/docker/entrypoint-initializer.sh index e344fa29496..a3b99e43970 100755 --- a/docker/entrypoint-initializer.sh +++ b/docker/entrypoint-initializer.sh @@ -1,4 +1,4 @@ -#!/bin/sh +#!/bin/bash initialize_data() { @@ -40,7 +40,7 @@ fi FILES=$(ls /app/docker/extra_settings/* 2>/dev/null) NUM_FILES=$(echo "$FILES" | wc -w) if [ "$NUM_FILES" -gt 0 ]; then - COMMA_LIST=$(echo $FILES | tr -s '[:blank:]' ', ') + COMMA_LIST=$(echo "$FILES" | tr -s '[:blank:]' ', ') echo "============================================================" echo " Overriding DefectDojo's local_settings.py with multiple" echo " Files: $COMMA_LIST" @@ -67,7 +67,7 @@ done echo echo "Checking ENABLE_AUDITLOG" -cat </dev/null) ; do + for i in $(find dojo/fixtures/extra_*.json | sort -n 2>/dev/null) ; do echo "Loading $i" - python3 manage.py loaddata ${i%.*} + python3 manage.py loaddata "${i%.*}" done echo "Installing watson search index" diff --git a/docker/entrypoint-integration-tests.sh b/docker/entrypoint-integration-tests.sh index e76bcac998e..d0703c48dd6 100755 --- a/docker/entrypoint-integration-tests.sh +++ b/docker/entrypoint-integration-tests.sh @@ -6,15 +6,15 @@ echo "Waiting max 60s for services to start" # Wait for services to become available COUNTER=0 while [ $COUNTER -lt 10 ]; do - curl -s -o "/dev/null" $DD_BASE_URL -m 120 - CR=$(curl --insecure -s -m 10 -I "${DD_BASE_URL}login?next=/" | egrep "^HTTP" | cut -d' ' -f2) + curl -s -o "/dev/null" "$DD_BASE_URL" -m 120 + CR=$(curl --insecure -s -m 10 -I "${DD_BASE_URL}login?next=/" | grep -E "^HTTP" | cut -d' ' -f2) if [ "$CR" == 200 ]; then echo "Succesfully displayed login page, starting integration tests" break fi echo "Waiting: cannot display login screen; got HTTP code $CR" sleep 10 - let COUNTER=COUNTER+1 + (( a++ )) || true done if [ $COUNTER -gt 10 ]; then @@ -22,8 +22,10 @@ if [ $COUNTER -gt 10 ]; then exit 1 fi -export CHROMEDRIVER=$(find /opt/chrome-driver -name chromedriver) -export CHROME_PATH=/opt/chrome/chrome +CHROMEDRIVER=$(find /opt/chrome-driver -name chromedriver) +export CHROMEDRIVER +CHROME_PATH=/opt/chrome/chrome +export CHROME_PATH # Run available unittests with a simple setup # All available Integrationtest Scripts are activated below @@ -32,31 +34,31 @@ export CHROME_PATH=/opt/chrome/chrome # Exits with status code of 1 function fail() { - echo "Error: $1 test failed\n" + printf 'Error: %s test failed\n' "$1" exit 1 } function success() { - echo "Success: $1 test passed\n" + printf 'Success: %s test passed\n' "$1" } echo "IT FILENAME: $DD_INTEGRATION_TEST_FILENAME" -if [[ ! -z "$DD_INTEGRATION_TEST_FILENAME" ]]; then +if [[ -n "$DD_INTEGRATION_TEST_FILENAME" ]]; then if [[ "$DD_INTEGRATION_TEST_FILENAME" == "openapi-validatator" ]]; then test="OpenAPI schema validation" echo "Running: $test" if java -jar /usr/local/bin/openapi-generator-cli.jar validate -i "$DD_BASE_URL/api/v2/oa3/schema/?format=json" --recommend; then - success $test - else fail - fail $test + success "$test" + else + fail "$test" fi else test=$DD_INTEGRATION_TEST_FILENAME echo "Running: $test" - if python3 $DD_INTEGRATION_TEST_FILENAME; then - success $test + if python3 "$DD_INTEGRATION_TEST_FILENAME"; then + success "$test" else - fail $test + fail "$test" fi fi @@ -64,194 +66,194 @@ else test="Finding integration tests" echo "Running: $test" if python3 tests/finding_test.py ; then - success $test + success "$test" else - fail $test + fail "$test" fi test="Report Builder tests" echo "Running: $test" if python3 tests/report_builder_test.py ; then - success $test + success "$test" else - fail $test + fail "$test" fi test="Notes integration tests" echo "Running: $test" if python3 tests/notes_test.py ; then - success $test + success "$test" else - fail $test + fail "$test" fi test="Regulation integration tests" echo "Running: $test" if python3 tests/regulations_test.py ; then - success $test + success "$test" else - fail $test + fail "$test" fi test="Product type integration tests" echo "Running: $test" if python3 tests/product_type_test.py ; then - success $test + success "$test" else - fail $test + fail "$test" fi test="Product integration tests" echo "Running: $test" if python3 tests/product_test.py ; then - success $test + success "$test" else - fail $test + fail "$test" fi test="Endpoint integration tests" echo "Running: $test" if python3 tests/endpoint_test.py ; then - success $test + success "$test" else - fail $test + fail "$test" fi test="Engagement integration tests" echo "Running: $test" if python3 tests/engagement_test.py ; then - success $test + success "$test" else - fail $test + fail "$test" fi test="Environment integration tests" echo "Running: $test" if python3 tests/environment_test.py ; then - success $test + success "$test" else - fail $test + fail "$test" fi test="Test integration tests" echo "Running: $test" if python3 tests/test_test.py ; then - success $test + success "$test" else - fail $test + fail "$test" fi test="User integration tests" echo "Running: $test" if python3 tests/user_test.py ; then - success $test + success "$test" else - fail $test + fail "$test" fi test="Group integration tests" echo "Running: $test" if python3 tests/group_test.py ; then - success $test + success "$test" else - fail $test + fail "$test" fi test="Product Group integration tests" echo "Running: $test" if python3 tests/product_group_test.py ; then - success $test + success "$test" else - fail $test + fail "$test" fi test="Product Type Group integration tests" echo "Running: $test" if python3 tests/product_type_group_test.py ; then - success $test + success "$test" else - fail $test + fail "$test" fi test="Product member integration tests" echo "Running: $test" if python3 tests/product_member_test.py ; then - success $test + success "$test" else - fail $test + fail "$test" fi test="Product type member integration tests" echo "Running: $test" if python3 tests/product_type_member_test.py ; then - success $test + success "$test" else - fail $test + fail "$test" fi test="Ibm Appscan integration test" echo "Running: $test" if python3 tests/ibm_appscan_test.py ; then - success $test + success "$test" else - fail $test + fail "$test" fi test="Search integration test" echo "Running: $test" if python3 tests/search_test.py ; then - success $test + success "$test" else - fail $test + fail "$test" fi test="File Upload tests" echo "Running: $test" if python3 tests/file_test.py ; then - success $test + success "$test" else - fail $test + fail "$test" fi test="Dedupe integration tests" echo "Running: $test" if python3 tests/dedupe_test.py ; then - success $test + success "$test" else - fail $test + fail "$test" fi test="Global Announcement Banner tests" echo "Running: $test" if python3 tests/announcement_banner_test.py ; then - success $test + success "$test" else - fail $test + fail "$test" fi test="Close Old Findings with dedupe integration tests" echo "Running: $test" if python3 tests/close_old_findings_dedupe_test.py ; then - success $test + success "$test" else - fail $test + fail "$test" fi test="Close Old Findings without dedupe integration tests" echo "Running: $test" if python3 tests/close_old_findings_test.py ; then - success $test + success "$test" else - fail $test + fail "$test" fi test="False Positive History tests" echo "Running: $test" if python3 tests/false_positive_history_test.py ; then - success $test + success "$test" else - fail $test + fail "$test" fi # The below tests are commented out because they are still an unstable work in progress @@ -285,17 +287,17 @@ else test="Tool Config integration tests" echo "Running: $test" if python3 tests/tool_config.py ; then - success $test + success "$test" else - fail $test + fail "$test" fi test="OpenAPI schema validation" echo "Running: $test" if java -jar /usr/local/bin/openapi-generator-cli.jar validate -i "$DD_BASE_URL/api/v2/oa3/schema/?format=json" --recommend; then - success $test - else fail - fail $test + success "$test" + else + fail "$test" fi exec echo "Done Running all configured integration tests." diff --git a/docker/entrypoint-nginx.sh b/docker/entrypoint-nginx.sh index 9a3b93f5be3..c1e542052f2 100755 --- a/docker/entrypoint-nginx.sh +++ b/docker/entrypoint-nginx.sh @@ -26,7 +26,8 @@ fi if [ "${METRICS_HTTP_AUTH_PASSWORD}" != "" ]; then sed -i "s/#auth_basic/auth_basic/g;" $NGINX_CONFIG rm -rf /etc/nginx/.htpasswd - echo -n $METRICS_HTTP_AUTH_USER:$(openssl passwd -apr1 $METRICS_HTTP_AUTH_PASSWORD) >> /etc/nginx/.htpasswd + openssl_passwd=$(openssl passwd -apr1 "$METRICS_HTTP_AUTH_PASSWORD") + echo "$METRICS_HTTP_AUTH_USER":"$openssl_passwd" >> /etc/nginx/.htpasswd echo "Basic auth is on for user ${HTTP_AUTH_LOGIN}..." else echo "Basic auth is off (HTTP_AUTH_PASSWORD not provided)" diff --git a/docker/entrypoint-unit-tests-devDocker.sh b/docker/entrypoint-unit-tests-devDocker.sh index 3a5b8b2004e..04ba08f30c2 100755 --- a/docker/entrypoint-unit-tests-devDocker.sh +++ b/docker/entrypoint-unit-tests-devDocker.sh @@ -29,8 +29,8 @@ You made changes to the REST API without applying the correct schema annotations These schema annotations are needed to allow for the correct generation of the OpenAPI (v3) schema's and documentation. -Review the warnings generated by drf-spectacular and see `dojo/api_v2/views.py` -and/or `dojo/api_v2/serializers.py`. +Review the warnings generated by drf-spectacular and see $(dojo/api_v2/views.py) +and/or $(dojo/api_v2/serializers.py). You can check for warnings locally by running diff --git a/docker/entrypoint-unit-tests.sh b/docker/entrypoint-unit-tests.sh index 63008afcbb7..cba56bbac00 100755 --- a/docker/entrypoint-unit-tests.sh +++ b/docker/entrypoint-unit-tests.sh @@ -6,7 +6,7 @@ # set -e # set -v -cd /app +cd /app || exit # Unset the database URL so that we can force the DD_TEST_DATABASE_NAME (see django "DATABASES" configuration in settings.dist.py) unset DD_DATABASE_URL @@ -29,8 +29,8 @@ You made changes to the REST API without applying the correct schema annotations These schema annotations are needed to allow for the correct generation of the OpenAPI (v3) schema's and documentation. -Review the warnings generated by drf-spectacular and see `dojo/api_v2/views.py` -and/or `dojo/api_v2/serializers.py`. +Review the warnings generated by drf-spectacular and see "dojo/api_v2/views.py" +and/or "dojo/api_v2/serializers.py". You can check for warnings locally by running diff --git a/docker/entrypoint-uwsgi-dev.sh b/docker/entrypoint-uwsgi-dev.sh index 587452cd0f6..f058446ac47 100755 --- a/docker/entrypoint-uwsgi-dev.sh +++ b/docker/entrypoint-uwsgi-dev.sh @@ -1,14 +1,14 @@ #!