Claude/audit codebase bugs 01 xvda2 xgf a7 qr7 r4 k ezof2n #4147
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…kernels Co-authored-by: spotty118 <[email protected]>
Co-authored-by: spotty118 <[email protected]>
Co-authored-by: spotty118 <[email protected]>
… aggregation, and WiFi 7 optimizations Co-authored-by: spotty118 <[email protected]>
[WIP] Update existing content
…ions Co-authored-by: spotty118 <[email protected]>
…zations [WIP] Update frontend README with enhancements and optimizations
Co-authored-by: spotty118 <[email protected]>
Co-authored-by: spotty118 <[email protected]>
Co-authored-by: spotty118 <[email protected]>
Co-authored-by: spotty118 <[email protected]>
…stem Co-authored-by: spotty118 <[email protected]>
…ction, and modern UI theme Co-authored-by: spotty118 <[email protected]>
…patches Add automated VPS-client pairing, first-boot wizard, dynamic WAN detection, and modern UI theme
Co-authored-by: spotty118 <[email protected]>
Co-authored-by: spotty118 <[email protected]>
Co-authored-by: spotty118 <[email protected]>
Add workflow_dispatch for on-demand builds and fix Quectel RM551E-GL modem detection
No changes required - build infrastructure complete
Co-authored-by: spotty118 <[email protected]>
- Updated kernel 6.6 luci to latest OpenWrt 24.10 commit - Updated kernel 6.12 to latest OpenWrt main branch commit - Added missing USB network drivers (aqc111, pl) - Added Ethernet drivers (atlantic, igc, macvtap) - Enhanced BPI-R4 and BPI-R4-PoE configs with comprehensive Quectel 5G modem support - Added WiFi 7 enhancements (MT7915e, MT7921e firmware and drivers) - Added MediaTek-specific drivers (mt7530, mtk-eth, dsa-mt7530) - Enhanced kernel stability options (panic handling, printk) - Added multi-WAN bonding support (bonding, team, ipvlan modules) - Enhanced VPS sysctl config for multi-WAN bonding - Added VPS kernel modules for bonding and traffic shaping Co-authored-by: spotty118 <[email protected]>
…o 192.168.2.1 - Created comprehensive RM551E stability monitoring script with automatic recovery - Enhanced RM551E initialization with better error handling and configuration - Added auto-start for RM551E monitor via init script - Cleaned up dead code and commented-out sections in build.sh - Changed default LAN IP from 192.168.100.1 to 192.168.2.1 to avoid router conflicts - Enabled DHCP server by default on LAN interface - Configured DNS and network defaults for better out-of-box experience - Updated first-boot wizard to reflect new IP address Co-authored-by: spotty118 <[email protected]>
- Created port auto-detection that identifies upstream internet on any port - Auto-configures detected WAN ports with DHCP and multipath support - Auto-configures remaining ports as LAN bridge members - Created WiFi auto-configuration with secure defaults (WPA3/SAE) - Generates random but secure WiFi passwords - Supports WiFi 7 (6GHz), WiFi 6 (5GHz), and WiFi 4/5/6 (2.4GHz) - Created self-aware network monitoring daemon - Continuously monitors network state and auto-adjusts configuration - Detects cable plug/unplug events and reconfigures accordingly - Monitors WAN connectivity and triggers reconfiguration if needed - Ensures DHCP server is always running on LAN - Runs continuously in background with procd supervision - Auto-starts on boot and after any network changes - Saves WiFi password to /etc/wifi-password.txt for user reference Co-authored-by: spotty118 <[email protected]>
Co-authored-by: spotty118 <[email protected]>
Co-authored-by: spotty118 <[email protected]>
…again Add self-contained VPS installation wizard
Co-authored-by: spotty118 <[email protected]>
Co-authored-by: spotty118 <[email protected]>
…ials Fix confirmation prompt defaulting to cancel on Enter key
Co-authored-by: spotty118 <[email protected]>
Co-authored-by: spotty118 <[email protected]>
Co-authored-by: spotty118 <[email protected]>
[WIP] Validate operating system compatibility for installation
Co-authored-by: spotty118 <[email protected]>
Co-authored-by: spotty118 <[email protected]>
Co-authored-by: spotty118 <[email protected]>
Co-authored-by: spotty118 <[email protected]>
…ecks [WIP] Audit code for stability between VPS and router setups
… accessibility features Co-authored-by: spotty118 <[email protected]>
…ode-again Implement comprehensive LuCI theme with modern CSS architecture, accessibility, and interactive enhancements
Co-authored-by: spotty118 <[email protected]>
Fix shell syntax error blocking all builds
This comprehensive audit identified and fixed multiple critical security
vulnerabilities, shell script bugs, and code quality issues:
CRITICAL SECURITY FIXES:
1. vps-scripts/install.sh - Completely rewritten
- Was broken (only contained "debian9-x86_64.sh")
- Now properly wraps wizard.sh with fallback logic
