Renz
0cf21cd893
- Implemented TUI auto-select for automated testing - Fixed TUI automation: autoSelectMsg handling in Update() - Auto-database selection in DatabaseSelector - Created focused test suite (test_as_postgres.sh) - Created retention policy test (test_retention.sh) - All 10 security tests passing Features validated: ✅ Backup retention policy (30 days, min backups) ✅ Rate limiting (exponential backoff) ✅ Privilege checks (root detection) ✅ Resource limit validation ✅ Path sanitization ✅ Checksum verification (SHA-256) ✅ Audit logging ✅ Secure permissions ✅ Configuration persistence ✅ TUI automation framework Test results: 10/10 passed Backup files created with .dump, .sha256, .info Retention cleanup verified (old files removed)
92 lines
2.2 KiB
Go
Executable File
92 lines
2.2 KiB
Go
Executable File
package security
|
|
|
|
import (
|
|
"crypto/sha256"
|
|
"encoding/hex"
|
|
"fmt"
|
|
"io"
|
|
"os"
|
|
)
|
|
|
|
// ChecksumFile calculates SHA-256 checksum of a file
|
|
func ChecksumFile(path string) (string, error) {
|
|
file, err := os.Open(path)
|
|
if err != nil {
|
|
return "", fmt.Errorf("failed to open file: %w", err)
|
|
}
|
|
defer file.Close()
|
|
|
|
hash := sha256.New()
|
|
if _, err := io.Copy(hash, file); err != nil {
|
|
return "", fmt.Errorf("failed to calculate checksum: %w", err)
|
|
}
|
|
|
|
return hex.EncodeToString(hash.Sum(nil)), nil
|
|
}
|
|
|
|
// VerifyChecksum verifies a file's checksum against expected value
|
|
func VerifyChecksum(path string, expectedChecksum string) error {
|
|
actualChecksum, err := ChecksumFile(path)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
if actualChecksum != expectedChecksum {
|
|
return fmt.Errorf("checksum mismatch: expected %s, got %s", expectedChecksum, actualChecksum)
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
// SaveChecksum saves checksum to a .sha256 file alongside the archive
|
|
func SaveChecksum(archivePath string, checksum string) error {
|
|
checksumPath := archivePath + ".sha256"
|
|
content := fmt.Sprintf("%s %s\n", checksum, archivePath)
|
|
|
|
if err := os.WriteFile(checksumPath, []byte(content), 0644); err != nil {
|
|
return fmt.Errorf("failed to save checksum: %w", err)
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
// LoadChecksum loads checksum from a .sha256 file
|
|
func LoadChecksum(archivePath string) (string, error) {
|
|
checksumPath := archivePath + ".sha256"
|
|
|
|
data, err := os.ReadFile(checksumPath)
|
|
if err != nil {
|
|
return "", fmt.Errorf("failed to read checksum file: %w", err)
|
|
}
|
|
|
|
// Parse "checksum filename" format
|
|
parts := []byte{}
|
|
for i, b := range data {
|
|
if b == ' ' {
|
|
parts = data[:i]
|
|
break
|
|
}
|
|
}
|
|
|
|
if len(parts) == 0 {
|
|
return "", fmt.Errorf("invalid checksum file format")
|
|
}
|
|
|
|
return string(parts), nil
|
|
}
|
|
|
|
// LoadAndVerifyChecksum loads checksum from .sha256 file and verifies the archive
|
|
// Returns nil if checksum file doesn't exist (optional verification)
|
|
// Returns error if checksum file exists but verification fails
|
|
func LoadAndVerifyChecksum(archivePath string) error {
|
|
expectedChecksum, err := LoadChecksum(archivePath)
|
|
if err != nil {
|
|
if os.IsNotExist(err) {
|
|
return nil // Checksum file doesn't exist, skip verification
|
|
}
|
|
return err
|
|
}
|
|
|
|
return VerifyChecksum(archivePath, expectedChecksum)
|
|
}
|