fix : changelog plus readme a jour

RecetteScripts/backup-bdd-recette.sh

@@ -1,5 +1,6 @@
 #!/usr/bin/env bash
 set -euo pipefail
+umask 077
 
 ###############################################################################
 # backup-bdd-recette.sh
@@ -67,15 +68,82 @@ set +a
 
 read -r -a DBS_ARRAY <<< "$DBS"
 
+validate_db_name() {
+  local db_name="$1"
+
+  [[ -n "$db_name" ]] || {
+    echo "ERROR: nom de base vide dans DBS" >&2
+    exit 1
+  }
+
+  [[ "$db_name" =~ ^[a-zA-Z0-9_]+$ ]] || {
+    echo "ERROR: nom de base invalide dans DBS : $db_name" >&2
+    exit 1
+  }
+}
+
+for DB in "${DBS_ARRAY[@]}"; do
+  validate_db_name "$DB"
+done
+
 IA_SSH="${BACKUP_REMOTE_USER}@${BACKUP_REMOTE_HOST}"
-IA_BASE_DIR="${BACKUP_REMOTE_DIR}"
 RETENTION_DAYS=10
+BACKUP_REMOTE_SSH_PORT="${BACKUP_REMOTE_SSH_PORT:-22}"
+BACKUP_KNOWN_HOSTS_STRICT="${BACKUP_KNOWN_HOSTS_STRICT:-yes}"
+BACKUP_KNOWN_HOSTS_FILE="${BACKUP_KNOWN_HOSTS_FILE:-${HOME}/.ssh/known_hosts}"
+
+[[ "$BACKUP_REMOTE_SSH_PORT" =~ ^[0-9]+$ ]] || {
+  echo "ERROR: BACKUP_REMOTE_SSH_PORT invalide" >&2
+  exit 1
+}
+
+[[ "$PGPORT" =~ ^[0-9]+$ ]] || {
+  echo "ERROR: PGPORT invalide" >&2
+  exit 1
+}
+
+[[ "$SSH_TIMEOUT" =~ ^[0-9]+$ ]] || {
+  echo "ERROR: SSH_TIMEOUT invalide" >&2
+  exit 1
+}
+
+[[ "$PGUSER" =~ ^[a-zA-Z0-9_][a-zA-Z0-9_-]*$ ]] || {
+  echo "ERROR: PGUSER invalide" >&2
+  exit 1
+}
+
+case "${BACKUP_KNOWN_HOSTS_STRICT,,}" in
+  yes|y|oui|o|true|1) BACKUP_KNOWN_HOSTS_STRICT="yes" ;;
+  no|n|non|false|0) BACKUP_KNOWN_HOSTS_STRICT="no" ;;
+  *)
+    echo "ERROR: BACKUP_KNOWN_HOSTS_STRICT invalide" >&2
+    exit 1
+    ;;
+esac
+
+mkdir -p "$(dirname "$BACKUP_KNOWN_HOSTS_FILE")"
+chmod 700 "$(dirname "$BACKUP_KNOWN_HOSTS_FILE")" || true
+touch "$BACKUP_KNOWN_HOSTS_FILE"
+chmod 600 "$BACKUP_KNOWN_HOSTS_FILE" || true
 
 SSH_OPTS=(
   -i "$SSH_KEY"
+  -p "$BACKUP_REMOTE_SSH_PORT"
   -o IdentitiesOnly=yes
   -o BatchMode=yes
   -o ConnectTimeout="${SSH_TIMEOUT}"
+  -o StrictHostKeyChecking="${BACKUP_KNOWN_HOSTS_STRICT}"
+  -o UserKnownHostsFile="${BACKUP_KNOWN_HOSTS_FILE}"
+)
+
+SCP_OPTS=(
+  -i "$SSH_KEY"
+  -P "$BACKUP_REMOTE_SSH_PORT"
+  -o IdentitiesOnly=yes
+  -o BatchMode=yes
+  -o ConnectTimeout="${SSH_TIMEOUT}"
+  -o StrictHostKeyChecking="${BACKUP_KNOWN_HOSTS_STRICT}"
+  -o UserKnownHostsFile="${BACKUP_KNOWN_HOSTS_FILE}"
 )
 
 LOG_DIR="${BACKUP_LOG_DIR}"
@@ -85,8 +153,10 @@ TS="$(date +'%Y-%m-%d_%H-%M-%S')"
 BACKUP_DIR_NAME="backup_${TS}"
 LOG_FILE="${LOG_DIR}/${BACKUP_DIR_NAME}.log"
 
-TMP_DIR="/tmp/pg_dump_${BACKUP_DIR_NAME}"
-mkdir -p "$TMP_DIR"
+TMP_DIR="$(mktemp -d /tmp/pg_dump_XXXXXX)" || {
+  echo "ERROR: impossible de créer le dossier temporaire" >&2
+  exit 1
+}
 
 exec > >(tee -a "$LOG_FILE") 2>&1
 
@@ -96,19 +166,46 @@ require_cmd() {
   command -v "$1" >/dev/null 2>&1
 }
 
+safe_remove_dir() {
+  local dir="${1:-}"
+  [[ -n "$dir" ]] || return 0
+  [[ "$dir" == /tmp/pg_dump_* ]] || {
+    log "WARNING: suppression refusée pour le chemin inattendu : $dir"
+    return 1
+  }
+  rm -rf -- "$dir"
+}
+
 export PGPASSWORD
 
