Refactor alert handling and improve SQL query reliability

- Enhanced the `is_alert_duplicate` function in `alertFunctions.sh` to escape single quotes in alert messages, preventing SQL injection issues.
- Updated database password handling to check for both `PGPASSWORD` and `DBPASSWORD`, improving flexibility in authentication.
- Ensured numeric validation for alert count checks, enhancing robustness against unexpected query results.
- Modified multiple monitoring scripts to conditionally check for the availability of the `send_alert` function, ensuring alerts are sent only when the function is defined, improving reliability across the monitoring system.

Author: angoca

bin/lib/alertFunctions.sh

@@ -180,35 +180,43 @@ is_alert_duplicate() {
  local dbport="${DBPORT:-5432}"
  local dbuser="${DBUSER:-postgres}"
 
+ # Escape single quotes in message for SQL
+ local message_escaped="${message//\'/\'\'}"
+
  local query
  query="SELECT COUNT(*) FROM alerts
            WHERE component = '${component}'
              AND alert_type = '${alert_type}'
-             AND message = '${message}'
+             AND message = '${message_escaped}'
              AND status = 'active'
              AND created_at > CURRENT_TIMESTAMP - INTERVAL '${window_minutes} minutes';"
 
  local count
- # Use PGPASSWORD only if set, otherwise let psql use default authentication
- if [[ -n "${PGPASSWORD:-}" ]]; then
-  count=$(PGPASSWORD="${PGPASSWORD}" psql \
+ # Use PGPASSWORD or DBPASSWORD if set, otherwise let psql use default authentication
+ local dbpassword="${PGPASSWORD:-${DBPASSWORD:-}}"
+ if [[ -n "${dbpassword}" ]]; then
+  count=$(PGPASSWORD="${dbpassword}" psql \
    -h "${dbhost}" \
    -p "${dbport}" \
    -U "${dbuser}" \
    -d "${dbname}" \
    -t -A \
-   -c "${query}" 2> /dev/null)
+   -c "${query}" 2> /dev/null || echo "0")
  else
   count=$(psql \
    -h "${dbhost}" \
    -p "${dbport}" \
    -U "${dbuser}" \
    -d "${dbname}" \
    -t -A \
-   -c "${query}" 2> /dev/null)
+   -c "${query}" 2> /dev/null || echo "0")
  fi
 
- if [[ "${count:-0}" -gt 0 ]]; then
+ # Ensure count is numeric and handle empty result
+ count=$(echo "${count}" | tr -d '[:space:]' | grep -E '^[0-9]+$' || echo "0")
+ count=$((count + 0))
+
+ if [[ "${count}" -gt 0 ]]; then
   return 0 # Duplicate
  else
   return 1 # Not duplicate

bin/monitor/checkPlanetNotes.sh

@@ -109,7 +109,7 @@ run_planet_check() {
   if [[ ${duration} -gt ${planet_duration_threshold} ]]; then
    log_warning "${COMPONENT}: Planet check duration (${duration}s) exceeds threshold (${planet_duration_threshold}s)"
    # Only send alert if send_alert function is available
-   if command -v send_alert >/dev/null 2>&1; then
+   if declare -f send_alert >/dev/null 2>&1 || command -v send_alert >/dev/null 2>&1; then
     send_alert "${COMPONENT}" "WARNING" "planet_check_duration" "Planet Notes check took too long: ${duration}s (threshold: ${planet_duration_threshold}s)" || true
    fi
   fi
@@ -118,12 +118,12 @@ run_planet_check() {
  else
   log_error "${COMPONENT}: Planet Notes check failed (exit_code: ${exit_code}, duration: ${duration}s)"
   # Record metrics (don't fail if record_metric is not available or fails)
-  if command -v record_metric >/dev/null 2>&1; then
+  if declare -f record_metric >/dev/null 2>&1 || command -v record_metric >/dev/null 2>&1; then
    record_metric "${COMPONENT}" "planet_check_status" "0" "component=ingestion,check=processCheckPlanetNotes" || true
    record_metric "${COMPONENT}" "planet_check_duration" "${duration}" "component=ingestion,check=processCheckPlanetNotes" || true
   fi
   # Only send alert if send_alert function is available
-  if command -v send_alert >/dev/null 2>&1; then
+  if declare -f send_alert >/dev/null 2>&1 || command -v send_alert >/dev/null 2>&1; then
    send_alert "${COMPONENT}" "ERROR" "planet_check_failed" "Planet Notes check failed: exit_code=${exit_code}" || true
   fi
   return 1

bin/monitor/monitorIngestion.sh

@@ -311,7 +311,7 @@ check_error_rate() {
  local error_count_threshold="${INGESTION_ERROR_COUNT_THRESHOLD:-1000}"
  if [[ ${error_lines} -gt ${error_count_threshold} ]]; then
   log_warning "${COMPONENT}: Error count (${error_lines}) exceeds threshold (${error_count_threshold})"
-  if command -v send_alert >/dev/null 2>&1; then
+  if declare -f send_alert >/dev/null 2>&1 || command -v send_alert >/dev/null 2>&1; then
    send_alert "${COMPONENT}" "WARNING" "error_rate" "High error count detected: ${error_lines} errors in 24h (threshold: ${error_count_threshold})" || true
   fi
  fi
@@ -320,7 +320,7 @@ check_error_rate() {
  local warning_count_threshold="${INGESTION_WARNING_COUNT_THRESHOLD:-2000}"
  if [[ ${warning_lines} -gt ${warning_count_threshold} ]]; then
   log_warning "${COMPONENT}: Warning count (${warning_lines}) exceeds threshold (${warning_count_threshold})"
-  if command -v send_alert >/dev/null 2>&1; then
+  if declare -f send_alert >/dev/null 2>&1 || command -v send_alert >/dev/null 2>&1; then
    send_alert "${COMPONENT}" "INFO" "warning_rate" "High warning count detected: ${warning_lines} warnings in 24h (threshold: ${warning_count_threshold})" || true
   fi
  fi
@@ -329,7 +329,7 @@ check_error_rate() {
  local max_error_rate="${INGESTION_MAX_ERROR_RATE:-5}"
  if [[ ${error_rate} -gt ${max_error_rate} ]]; then
   log_warning "${COMPONENT}: Error rate (${error_rate}%) exceeds threshold (${max_error_rate}%)"
-  if command -v send_alert >/dev/null 2>&1; then
+  if declare -f send_alert >/dev/null 2>&1 || command -v send_alert >/dev/null 2>&1; then
    send_alert "${COMPONENT}" "WARNING" "error_rate" "High error rate detected: ${error_rate}% (threshold: ${max_error_rate}%, errors: ${error_lines}/${total_lines})" || true
   fi
   return 1
@@ -339,7 +339,7 @@ check_error_rate() {
 local warning_rate_threshold="${INGESTION_WARNING_RATE_THRESHOLD:-15}"
 if [[ ${warning_rate} -gt ${warning_rate_threshold} ]]; then
  log_warning "${COMPONENT}: Warning rate (${warning_rate}%) exceeds threshold (${warning_rate_threshold}%)"
- if command -v send_alert >/dev/null 2>&1; then
+ if declare -f send_alert >/dev/null 2>&1 || command -v send_alert >/dev/null 2>&1; then
   send_alert "${COMPONENT}" "WARNING" "warning_rate" "High warning rate detected: ${warning_rate}% (threshold: ${warning_rate_threshold}%, warnings: ${warning_lines}/${total_lines})" || true
  fi
 fi

bin/monitor/monitorWMS.sh

@@ -371,7 +371,7 @@ check_error_rate() {
 # Alert if error rate exceeds threshold
 if [[ ${error_rate} -gt ${threshold} ]]; then
  log_warning "${COMPONENT}: Error rate (${error_rate}%) exceeds threshold (${threshold}%)"
- if command -v send_alert >/dev/null 2>&1; then
+ if declare -f send_alert >/dev/null 2>&1 || command -v send_alert >/dev/null 2>&1; then
   send_alert "${COMPONENT}" "WARNING" "error_rate_exceeded" "WMS error rate (${error_rate}%) exceeds threshold (${threshold}%, errors: ${error_count}, requests: ${total_requests})" || true
  fi
  return 1

bin/security/ipBlocking.sh

@@ -9,12 +9,17 @@
 
 set -euo pipefail
 
-SCRIPT_DIR=""
-SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
-readonly SCRIPT_DIR
-PROJECT_ROOT=""
-PROJECT_ROOT="$(dirname "$(dirname "${SCRIPT_DIR}")")"
-readonly PROJECT_ROOT
+# Only set SCRIPT_DIR if not already set (allows sourcing multiple times)
+if [[ -z "${SCRIPT_DIR:-}" ]]; then
+ SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+ readonly SCRIPT_DIR
+fi
+
+# Only set PROJECT_ROOT if not already set (allows sourcing multiple times)
+if [[ -z "${PROJECT_ROOT:-}" ]]; then
+ PROJECT_ROOT="$(dirname "$(dirname "${SCRIPT_DIR}")")"
+ readonly PROJECT_ROOT
+fi
 
