From f9af0f48235ca71433cfee5260ffc03865fbd36e Mon Sep 17 00:00:00 2001 From: MatMoul Date: Sun, 26 Apr 2026 00:26:09 +0200 Subject: [PATCH] docs: update roadmap with next hardening priorities --- state.md | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/state.md b/state.md index 914d27b..d57e925 100644 --- a/state.md +++ b/state.md @@ -89,15 +89,17 @@ Supported action types currently include: ## Recommended direction ### Short term -- Review the remaining quoting-sensitive areas, especially around remote shell command construction -- Consider making log path and editor configurable +- Tackle the next hardening work as small, reviewable commits instead of one broad patch +- First focus on the interactive selection flow: make `whiptail` defaults explicit with `ON`/`OFF` and harden parsing of selected items - Revisit the log summary insertion method, which still relies on `sed -i` string interpolation +- Review package-manager cleanup steps that look incorrect or misleading, such as `apt-get purge` without arguments and the current `apk` `-y` handling +- Review the remaining quoting-sensitive areas, especially around remote shell command construction ### Medium term -- Improve parsing of node entries to avoid whitespace-splitting issues - Make SSH user, log path, and editor configurable - Improve non-interactive usage options -- Standardize error handling and exit codes +- Standardize error handling and exit codes with a documented policy for best-effort cleanup steps versus fatal failures +- Consider adopting a clearer shell option baseline such as an explicit global `pipefail` policy ### Long term - Refactor the script into smaller functions with less duplication @@ -117,15 +119,21 @@ Supported action types currently include: - The `pacman` orphan cleanup now runs entirely on the remote host instead of evaluating orphan detection locally - The `docker-stacks` action was rewritten to use a remote shell script with the stack directory passed as an argument - Unknown actions and reboot SSH failures now propagate error status more consistently +- A focused code review identified the next recommended work items and suggested splitting them into separate commits rather than combining them in one larger hardening change ## Change guidance - Preserve backward compatibility for existing config files where possible - Prefer incremental hardening over a full rewrite - Keep the tool simple and admin-friendly +- Split behavioral fixes into small logical commits when possible, for example: selection handling, log generation, package-manager cleanup semantics, and error-policy changes - Be cautious with changes to remote command construction, as quoting changes can introduce regressions ## Suggested review focus for future changes +- `whiptail` selection handling, including explicit default states and robust parsing of selected values +- Safe log summary generation without in-place `sed` interpolation of arbitrary text - Correctness of remote command execution - Safe quoting and shell expansion behavior - Compatibility of config format with existing user setups +- Error-handling policy consistency across action types +- Package-manager command correctness and cleanup-step behavior - Usability in both interactive and semi-automated contexts