Make daily backup stop timeout configurable #8

Merged

quentinreytinas merged 2 commits from codex/remove-sh-from-dangerous_commands-7vtpve into main

2025-10-29 11:54:45 +01:00

quentinreytinas commented

2025-10-28 23:09:20 +01:00

(Migrated from github.com)

Summary

add a configurable daily_stop_timeout setting sourced from the AIO_STOP_TIMEOUT environment variable
honor optional stop_timeout overrides on /create-backup requests and report timeouts with the effective value
cover the new timeout handling with tests

Testing

pytest
python -m compileall tests/test_app.py

https://chatgpt.com/codex/tasks/task_e_69013228a6008332a17492cc7c2cab43

## Summary - add a configurable `daily_stop_timeout` setting sourced from the `AIO_STOP_TIMEOUT` environment variable - honor optional `stop_timeout` overrides on `/create-backup` requests and report timeouts with the effective value - cover the new timeout handling with tests ## Testing - pytest - python -m compileall tests/test_app.py ------ https://chatgpt.com/codex/tasks/task_e_69013228a6008332a17492cc7c2cab43

chatgpt-codex-connector[bot] commented

2025-10-28 23:14:16 +01:00

(Migrated from github.com)

💡 Codex Review

github.com/quentinreytinas/borgmatic-api-nextcloud-aio@f9ed6f2461/borgmatic_api_app/docker.py (L69-L80)
Shell blacklist can be bypassed with absolute paths

The updated validate_docker_exec now flags dangerous commands only when an argument matches the blocked word exactly (dangerous == part.lower()). This means a shell call such as /bin/bash or /usr/bin/sh is no longer rejected by either the no_shell check or the dangerous_commands list, because none of the argument tokens equals "bash" or "sh". Previously the substring check (dangerous in lowered) would block these cases. For whitelists configured with no_shell=True and a permissive command list (e.g. empty list to allow maintenance commands), this change allows shell access simply by specifying an absolute path, defeating the protection the flag is supposed to provide.

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

Open a pull request for review
Mark a draft as ready
Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

### 💡 Codex Review https://github.com/quentinreytinas/borgmatic-api-nextcloud-aio/blob/f9ed6f2461252d5f1a6c8dc6c5a04c0fd047ee7e/borgmatic_api_app/docker.py#L69-L80 **![P1 Badge](https://img.shields.io/badge/P1-orange?style=flat) Shell blacklist can be bypassed with absolute paths** The updated `validate_docker_exec` now flags dangerous commands only when an argument matches the blocked word exactly (`dangerous == part.lower()`). This means a shell call such as `/bin/bash` or `/usr/bin/sh` is no longer rejected by either the `no_shell` check or the `dangerous_commands` list, because none of the argument tokens equals `"bash"` or `"sh"`. Previously the substring check (`dangerous in lowered`) would block these cases. For whitelists configured with `no_shell=True` and a permissive command list (e.g. empty list to allow maintenance commands), this change allows shell access simply by specifying an absolute path, defeating the protection the flag is supposed to provide. <details> <summary>ℹ️ About Codex in GitHub</summary> [Your team has set up Codex to review pull requests in this repo](http://chatgpt.com/codex/settings/general). Reviews are triggered when you - Open a pull request for review - Mark a draft as ready - Comment "@codex review". If Codex has suggestions, it will comment; otherwise it will react with 👍. Codex can also answer questions or update the PR. Try commenting "@codex address that feedback". </details>