Skip to content

Security & Robustness Improvements#57

Open
solarisfire wants to merge 1 commit into
Tysonpower:mainfrom
solarisfire:main
Open

Security & Robustness Improvements#57
solarisfire wants to merge 1 commit into
Tysonpower:mainfrom
solarisfire:main

Conversation

@solarisfire

Copy link
Copy Markdown

This release focuses on hardening, correctness, and operator clarity while preserving all existing behaviour, data formats, and upload cadence.


JSON handling

Changed

  • All JSON payloads are now constructed using jq instead of shell string concatenation.

Why

  • Prevents malformed JSON when upstream commands return partial output, non-JSON text, or unexpected characters.
  • Ensures all values (API key, server names, telemetry data) are safely escaped.
  • Eliminates injection and formatting edge cases.

Behaviour

  • Payload schema and content remain unchanged when inputs are valid.

Ping server handling

Changed

  • Server lists are parsed safely and robustly:
    • Supports both JSON arrays and whitespace-separated responses.
    • Server entries are handled as complete strings rather than shell-split tokens.
  • Server strings are used directly as JSON object keys via jq.

Why

  • Avoids shell word-splitting bugs.
  • Prevents malformed JSON if server names contain special characters.
  • Makes the script resilient to future API format changes.

Behaviour

  • Ping logic, parallelism, and results are unchanged.

curl hardening

Changed

  • Introduced shared curl_json and curl_post_json helpers with:
    • Explicit connection and total timeouts
    • Retry logic for transient network failures
    • Proper failure on HTTP error responses
    • Consistent headers and compressed transfers

Why

  • Ensures network failures fail fast and predictably.
  • Prevents silent success on HTTP 4xx/5xx responses.
  • Centralises network behaviour for consistency.

Behaviour

  • Endpoints, payloads, and timing remain unchanged.

Script locking

Changed

  • Replaced PID file logic in /tmp with an advisory lock using flock.

Why

  • Avoids stale PID files after crashes or power loss.
  • Prevents accidental concurrent execution.
  • Removes reliance on predictable temporary filenames.

Behaviour

  • Single-instance enforcement remains unchanged.

Dishy telemetry collection

Changed

  • grpcurl execution now:
    • Uses timeout -k to guarantee termination
    • Explicitly closes stdin to avoid blocking edge cases
    • Validates JSON output before accepting it
    • Provides clear console feedback on completion

Why

  • Prevents perceived hangs during Dishy data collection.
  • Ensures misbehaving gRPC calls cannot stall the main loop.
  • Improves operator visibility without changing logic.

Behaviour

  • Collection frequency and data content remain unchanged.

Upload execution

Changed

  • Removed invalid use of timeout around shell functions.
  • Relied on curl’s built-in timeout controls instead.

Why

  • timeout can only execute external binaries, not shell functions.
  • Curl already enforces strict execution limits.

Behaviour

  • Upload timing and failure handling remain unchanged.

Validation and execution safety

Changed

  • Enabled set -euo pipefail.
  • Added validation for interval arguments.
  • Ensured optional data sections always produce valid JSON objects.

Why

  • Prevents undefined variables and partial state propagation.
  • Ensures failures are detected early and handled cleanly.
  • Improves long-running stability.

Behaviour

  • Normal operation remains unchanged.
  • Errors now fail fast and explicitly.

Explicitly unchanged behaviour

  • Low-resolution upload cadence (epoch-aligned modulo timing)
  • High-resolution upload cadence (15-second alignment)
  • Command-line API key usage
  • Parallel ping behaviour
  • Data schema sent to starlinkstatus.space

This release focuses on hardening, correctness, and operator clarity while **preserving all existing behaviour**, data formats, and upload cadence.

---

### JSON handling

#### Changed
- All JSON payloads are now constructed using `jq` instead of shell string concatenation.

#### Why
- Prevents malformed JSON when upstream commands return partial output, non-JSON text, or unexpected characters.
- Ensures all values (API key, server names, telemetry data) are safely escaped.
- Eliminates injection and formatting edge cases.

#### Behaviour
- Payload schema and content remain unchanged when inputs are valid.

---

### Ping server handling

#### Changed
- Server lists are parsed safely and robustly:
  - Supports both JSON arrays and whitespace-separated responses.
  - Server entries are handled as complete strings rather than shell-split tokens.
- Server strings are used directly as JSON object keys via `jq`.

#### Why
- Avoids shell word-splitting bugs.
- Prevents malformed JSON if server names contain special characters.
- Makes the script resilient to future API format changes.

#### Behaviour
- Ping logic, parallelism, and results are unchanged.

---

### curl hardening

#### Changed
- Introduced shared `curl_json` and `curl_post_json` helpers with:
  - Explicit connection and total timeouts
  - Retry logic for transient network failures
  - Proper failure on HTTP error responses
  - Consistent headers and compressed transfers

#### Why
- Ensures network failures fail fast and predictably.
- Prevents silent success on HTTP 4xx/5xx responses.
- Centralises network behaviour for consistency.

#### Behaviour
- Endpoints, payloads, and timing remain unchanged.

---

### Script locking

#### Changed
- Replaced PID file logic in `/tmp` with an advisory lock using `flock`.

#### Why
- Avoids stale PID files after crashes or power loss.
- Prevents accidental concurrent execution.
- Removes reliance on predictable temporary filenames.

#### Behaviour
- Single-instance enforcement remains unchanged.

---

### Dishy telemetry collection

#### Changed
- `grpcurl` execution now:
  - Uses `timeout -k` to guarantee termination
  - Explicitly closes stdin to avoid blocking edge cases
  - Validates JSON output before accepting it
  - Provides clear console feedback on completion

#### Why
- Prevents perceived hangs during Dishy data collection.
- Ensures misbehaving gRPC calls cannot stall the main loop.
- Improves operator visibility without changing logic.

#### Behaviour
- Collection frequency and data content remain unchanged.

---

### Upload execution

#### Changed
- Removed invalid use of `timeout` around shell functions.
- Relied on curl’s built-in timeout controls instead.

#### Why
- `timeout` can only execute external binaries, not shell functions.
- Curl already enforces strict execution limits.

#### Behaviour
- Upload timing and failure handling remain unchanged.

---

### Validation and execution safety

#### Changed
- Enabled `set -euo pipefail`.
- Added validation for interval arguments.
- Ensured optional data sections always produce valid JSON objects.

#### Why
- Prevents undefined variables and partial state propagation.
- Ensures failures are detected early and handled cleanly.
- Improves long-running stability.

#### Behaviour
- Normal operation remains unchanged.
- Errors now fail fast and explicitly.

---

### Explicitly unchanged behaviour

- Low-resolution upload cadence (epoch-aligned modulo timing)
- High-resolution upload cadence (15-second alignment)
- Command-line API key usage
- Parallel ping behaviour
- Data schema sent to `starlinkstatus.space`

---
@Tysonpower

Copy link
Copy Markdown
Owner

Thanks for the PR! Are there new dependencies that are needed for using this new Script?

@solarisfire

Copy link
Copy Markdown
Author

Thanks! Yes — this update introduces one new required dependency:

jq (used to construct the JSON payload safely instead of string concatenation)

Everything else is unchanged. The locking mechanism now uses flock, but on Raspberry Pi OS / Debian that comes from util-linux, which is installed by default on basically all systems (so no extra install step in most cases).

All existing optional dependencies remain the same:

speedtest (only if --speedtest)

grpcurl (only if --dishy)

GNU parallel (already required)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants