Skip to content

fix: harden self-update security and error handling #2

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
prettyleaf merged 6 commits into from
Jan 15, 2026
Merged

fix: harden self-update security and error handling #2

prettyleaf merged 6 commits into from
Jan 15, 2026

Conversation

Copy link
Contributor

Copilot AI commented Jan 15, 2026
edited
Loading

Addresses security vulnerabilities and error handling gaps in the self-update mechanism identified during code review.

Security hardening:

  • Use mktemp for temporary files (prevents symlink attacks)
  • Download from tagged releases (v${version}) instead of main branch
  • Validate version format with regex before accepting remote version
  • Verify script readability before attempting backup

Error handling improvements:

  • Explicit error checking for backup creation, move, and chmod operations
  • Automatic rollback to backup if any operation fails
  • Clear error messages at each failure point
  • Validates backup timestamp before arithmetic operations

Code quality:

  • Properly save/restore IFS variable to prevent side effects
  • Robust version extraction supporting multiple quote styles
  • Remove conditional backup message (only show if file exists)

Backup management:

  • Automatically cleans up backup files older than 1 day (86400 seconds)
  • Portable stat command support (Linux and BSD)
  • Safe timestamp validation prevents arithmetic errors
  • Cleanup actions logged for audit trail

Example of the improved error handling:

if ! mv "${temp_file}" "${SCRIPT_PATH}"; then
    print_error "Failed to install update (move operation failed)"
    if [[ "${had_backup}" == true ]]; then
        mv "${SCRIPT_PATH}.backup" "${SCRIPT_PATH}"
        print_info "Restored previous version from backup."
    fi
    return 1
fi

💬 We'd love your input! Share your thoughts on Copilot coding agent in our 2 minute survey.

Copilot AI mentioned this pull request Jan 15, 2026
Merged
Copilot AI and others added 2 commits January 15, 2026 09:43
@prettyleaf
fix: address security and robustness issues in update functionality
59bbab2 
- Use mktemp for secure temporary file creation
- Add robust version extraction with format validation
- Save and restore IFS variable properly
- Validate backup creation success before proceeding
- Add comprehensive error handling for mv and chmod operations
- Implement automatic backup restoration on failure
- Download from tagged version instead of main branch

Co-authored-by: prettyleaf <81024464+prettyleaf@users.noreply.github.com>
@prettyleaf
fix: add 'v' prefix to download ref for proper tag resolution
77a6e6b 
Co-authored-by: prettyleaf <81024464+prettyleaf@users.noreply.github.com>
Copilot AI changed the title [WIP] Add version tracking and self-update capabilities to script fix: harden self-update security and error handling Jan 15, 2026
Copilot AI requested a review from prettyleaf January 15, 2026 09:45
prettyleaf
prettyleaf requested changes Jan 15, 2026
View reviewed changes
Copy link
Owner

@prettyleaf prettyleaf left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

needs a check to delete old backup files. if backup is older than 1 day = delete

Copilot AI and others added 2 commits January 15, 2026 11:06
@prettyleaf
feat: add automatic cleanup of backup files older than 1 day
dd3581f 
- Check for existing backup file at start of self_update
- Calculate backup file age using stat command (supports both Linux and BSD)
- Delete backup if older than 86400 seconds (1 day)
- Log cleanup action for audit trail

Co-authored-by: prettyleaf <81024464+prettyleaf@users.noreply.github.com>
@prettyleaf
refactor: improve backup cleanup code readability
796ac4c 
- Extract timestamp retrieval into separate variable
- Use explicit calculation for one_day_seconds (24 * 60 * 60)

Co-authored-by: prettyleaf <81024464+prettyleaf@users.noreply.github.com>
Copy link
Contributor Author

Copilot AI commented Jan 15, 2026

needs a check to delete old backup files. if backup is older than 1 day = delete

Added automatic cleanup of backup files older than 1 day in commit 796ac4c. The cleanup runs at the start of self_update() and:

  • Checks if a backup file exists
  • Calculates its age using stat (supports both Linux and BSD)
  • Deletes it if older than 86400 seconds (24 * 60 * 60)
  • Logs the cleanup action to the audit log

@prettyleaf
fix: add validation for backup timestamp before arithmetic operations
89c9aa2 
- Validate backup_timestamp is non-empty and numeric
- Prevents arithmetic errors if stat command fails
- Silently skips cleanup if timestamp cannot be determined

Co-authored-by: prettyleaf <81024464+prettyleaf@users.noreply.github.com>
@prettyleaf prettyleaf marked this pull request as ready for review January 15, 2026 11:09
Copilot AI requested a review from prettyleaf January 15, 2026 11:10
@prettyleaf
Copy link
Owner

prettyleaf commented Jan 15, 2026

@copilot close #1

@prettyleaf prettyleaf merged commit 049a795 into dev Jan 15, 2026
1 check failed
@prettyleaf prettyleaf deleted the copilot/sub-pr-1 branch January 15, 2026 11:12
Copilot AI requested a review from prettyleaf January 15, 2026 11:12
Copilot stopped work on behalf of prettyleaf due to an error January 15, 2026 11:12
The session was cancelled by the user.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@prettyleaf prettyleaf Awaiting requested review from prettyleaf

Assignees

@prettyleaf prettyleaf

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@prettyleaf