ruborg 0.3.1 → 0.5.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (18) hide show
  1. checksums.yaml +4 -4
  2. data/.rubocop.yml +175 -0
  3. data/CHANGELOG.md +41 -0
  4. data/CLAUDE.md +67 -1
  5. data/README.md +404 -80
  6. data/Rakefile +1 -1
  7. data/SECURITY.md +41 -2
  8. data/exe/ruborg +1 -1
  9. data/lib/ruborg/backup.rb +97 -12
  10. data/lib/ruborg/cli.rb +276 -77
  11. data/lib/ruborg/config.rb +18 -61
  12. data/lib/ruborg/logger.rb +4 -5
  13. data/lib/ruborg/passbolt.rb +5 -5
  14. data/lib/ruborg/repository.rb +275 -7
  15. data/lib/ruborg/version.rb +2 -2
  16. data/lib/ruborg.rb +1 -1
  17. data/ruborg.yml.example +138 -22
  18. metadata +41 -12
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 0bb6c1c5f47b1fbb4538310a929914b0e744bcdb30d5e5635c4246df778e2113
4
- data.tar.gz: bda5cf063fe587a047dd36fa9c5e948d8130e47501a53eabef9c34a3af7ae361
3
+ metadata.gz: 1233e04a2f95e8e8aadb9ad97d043b2d9b52c446821ff89495073a6a8762b6cc
4
+ data.tar.gz: ee3fd1ae2256299120d7f78aac3243c2de44f8f3c072c4c29dd44cb761caf769
5
5
  SHA512:
6
- metadata.gz: 8828dacb76519557d51876327133491318bd199e589fb695d08a94af1a73a3c34772f022b6630e199a2c1ab9ab7d78dcce043a402bfa0f418ae51262aad80e8f
7
- data.tar.gz: 99b7e79eb2e50240862f7ade79291d9a76469385f2b7e8949df8e6ac3251f9adcbe2f605e42c09364616c028f10575593c3e0a1df1d020bcf8fc7291a9cdb558
6
+ metadata.gz: 59d6ad7e5797cbbd964390d0425bf1392695c24f938a40978ddea371552da84604bf0a8eb189b207318ed68dba966311d45659f2b6abd3a59711f766465a5b36
7
+ data.tar.gz: 6c77a312c9b820dd22d7f0396dbb24fac70da4654023c89eebc94c962d367b963a448a923ce23574862276452c441e3ebd723601fd58a2634e3337d402a9c066
data/.rubocop.yml ADDED
@@ -0,0 +1,175 @@
1
+ # RuboCop configuration for Ruborg
2
+
3
+ plugins:
4
+ - rubocop-rspec
5
+
6
+ AllCops:
7
+ TargetRubyVersion: 3.2
8
+ NewCops: enable
9
+ SuggestExtensions: false
10
+ Exclude:
11
+ - 'vendor/**/*'
12
+ - 'tmp/**/*'
13
+ - 'bin/*'
14
+
15
+ # Disable documentation requirement
16
+ Style/Documentation:
17
+ Enabled: false
18
+
19
+ # Allow development dependencies in gemspec
20
+ Gemspec/DevelopmentDependencies:
21
+ Enabled: false
22
+
23
+ # Allow longer lines in some cases
24
+ Layout/LineLength:
25
+ Max: 120
26
+ AllowedPatterns:
27
+ - '\s+# '
28
+ - '^\s*#'
29
+ Exclude:
30
+ - 'spec/**/*'
31
+
32
+ # Allow longer methods in specs
33
+ Metrics/MethodLength:
34
+ Max: 25
35
+ Exclude:
36
+ - 'spec/**/*'
37
+ - 'lib/ruborg/cli.rb' # CLI commands can be longer
38
+
39
+ # Allow longer blocks in specs
40
+ Metrics/BlockLength:
41
+ Exclude:
42
+ - 'spec/**/*'
43
+ - '*.gemspec'
44
+
45
+ # Allow more complex methods
46
+ Metrics/AbcSize:
47
+ Max: 30
48
+ Exclude:
49
+ - 'spec/**/*'
50
+ - 'lib/ruborg/cli.rb' # CLI commands can be more complex
51
+
52
+ # Allow reasonable cyclomatic complexity
53
+ Metrics/CyclomaticComplexity:
54
+ Max: 15
55
+ Exclude:
56
+ - 'lib/ruborg/cli.rb' # CLI commands can have more branches
57
+
58
+ # Allow reasonable perceived complexity
59
+ Metrics/PerceivedComplexity:
60
+ Max: 15
61
+ Exclude:
62
+ - 'lib/ruborg/cli.rb' # CLI commands can be more complex
63
+
64
+ # Allow larger classes for CLI and main library classes
65
+ Metrics/ClassLength:
66
+ Max: 350
67
+ Exclude:
68
+ - 'spec/**/*'
69
+
70
+ # Prefer modern hash syntax
71
+ Style/HashSyntax:
72
+ EnforcedStyle: ruby19
73
+
74
+ # Prefer double quotes for consistency
75
+ Style/StringLiterals:
76
+ EnforcedStyle: double_quotes
77
+
78
+ # Allow both single and double quotes in specs
79
+ Style/StringLiteralsInInterpolation:
80
+ EnforcedStyle: double_quotes
81
+
82
+ # Prefer symbols as hash keys
83
+ Style/SymbolArray:
84
+ EnforcedStyle: brackets
85
+
86
+ # Allow compact module/class definition
87
+ Style/ClassAndModuleChildren:
88
+ Enabled: false
89
+
90
+ # Allow both proc and lambda
91
+ Style/Lambda:
92
+ Enabled: false
93
+
94
+ # Allow if/unless modifiers
95
+ Style/IfUnlessModifier:
96
+ Enabled: true
97
+
98
+ # Prefer raise over fail
