cschantz/Linux-Server-Management-Toolkit
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
0f4ea3ff9b6ceab60e9cd6dc2edc8b38f6ecdbc2
Linux-Server-Management-Too…/REMAINING_IMPROVEMENTS.md
T

4.6 KiB
Raw Blame History

Remaining Improvements - Dev Branch

Status: Post-critical-fixes analysis Date: 2026-03-19 Branch: dev

High-Priority Items (Recommended Next)

1. Array Safety in User Enumeration (reference-db.sh:128)

# Current (potentially unsafe)
local users=($(list_all_users))

# Better approach
while IFS= read -r user; do
    [ -z "$user" ] && continue
    users+=("$user")
done < <(list_all_users)

Why: Safer handling of usernames with special characters Impact: Prevents word-splitting issues with unusual usernames Difficulty: LOW (30 min)

2. URL Encoding for Domain Checks (reference-db.sh:219, 225)

# Current (not encoded)
curl ... "http://$domain"

# Better approach
domain_encoded=$(printf %s "$domain" | sed 's/[^a-zA-Z0-9._-]/\\&/g')
curl ... "http://$domain_encoded"

Why: Handles domains with special characters or non-ASCII characters Impact: Prevents curl errors with unusual domain names Difficulty: LOW (30 min)

3. Timeout Configuration Validation

Current: Hardcoded 3-second timeout in curl operations Issue: May be insufficient for slow networks or servers Improvement: Make configurable via environment variable

DOMAIN_CHECK_TIMEOUT=${DOMAIN_CHECK_TIMEOUT:-3}
timeout $DOMAIN_CHECK_TIMEOUT curl ...

Difficulty: LOW (20 min)

Medium-Priority Items

4. Array Expansion Consistency (reference-db.sh:118)

Current: Mixes array patterns

# Line 118 - for loop with [@]
for php_ver in "${SYS_PHP_VERSIONS[@]}"; do

# Line 128 - array assignment with command substitution
local users=($(list_all_users))

Issue: Inconsistent array handling patterns Recommendation: Document and enforce consistent pattern Difficulty: LOW (15 min)

5. Progress Bar Rendering (lib/common-functions.sh:140-150)

Current: Uses carriage return \r for in-place updates Potential Issue: May not work correctly in all terminal types Improvement: Add fallback for dumb terminals

if [ "$TERM" != "dumb" ]; then
    printf "\r]..."  # In-place update
else
    echo "..."       # Fallback to newlines
fi

Difficulty: MEDIUM (45 min)

Low-Priority Items

6. Function Naming Conventions

Current: Mix of naming styles

  • build_system_section() - verb_noun style
  • check_domain_status() - verb_noun style
  • show_progress() - verb_noun style

Observation: Naming is actually consistent!

7. Inline Documentation

Current: Some functions lack purpose comments Recommendation: Add one-line purpose comments above all functions Difficulty: LOW (1 hour for all files)

8. Source Guard Safety (reference-db.sh line 1)

Current: No source guard (allows re-sourcing) Improvement: Add guard pattern

if [ -n "${_REFERENCE_DB_LOADED:-}" ]; then
    return 0
fi
readonly _REFERENCE_DB_LOADED=1

Difficulty: LOW (10 min, add to all library files)

9. Unused Variable Cleanup

Finding: No unused variables detected in recent code review Status: CLEAN

Implementation Priority Recommendation

Phase 2 - Next (1-2 hours)

  1. Critical security fixes (DONE - 16f222f)
  2. Array safety in user enumeration (30 min)
  3. URL encoding for domain checks (30 min)
  4. Timeout configuration (20 min)

Phase 3 - Later (2-3 hours)

  1. Array expansion consistency (15 min)
  2. Progress bar fallbacks (45 min)
  3. Source guard safety (10 min)
  4. Inline documentation (60 min)

Phase 4 - Low Priority (1 hour)

  1. Additional refinements based on testing

Testing Plan for Phase 2

Once Phase 2 items are fixed:

  1. Fresh AlmaLinux 8 Test

    • No control panel
    • No web server
    • No database
    • Expected: Proper detection with empty services

  2. Fresh Ubuntu 22.04 Test

    • With Apache
    • No MySQL
    • Expected: Proper Apache detection, MySQL marked as "none"

  3. cPanel Test

    • Full stack: cPanel, Apache, MySQL
    • Expected: All services detected correctly

  4. Plesk Test

    • Full stack: Plesk, Nginx, MariaDB
    • Expected: Proper Plesk and Nginx detection

Deployment Timeline

  • Critical security fixes - Commit 16f222f
  • Phase 2 improvements - Target 1-2 hours
  • Phase 2 testing - Target fresh systems
  • Phase 3 improvements - Target 2-3 hours
  • Full regression suite - Target all combinations
  • Merge to production main branch

Notes

  • All syntax checks pass (bash -n validation)
  • No runtime errors detected
  • Process substitution patterns are safe
  • Error handling is comprehensive
  • Color code duplication (lines 28-35 of launcher.sh) is redundant but harmless
Reference in New Issue View Git Blame Copy Permalink