docs: update roadmap with next hardening priorities
This commit is contained in:
@@ -89,15 +89,17 @@ Supported action types currently include:
|
|||||||
## Recommended direction
|
## Recommended direction
|
||||||
|
|
||||||
### Short term
|
### Short term
|
||||||
- Review the remaining quoting-sensitive areas, especially around remote shell command construction
|
- Tackle the next hardening work as small, reviewable commits instead of one broad patch
|
||||||
- Consider making log path and editor configurable
|
- First focus on the interactive selection flow: make `whiptail` defaults explicit with `ON`/`OFF` and harden parsing of selected items
|
||||||
- Revisit the log summary insertion method, which still relies on `sed -i` string interpolation
|
- Revisit the log summary insertion method, which still relies on `sed -i` string interpolation
|
||||||
|
- Review package-manager cleanup steps that look incorrect or misleading, such as `apt-get purge` without arguments and the current `apk` `-y` handling
|
||||||
|
- Review the remaining quoting-sensitive areas, especially around remote shell command construction
|
||||||
|
|
||||||
### Medium term
|
### Medium term
|
||||||
- Improve parsing of node entries to avoid whitespace-splitting issues
|
|
||||||
- Make SSH user, log path, and editor configurable
|
- Make SSH user, log path, and editor configurable
|
||||||
- Improve non-interactive usage options
|
- Improve non-interactive usage options
|
||||||
- Standardize error handling and exit codes
|
- Standardize error handling and exit codes with a documented policy for best-effort cleanup steps versus fatal failures
|
||||||
|
- Consider adopting a clearer shell option baseline such as an explicit global `pipefail` policy
|
||||||
|
|
||||||
### Long term
|
### Long term
|
||||||
- Refactor the script into smaller functions with less duplication
|
- Refactor the script into smaller functions with less duplication
|
||||||
@@ -117,15 +119,21 @@ Supported action types currently include:
|
|||||||
- The `pacman` orphan cleanup now runs entirely on the remote host instead of evaluating orphan detection locally
|
- The `pacman` orphan cleanup now runs entirely on the remote host instead of evaluating orphan detection locally
|
||||||
- The `docker-stacks` action was rewritten to use a remote shell script with the stack directory passed as an argument
|
- The `docker-stacks` action was rewritten to use a remote shell script with the stack directory passed as an argument
|
||||||
- Unknown actions and reboot SSH failures now propagate error status more consistently
|
- Unknown actions and reboot SSH failures now propagate error status more consistently
|
||||||
|
- A focused code review identified the next recommended work items and suggested splitting them into separate commits rather than combining them in one larger hardening change
|
||||||
|
|
||||||
## Change guidance
|
## Change guidance
|
||||||
- Preserve backward compatibility for existing config files where possible
|
- Preserve backward compatibility for existing config files where possible
|
||||||
- Prefer incremental hardening over a full rewrite
|
- Prefer incremental hardening over a full rewrite
|
||||||
- Keep the tool simple and admin-friendly
|
- Keep the tool simple and admin-friendly
|
||||||
|
- Split behavioral fixes into small logical commits when possible, for example: selection handling, log generation, package-manager cleanup semantics, and error-policy changes
|
||||||
- Be cautious with changes to remote command construction, as quoting changes can introduce regressions
|
- Be cautious with changes to remote command construction, as quoting changes can introduce regressions
|
||||||
|
|
||||||
## Suggested review focus for future changes
|
## Suggested review focus for future changes
|
||||||
|
- `whiptail` selection handling, including explicit default states and robust parsing of selected values
|
||||||
|
- Safe log summary generation without in-place `sed` interpolation of arbitrary text
|
||||||
- Correctness of remote command execution
|
- Correctness of remote command execution
|
||||||
- Safe quoting and shell expansion behavior
|
- Safe quoting and shell expansion behavior
|
||||||
- Compatibility of config format with existing user setups
|
- Compatibility of config format with existing user setups
|
||||||
|
- Error-handling policy consistency across action types
|
||||||
|
- Package-manager command correctness and cleanup-step behavior
|
||||||
- Usability in both interactive and semi-automated contexts
|
- Usability in both interactive and semi-automated contexts
|
||||||
|
|||||||
Reference in New Issue
Block a user