Echsecutor
commented
2 years ago - Calling the CLI port settings script from the first one
- extracting common functionality into utility script
Closed Echsecutor closed 2 years ago
Echsecutor
commented
2 years ago 
solidnerd
commented
2 years ago I also run a short shell check don't know if its worth to mention:
In ./run/add_ddos_protection_iptables_rule.sh line 61:
if (( ${CONN_RATE_LIMIT_LIMIT} <= 0 || ${CONN_RATE_LIMIT_PERIOD} <= 0 )); then
^----------------------^ SC2004 (style): $/${} is unnecessary on arithmetic variables.
^-----------------------^ SC2004 (style): $/${} is unnecessary on arithmetic variables.
In ./run/add_ddos_protection_iptables_rule.sh line 128:
if [ ! -z ${DELETE} ]; then
^-- SC2236 (style): Use -n instead of ! -z.
In ./run/add_ddos_protection_iptables_rule.sh line 139:
eval $cmd
^--^ SC2086 (info): Double quote to prevent globbing and word splitting.
Did you mean:
eval "$cmd"
In ./run/add_ddos_protection_iptables_rule.sh line 141:
if (( ${rtnCd} == 0 )); then
^------^ SC2004 (style): $/${} is unnecessary on arithmetic variables.
In ./run/add_ddos_protection_iptables_rule.sh line 153:
eval $cmd
^--^ SC2086 (info): Double quote to prevent globbing and word splitting.
Did you mean:
eval "$cmd"
In ./run/add_ddos_protection_iptables_rule.sh line 162:
eval $cmd
^--^ SC2086 (info): Double quote to prevent globbing and word splitting.
Did you mean:
eval "$cmd"
In ./run/add_ddos_protection_iptables_rule.sh line 201:
if [ ! -z ${TEST_MODE} ]; then
^-- SC2236 (style): Use -n instead of ! -z.
In ./run/add_ddos_protection_iptables_rule.sh line 208:
if [ $? -eq 0 ]; then
^-- SC2181 (style): Check exit code directly with e.g. 'if mycmd;', not indirectly with $?.
In ./run/add_ddos_protection_iptables_rule.sh line 224:
if [ ! -z ${CONN_LOGGING_LEVEL} ]; then
^-- SC2236 (style): Use -n instead of ! -z.
^-------------------^ SC2086 (info): Double quote to prevent globbing and word splitting.
Did you mean:
if [ ! -z "${CONN_LOGGING_LEVEL}" ]; then
In ./run/add_ddos_protection_iptables_rule.sh line 242:
if (( ${CONN_RATE_LIMIT_LIMIT} > 0 && ${CONN_RATE_LIMIT_PERIOD} > 0 )); then
^----------------------^ SC2004 (style): $/${} is unnecessary on arithmetic variables.
^-----------------------^ SC2004 (style): $/${} is unnecessary on arithmetic variables.
For more information:
https://www.shellcheck.net/wiki/SC2086 -- Double quote to prevent globbing ...
https://www.shellcheck.net/wiki/SC2004 -- $/${} is unnecessary on arithmeti...
https://www.shellcheck.net/wiki/SC2181 -- Check exit code directly with e.g...
[OK]: successfully linted ./run/generate_random_seeds.sh
In ./run/set_iptables.sh line 31:
RULE="$@"
^--^ SC2124 (warning): Assigning an array to a string! Assign as array, or use * instead of @ to concatenate.
In ./run/set_iptables.sh line 45:
RULE="$@"
^--^ SC2124 (warning): Assigning an array to a string! Assign as array, or use * instead of @ to concatenate.
In ./run/set_iptables.sh line 73:
if ! [ -z "$2" ]; then
^-- SC2237 (style): Use [ -n .. ] instead of ! [ -z .. ].
In ./run/set_iptables.sh line 82:
while read IP; do
^--^ SC2162 (info): read without -r will mangle backslashes.
In ./run/set_iptables.sh line 84:
add_new_rule $CHAIN -p tcp --dport $INTERNAL_PORT -s $IP -j ACCEPT
^-^ SC2086 (info): Double quote to prevent globbing and word splitting.
Did you mean:
add_new_rule $CHAIN -p tcp --dport $INTERNAL_PORT -s "$IP" -j ACCEPT
For more information:
https://www.shellcheck.net/wiki/SC2124 -- Assigning an array to a string! A...
https://www.shellcheck.net/wiki/SC2086 -- Double quote to prevent globbing ...
https://www.shellcheck.net/wiki/SC2162 -- read without -r will mangle backs...
WadeBarnes
commented
2 years ago @Echsecutor, @solidnerd, Now that the advisory has been published the setup_iptables script is available here (same script on both branches);
Echsecutor
commented
2 years ago Echsecutor
commented
2 years ago I think the linter https://github.com/hyperledger/indy-node-container/pull/113#issuecomment-1246200966 was not run against the current version. But I have fixed a few of the legitimate complaints. thx