99
+ Style/SignalException:
100
+ EnforcedStyle: only_raise
101
+
102
+ # Allow compact empty methods
103
+ Style/EmptyMethod:
104
+ EnforcedStyle: compact
105
+
106
+ # Prefer explicit returns in some cases
107
+ Style/RedundantReturn:
108
+ Enabled: false
109
+
110
+ # Don't enforce attr_reader for method definitions in blocks
111
+ Style/TrivialAccessors:
112
+ Enabled: false
113
+
114
+ # RSpec specific cops
115
+ RSpec/ExampleLength:
116
+ Max: 25
117
+
118
+ RSpec/MultipleExpectations:
119
+ Max: 5
120
+
121
+ RSpec/NestedGroups:
122
+ Max: 5
123
+
124
+ RSpec/DescribeClass:
125
+ Exclude:
126
+ - 'spec/integration/**/*'
127
+ - 'spec/ruborg/auto_init_spec.rb'
128
+ - 'spec/ruborg/backup_integration_spec.rb'
129
+ - 'spec/ruborg/log_config_spec.rb'
130
+ - 'spec/ruborg/per_file_backup_spec.rb'
131
+ - 'spec/ruborg/security_spec.rb'
132
+
133
+ # Allow any_instance_of for testing
134
+ RSpec/AnyInstance:
135
+ Enabled: false
136
+
137
+ # Allow both expect and allow for message expectations
138
+ RSpec/MessageSpies:
139
+ Enabled: false
140
+
141
+ # Allow both expect and allow
142
+ RSpec/StubbedMock:
143
+ Enabled: false
144
+
145
+ # Allow normal doubles in specs
146
+ RSpec/VerifiedDoubles:
147
+ Enabled: false
148
+
149
+ # Allow multiple memoized helpers
150
+ RSpec/MultipleMemoizedHelpers:
151
+ Enabled: false
152
+
153
+ # Allow backticks for command execution
154
+ Style/CommandLiteral:
155
+ Enabled: false
156
+
157
+ # Allow safe navigation chains
158
+ Style/SafeNavigationChainLength:
159
+ Enabled: false
160
+
161
+ # Allow useless constant scoping for clarity
162
+ Lint/UselessConstantScoping:
163
+ Enabled: false
164
+
165
+ # Allow get_ prefix in method names for clarity
166
+ Naming/AccessorMethodName:
167
+ Enabled: false
168
+
169
+ # Allow predicate methods without ? suffix
170
+ Naming/PredicateMethod:
171
+ Enabled: false
172
+
173
+ # Allow any spec file path format
174
+ RSpec/SpecFilePathFormat:
175
+ Enabled: false
data/CHANGELOG.md CHANGED
@@ -7,6 +7,47 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
7
7
 
8
8
  ## [Unreleased]
9
9
 
10
+ ## [0.5.0] - 2025-10-08
11
+
12
+ ### Added
13
+ - **Hostname Validation**: Optional `hostname` configuration key to restrict backup operations to specific hosts
14
+ - Can be configured globally or per-repository
15
+ - Repository-specific hostname overrides global setting
16
+ - Validates system hostname before backup, list, restore, check operations
17
+ - Prevents accidental execution of backups on wrong machines
18
+ - Displayed in `info` command output
19
+ - Comprehensive test coverage for hostname validation (6 new test cases)
20
+ - Documentation for hostname feature in example config and README
21
+
22
+ ### Changed
23
+ - `info` command now displays hostname when configured (global or per-repository)
24
+
25
+ ## [0.4.0] - 2025-10-06
26
+
27
+ ### Added
28
+ - Borg executable validation: verifies `borg_path` points to actual Borg binary
29
+ - bundler-audit integration for dependency vulnerability scanning
30
+ - RuboCop with rubocop-rspec for code quality enforcement
31
+ - Enhanced pruning logs showing retention mode (standard vs per-file)
32
+ - Comprehensive development workflow documentation in CLAUDE.md
33
+ - Example configuration file: `ruborg.yml.example`
34
+
35
+ ### Security
36
+ - **CRITICAL**: Fixed remaining command injection vulnerabilities in repository.rb
37
+ - Replaced backtick execution with Open3.capture3 in `list_archives_with_metadata`
38
+ - Replaced backtick execution with Open3.capture3 in `get_file_mtime_from_archive`
39
+ - Replaced backtick execution with Open3.capture2e in `execute_version_command`
40
+ - Added borg_path validation to prevent execution of arbitrary binaries
41
+ - Removed unused `env_to_cmd_prefix` helper method (no longer needed with Open3)
42
+ - Updated SECURITY.md with new security features and best practices
43
+ - Added config file permission requirements (chmod 600) to documentation