/bin/sh -cd /app +cd /app || exit # Full list of uwsgi options: https://uwsgi-docs.readthedocs.io/en/latest/Options.html # --lazy-apps required for debugging --> https://uwsgi-docs.readthedocs.io/en/latest/articles/TheArtOfGracefulReloading.html?highlight=lazy-apps#preforking-vs-lazy-apps-vs-lazy DD_UWSGI_LOGFORMAT_DEFAULT='[pid: %(pid)|app: -|req: -/-] %(addr) (%(dd_user)) {%(vars) vars in %(pktsize) bytes} [%(ctime)] %(method) %(uri) => generated %(rsize) bytes in %(msecs) msecs (%(proto) %(status)) %(headers) headers in %(hsize) bytes (%(switches) switches on core %(core))' -if [ ${DD_DEBUG} = "True" ]; then +if [ "${DD_DEBUG}" = "True" ]; then echo "Debug mode enabled, reducing # of processes and threads to 1" DD_UWSGI_NUM_OF_PROCESSES=1 DD_UWSGI_NUM_OF_THREADS=1 @@ -19,8 +19,8 @@ exec uwsgi \ --protocol uwsgi \ --wsgi dojo.wsgi:application \ --enable-threads \ - --processes ${DD_UWSGI_NUM_OF_PROCESSES:-2} \ - --threads ${DD_UWSGI_NUM_OF_THREADS:-2} \ + --processes "${DD_UWSGI_NUM_OF_PROCESSES:-2}" \ + --threads "${DD_UWSGI_NUM_OF_THREADS:-2}" \ --reload-mercy 1 \ --worker-reload-mercy 1 \ --py-autoreload 1 \ diff --git a/docker/entrypoint-uwsgi.sh b/docker/entrypoint-uwsgi.sh index 7caaa912aa2..35bcbe6821a 100755 --- a/docker/entrypoint-uwsgi.sh +++ b/docker/entrypoint-uwsgi.sh @@ -4,7 +4,7 @@ FILES=$(ls /app/docker/extra_settings/* 2>/dev/null) NUM_FILES=$(echo "$FILES" | wc -w) if [ "$NUM_FILES" -gt 0 ]; then - COMMA_LIST=$(echo $FILES | tr -s '[:blank:]' ', ') + COMMA_LIST=$(echo "$FILES" | tr -s '[:blank:]' ', ') echo "============================================================" echo " Overriding DefectDojo's local_settings.py with multiple" echo " Files: $COMMA_LIST" @@ -24,10 +24,10 @@ exec uwsgi \ "--${DD_UWSGI_MODE}" "${DD_UWSGI_ENDPOINT}" \ --protocol uwsgi \ --enable-threads \ - --processes ${DD_UWSGI_NUM_OF_PROCESSES:-2} \ - --threads ${DD_UWSGI_NUM_OF_THREADS:-2} \ + --processes "${DD_UWSGI_NUM_OF_PROCESSES:-2}" \ + --threads "${DD_UWSGI_NUM_OF_THREADS:-2}" \ --wsgi dojo.wsgi:application \ --buffer-size="${DD_UWSGI_BUFFER_SIZE:-8192}" \ - --http 0.0.0.0:8081 --http-to ${DD_UWSGI_ENDPOINT} \ + --http 0.0.0.0:8081 --http-to "${DD_UWSGI_ENDPOINT}" \ --logformat "${DD_UWSGI_LOGFORMAT:-$DD_UWSGI_LOGFORMAT_DEFAULT}" # HTTP endpoint is enabled for Kubernetes liveness checks. It should not be exposed as a service. diff --git a/docker/entrypoint.sh b/docker/entrypoint.sh index acd1ff490ff..13ad3a0e574 100755 --- a/docker/entrypoint.sh +++ b/docker/entrypoint.sh @@ -1,7 +1,7 @@ #!/bin/sh # Waits for the database to come up. -./docker/wait-for-it.sh $DD_DATABASE_HOST:$DD_DATABASE_PORT +./docker/wait-for-it.sh "$DD_DATABASE_HOST":"$DD_DATABASE_PORT" if [ -z "$DD_DATABASE_URL" ]; then if [ -z "$DD_DATABASE_PASSWORD" ]; then diff --git a/docker/setEnv.sh b/docker/setEnv.sh index f7d7316f7e6..232998881ee 100755 --- a/docker/setEnv.sh +++ b/docker/setEnv.sh @@ -31,7 +31,8 @@ function get_current { # Maintain the cleaner way symlink=$(readlink -f docker-compose.override.yml) fi - current_env=$(expr $(basename $symlink) : "^docker-compose.override.