 #######################################
 # Vérification dépendances minimales
 #######################################
 
-for cmd in ssh scp curl jq pg_dump pg_dumpall; do
+for cmd in ssh scp curl jq pg_dump pg_dumpall mktemp; do
   require_cmd "$cmd" || {
     echo "ERROR: commande manquante : $cmd" >&2
     exit 1
   }
 done
 
+[[ -f "$SSH_KEY" ]] || {
+  echo "ERROR: clé SSH introuvable : $SSH_KEY" >&2
+  exit 1
+}
+
+[[ -r "$SSH_KEY" ]] || {
+  echo "ERROR: clé SSH non lisible : $SSH_KEY" >&2
+  exit 1
+}
+
+[[ ! -L "$SSH_KEY" ]] || {
+  echo "ERROR: la clé SSH ne doit pas être un lien symbolique : $SSH_KEY" >&2
+  exit 1
+}
+
+chmod 600 "$SSH_KEY" || true
+
 #######################################
 # Configuration Discord
 #######################################
@@ -271,19 +368,21 @@ if ! mkdir "$LOCK_DIR" 2>/dev/null; then
   exit 1
 fi
 
-trap 'rm -rf "$LOCK_DIR" "$TMP_DIR"' EXIT
+cleanup() {
+  rm -rf -- "$LOCK_DIR"
+  safe_remove_dir "$TMP_DIR" || true
+}
+trap cleanup EXIT
 
 #######################################
 # Préparation du dossier distant
 #######################################
 
-REMOTE_DIR="${IA_BASE_DIR}"
-
 log "Creating remote directories"
 
-MKDIR_CMD="mkdir -p '${REMOTE_DIR}/user'"
+MKDIR_CMD="mkdir -p '${BACKUP_REMOTE_DIR}/user'"
 for DB in "${DBS_ARRAY[@]}"; do
-  MKDIR_CMD+=" '${REMOTE_DIR}/${DB}'"
+  MKDIR_CMD+=" '${BACKUP_REMOTE_DIR}/${DB}'"
 done
 
 if ! ssh "${SSH_OPTS[@]}" "$IA_SSH" "$MKDIR_CMD"; then
@@ -320,7 +419,7 @@ else
 fi
 
 if [[ -n "${USERS_EXPORT_OK:-}" ]]; then
-  scp "${SSH_OPTS[@]}" "$ROLES_FILE" "$IA_SSH:${REMOTE_DIR}/user/"
+  scp "${SCP_OPTS[@]}" "$ROLES_FILE" "$IA_SSH:${BACKUP_REMOTE_DIR}/user/"
   RET=$?
 
   if [[ $RET -ne 0 ]]; then
@@ -364,7 +463,7 @@ for DB in "${DBS_ARRAY[@]}"; do
     continue
   fi
 
-  scp "${SSH_OPTS[@]}" "$FILE" "$IA_SSH:${REMOTE_DIR}/${DB}/"
+  scp "${SCP_OPTS[@]}" "$FILE" "$IA_SSH:${BACKUP_REMOTE_DIR}/${DB}/"
   RET=$?
 
   if [[ $RET -ne 0 ]]; then
@@ -384,7 +483,7 @@ log "Starting remote rotation: delete backups older than ${RETENTION_DAYS} days"
 
 set +e
 
-ssh "${SSH_OPTS[@]}" "$IA_SSH" "find '${REMOTE_DIR}/user' -type f -name 'user_*.sql' -mtime +${RETENTION_DAYS} -delete"
+ssh "${SSH_OPTS[@]}" "$IA_SSH" "find '${BACKUP_REMOTE_DIR}/user' -type f -name 'user_*.sql' -mtime +${RETENTION_DAYS} -delete"
 RET=$?
 
 if [[ $RET -ne 0 ]]; then
@@ -394,7 +493,7 @@ else
 fi
 
 for DB in "${DBS_ARRAY[@]}"; do
-  ssh "${SSH_OPTS[@]}" "$IA_SSH" "find '${REMOTE_DIR}/${DB}' -type f -name '${DB}_*.dump' -mtime +${RETENTION_DAYS} -delete"
+  ssh "${SSH_OPTS[@]}" "$IA_SSH" "find '${BACKUP_REMOTE_DIR}/${DB}' -type f -name '${DB}_*.dump' -mtime +${RETENTION_DAYS} -delete"
   RET=$?
 
   if [[ $RET -ne 0 ]]; then
@@ -412,7 +511,7 @@ log "Remote rotation finished"
 # Nettoyage local
 #######################################
 
-rm -rf "$TMP_DIR"
+safe_remove_dir "$TMP_DIR" || true
 
 #######################################
 # Bilan final Discord
@@ -442,4 +541,4 @@ for DB in "${DBS_ARRAY[@]}"; do
   fi
 done
 
-exit 2
+exit 2