44
+ - Zero known vulnerabilities in dependencies (verified with bundler-audit)
45
+
46
+ ### Changed
47
+ - All command execution now uses Open3 methods (no backticks anywhere)
48
+ - Pruning logs now include retention mode details
49
+ - Enhanced security documentation with detailed config file protection guidelines
50
+
10
51
  ## [0.3.1] - 2025-10-05
11
52
 
12
53
  ### Added
data/CLAUDE.md CHANGED
@@ -1 +1,67 @@
1
- - ruborg is a ruby gem to perform backups using borg. it reads a configuration file in yaml and instructs borg about what to do. it is a friendly fornt end of borg in ruby. it can create and access backup repositories. it can take and recall backup files or directories. it can interract with passbolt through cli to access encryption passwords.
1
+ # Ruborg Project
2
+
3
+ ## Overview
4
+ Ruborg is a Ruby gem to perform backups using Borg. It reads a configuration file in YAML and instructs Borg about what to do. It is a friendly frontend of Borg in Ruby. It can create and access backup repositories. It can take and recall backup files or directories. It can interact with Passbolt through CLI to access encryption passwords.
5
+
6
+ ## Development Practices
7
+
8
+ ### Code Quality
9
+ - **RuboCop**: Static code analyzer and formatter configured in `.rubocop.yml`
10
+ - Run: `bundle exec rubocop`
11
+ - Auto-fix: `bundle exec rubocop -a`
12
+ - Target: 0 offenses (currently achieved)
13
+
14
+ - **RuboCop RSpec**: RSpec-specific linting rules
15
+ - Integrated with main RuboCop configuration
16
+ - Enforces consistent test patterns
17
+
18
+ ### Security
19
+ - **bundler-audit**: Checks for known vulnerabilities in dependencies
20
+ - Update database: `bundle exec bundle-audit update`
21
+ - Check vulnerabilities: `bundle exec bundle-audit check`
22
+ - Run regularly as part of CI/CD and before releases
23
+
24
+ - **Security Best Practices**:
25
+ - Use `YAML.safe_load_file` for configuration parsing
26
+ - Use `Open3.capture*` methods instead of backticks for command execution
27
+ - Validate and sanitize all user inputs (archive names, paths)
28
+ - Prevent path traversal with system directory blacklists
29
+ - Use array syntax for system calls to prevent shell injection
30
+
31
+ ### Testing
32
+ - **RSpec**: Test framework for unit and integration tests
33
+ - Run all tests: `bundle exec rspec`
34
+ - Run with documentation: `bundle exec rspec --format documentation`
35
+ - Target: All tests passing (currently 124 examples, 0 failures)
36
+
37
+ - **Test Coverage**:
38
+ - Unit tests for core classes (Repository, Backup, Config)
39
+ - Integration tests for end-to-end workflows
40
+ - Security tests for input validation and path handling
41
+
42
+ ### Development Workflow
43
+ 1. Make code changes
44
+ 2. Run tests: `bundle exec rspec`
45
+ 3. Run linter: `bundle exec rubocop`
46
+ 4. Check security: `bundle exec bundle-audit check`
47
+ 5. Commit changes with descriptive messages
48
+ 6. Open pull request for review
49
+
50
+ ### Project Structure
51
+ - `lib/ruborg/` - Main source code
52
+ - `cli.rb` - Command-line interface (Thor)
53
+ - `repository.rb` - Borg repository management
54
+ - `backup.rb` - Backup operations
55
+ - `config.rb` - YAML configuration handling
56
+ - `passbolt.rb` - Passbolt integration
57
+ - `logger.rb` - Logging functionality
58
+ - `spec/` - RSpec tests
59
+ - `exe/` - Executable scripts
60
+
61
+ ### Key Features
62
+ - **Multi-repository support**: Manage multiple backup repositories from a single config
63
+ - **Per-file backup mode**: Back up each file as a separate archive with metadata-based retention
64
+ - **Passbolt integration**: Retrieve encryption passphrases from Passbolt
65
+ - **Auto-initialization**: Automatically create repositories if they don't exist
66
+ - **Auto-pruning**: Automatically prune old backups based on retention policies
67
+ - **Logging**: Comprehensive logging to file or stdout