\(.*\).yml$") + basename_symlink=$(basename "$symlink") + current_env=$(expr "$basename_symlink" : "^docker-compose.override.\(.*\).yml$") else current_env=release fi @@ -129,9 +130,9 @@ function set_integration_tests { } # Change directory to allow working with relative paths. -cd ${target_dir} +cd "${target_dir}" || exit -if [ ${#} -eq 1 ] && [[ 'dev debug unit_tests unit_tests_cicd integration_tests release' =~ "${1}" ]] +if [ ${#} -eq 1 ] && [[ 'dev debug unit_tests unit_tests_cicd integration_tests release' =~ ${1} ]] then set_"${1}" else diff --git a/docker/unit-tests.sh b/docker/unit-tests.sh index ee38b21b567..fc8dad8c8c8 100755 --- a/docker/unit-tests.sh +++ b/docker/unit-tests.sh @@ -1,6 +1,6 @@ #!/usr/bin/env bash # Run available unittests with a simple setup -cd /app +cd /app || exit python manage.py makemigrations dojo python manage.py migrate python manage.py test unittests -v 2 diff --git a/docker/wait-for-it.sh b/docker/wait-for-it.sh index fb4a080fdf5..2bd5f21bc4b 100755 --- a/docker/wait-for-it.sh +++ b/docker/wait-for-it.sh @@ -1,7 +1,7 @@ #!/usr/bin/env bash # Use this script to test if a given TCP host/port are available -cmdname=$(basename $0) +cmdname=$(basename "$0") echoerr() { if [[ $QUIET -ne 1 ]]; then echo "$@" 1>&2; fi } @@ -32,7 +32,7 @@ wait_for() start_ts=$(date +%s) while : do - (echo > /dev/tcp/$HOST/$PORT) >/dev/null 2>&1 + (echo > "/dev/tcp/$HOST/$PORT") >/dev/null 2>&1 result=$? if [[ $result -eq 0 ]]; then end_ts=$(date +%s) @@ -41,19 +41,19 @@ wait_for() fi sleep 1 done - return $result + return "$result" } wait_for_wrapper() { # In order to support SIGINT during timeout: http://unix.stackexchange.com/a/57692 if [[ $QUIET -eq 1 ]]; then - timeout $TIMEOUT $0 --quiet --child --host=$HOST --port=$PORT --timeout=$TIMEOUT & + timeout "$TIMEOUT" "$0" --quiet --child --host="$HOST" --port="$PORT" --timeout="$TIMEOUT" & else - timeout $TIMEOUT $0 --child --host=$HOST --port=$PORT --timeout=$TIMEOUT & + timeout "$TIMEOUT" "$0" --child --host="$HOST" --port="$PORT" --timeout="$TIMEOUT" & fi PID=$! - trap "kill -INT -$PID" INT + trap 'kill -INT -$PID' INT wait $PID RESULT=$? if [[ $RESULT -ne 0 ]]; then @@ -67,7 +67,7 @@ while [[ $# -gt 0 ]] do case "$1" in *:* ) - hostport=(${1//:/ }) + IFS=":" read -r -a hostport <<< "$1" HOST=${hostport[0]} PORT=${hostport[1]} shift 1 @@ -113,7 +113,7 @@ do ;; --) shift - CLI="$@" + CLI=("$@") break ;; --help) @@ -150,12 +150,12 @@ else fi fi -if [[ $CLI != "" ]]; then +if [[ ${CLI[0]} != "" ]]; then if [[ $RESULT -ne 0 && $STRICT -eq 1 ]]; then echoerr "$cmdname: strict mode, refusing to execute subprocess" exit $RESULT fi - exec $CLI + exec ${CLI[0]} else exit $RESULT fi diff --git a/tests/local-integration-tests.sh b/tests/local-integration-tests.sh index 5c63aad625b..afbb624f946 100755 --- a/tests/local-integration-tests.sh +++ b/tests/local-integration-tests.sh @@ -115,17 +115,17 @@ fi test="Check Various Pages integration test" echo "Running: $test" if python3 tests/check_various_pages.py ; then - success $test + success "$test" else - fail $test + fail "$test" fi test="Test notifications" echo "Running: $test" if python3 tests/notifications_test.py ; then - success $test + success "$test" else - fail $test + fail "$test" fi # The below tests are commented out because they are still an unstable work in progress