- Added error handling and download capability
2. sign.sh - Command injection vulnerability fixed
- Added proper quoting for all variables
- Added input validation for key and path parameters
- Added error handling with proper exit codes
- Prevents path traversal and command injection attacks
3. wizard.sh & omr-vps-install.sh - Sed injection vulnerabilities
- Fixed unescaped user input in sed commands
- VPS IP and passwords now properly escaped
- Prevents sed metacharacter exploitation
4. rm551e-init.sh - Multiple command injection vulnerabilities
- Fixed unquoted variables in sh -c commands (lines 88, 117, 129, 136, 186)
- Replaced echo -e with printf for POSIX compliance
- All device paths now properly quoted
5. modems/Makefile - Bashism and quoting issues
- Replaced shopt -s nullglob (bash-only) with portable find command
- Added proper quoting in generated init scripts
- Fixed command substitution quoting in kill command
CODE QUALITY FIXES:
6. wifi-autoconfig.sh - Bashism fixed
- Replaced ${band^^} (bash-only) with portable tr command
- Ensures compatibility with dash and other POSIX shells
7. build.sh - Error handling improvements
- Added fallback for curl failure (line 31)
- Fixed nested command substitution with backticks (line 45)
- Added error suppression and fallback values
- Prevents build failures from network issues
IMPACT:
- Eliminates command injection attack vectors
- Improves cross-platform compatibility
- Prevents build failures from network issues
- Ensures proper error handling throughout
All changes verified with bash -n syntax checks.
There was a problem hiding this comment.
Pull Request Overview
This PR adds a comprehensive suite of VPS installation scripts, auto-configuration tools, modem support (particularly for Quectel RM551E 5G), testing infrastructure, and a modern LuCI theme for OpenMPTCProuter Optimized. The changes significantly enhance the user experience with automated setup and beautiful web interfaces.
Key changes:
- VPS wizard and installation scripts with interactive setup
- Automated client/router configuration tools
- Comprehensive 5G modem support (RM551E) with monitoring
- Modern LuCI theme with dark mode and accessibility features
- Auto-configuration scripts for WiFi, modems, and ports
Reviewed Changes
Copilot reviewed 63 out of 71 changed files in this pull request and generated 2 comments.
Show a summary per file
| File | Description |
|---|---|
| vps-scripts/wizard.sh | Interactive VPS setup wizard with step-by-step configuration |
| vps-scripts/omr-vps-install.sh | Core VPS installation script |
| vps-scripts/test-*.sh | Test scripts for validation |
| scripts/easy-install.sh, client-auto-setup.sh, auto-pair.sh | Router/client setup automation |
| common/package/modems/* | Quectel RM551E 5G modem support and monitoring |
| common/package/luci-theme-omr-optimized/* | Modern web UI theme |
| common/files/usr/bin/*.sh | Auto-configuration utilities |
| config files | Hardware configuration for BPI-R4 and x86 |
| sign.sh | Enhanced image signing script |
Comments suppressed due to low confidence (1)
common/package/modems/Makefile:1
- The
while readloop withfindwill fail if filenames contain spaces or special characters. The originalshopt -s nullglobapproach was actually safer as it avoided spawning a subshell. Consider usingfind ... -execinstead or properly quote variables. However, the|| trueat the end ensures the build won't fail if no files are found, which is good defensive programming.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Comment on lines
+260
to
+265
| const aNum = parseFloat(aVal); | ||
| const bNum = parseFloat(bVal); | ||
|
|
||
| if (!isNaN(aNum) && !isNaN(bNum)) { | ||
| return isAscending ? aNum - bNum : bNum - aNum; | ||
| } |
There was a problem hiding this comment.
[nitpick] Numeric sorting using subtraction can produce incorrect results when the difference exceeds Number.MAX_SAFE_INTEGER or with very small differences. Use comparison operators instead: return isAscending ? (aNum < bNum ? -1 : aNum > bNum ? 1 : 0) : (bNum < bNum ? -1 : bNum > aNum ? 1 : 0). Though for typical table data, this is unlikely to be an issue.
| exit 1 | ||
| fi | ||
|
|
||
| echo "Signing images in $path/source/bin with key $key..." |
There was a problem hiding this comment.
[nitpick] The script outputs the key file path to the console. While this is informational, in security-sensitive contexts, avoid logging cryptographic key paths. Consider using a more generic message like "Signing images in $path/source/bin..." without revealing the key location.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Thanks for your contribution to OpenMPTCProuter!
You need to follow contributing rules.
Please remove this message before posting the pull request.