 # Source libraries
 # shellcheck disable=SC1091

tests/integration/test_alert_delivery_complete.sh

@@ -9,14 +9,25 @@
 
 set -euo pipefail
 
-SCRIPT_DIR=""
-SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
-readonly SCRIPT_DIR
-PROJECT_ROOT=""
-PROJECT_ROOT="$(dirname "$(dirname "${SCRIPT_DIR}")")"
-# Remove trailing slash if present
-PROJECT_ROOT="${PROJECT_ROOT%/}"
-readonly PROJECT_ROOT
+# Only set SCRIPT_DIR if not already set (allows sourcing multiple times)
+if [[ -z "${SCRIPT_DIR:-}" ]]; then
+ SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+ readonly SCRIPT_DIR
+fi
+
+# Only set PROJECT_ROOT if not already set (allows sourcing multiple times)
+if [[ -z "${PROJECT_ROOT:-}" ]]; then
+ PROJECT_ROOT="$(dirname "$(dirname "${SCRIPT_DIR}")")"
+ # Remove trailing slash if present
+ PROJECT_ROOT="${PROJECT_ROOT%/}"
+ readonly PROJECT_ROOT
+fi
+
+# Validate PROJECT_ROOT exists
+if [[ ! -d "${PROJECT_ROOT}/bin/lib" ]]; then
+ echo "Error: Cannot find PROJECT_ROOT. SCRIPT_DIR=${SCRIPT_DIR}, PROJECT_ROOT=${PROJECT_ROOT}" >&2
+ exit 1
+fi
 
 # Source libraries
 # shellcheck disable=SC1091

tests/integration/test_database_integration.sh

@@ -154,19 +154,19 @@ skip_if_database_not_available() {
     # Step 1: Record metric
     record_metric "ingestion" "timestamp_test" "100" "test=timestamp"
 
-    # Step 2: Get timestamp
-    local metric_timestamp
-    metric_timestamp=$(psql -h "${DBHOST}" -p "${DBPORT}" -U "${DBUSER}" -d "${DBNAME}" -t -c \
-        "SELECT timestamp FROM metrics WHERE component = 'ingestion' AND metric_name = 'timestamp_test' ORDER BY timestamp DESC LIMIT 1;" 2>/dev/null | tr -d ' ' || echo "")
+    # Step 2: Get timestamp as Unix epoch (more reliable than parsing date strings)
+    local metric_time
+    metric_time=$(psql -h "${DBHOST}" -p "${DBPORT}" -U "${DBUSER}" -d "${DBNAME}" -t -c \
+        "SELECT EXTRACT(EPOCH FROM timestamp)::bigint FROM metrics WHERE component = 'ingestion' AND metric_name = 'timestamp_test' ORDER BY timestamp DESC LIMIT 1;" 2>/dev/null | tr -d '[:space:]' || echo "0")
 
     # Step 3: Verify timestamp is recent (within last minute)
     local current_time
     current_time=$(date +%s)
-    local metric_time
-    metric_time=$(date -d "${metric_timestamp}" +%s 2>/dev/null || echo "0")
     local time_diff
     time_diff=$((current_time - metric_time))
 
+    # Ensure metric_time is valid (greater than 0) and recent
+    assert [ "${metric_time}" -gt 0 ]
     assert [ "${time_diff}" -lt 60 ]
 }
 

tests/integration/test_monitorAnalytics_integration.sh

@@ -14,7 +14,7 @@
 # Test configuration - set before loading test_helper
 export TEST_COMPONENT="ANALYTICS"
 export TEST_DB_NAME="${TEST_DB_NAME:-osm_notes_monitoring_test}"
-export TEST_ANALYTICS_DB_NAME="${TEST_ANALYTICS_DB_NAME:-analytics_test}"
+export TEST_ANALYTICS_DB_NAME="${TEST_ANALYTICS_DB_NAME:-osm_notes_monitoring_test}"
 
 load "${BATS_TEST_DIRNAME}/../test_helper.bash"
 

tests/integration/test_monitorData_integration.sh

@@ -6,7 +6,7 @@
 # shellcheck disable=SC2030,SC2031
 # SC2030/SC2031: Variables modified in subshells are expected in BATS tests
 
-export TEST_DB_NAME="test_monitor_data"
+export TEST_DB_NAME="${TEST_DB_NAME:-osm_notes_monitoring_test}"
 load "${BATS_TEST_DIRNAME}/../test_helper.bash"
 
 # Test directories

tests/integration/test_monitorInfrastructure_integration.sh

@@ -6,7 +6,7 @@
 # shellcheck disable=SC2030,SC2031
 # SC2030/SC2031: Variables modified in subshells are expected in BATS tests
 
-export TEST_DB_NAME="test_monitor_infrastructure"
+export TEST_DB_NAME="${TEST_DB_NAME:-osm_notes_monitoring_test}"
 load "${BATS_TEST_DIRNAME}/../test_helper.bash"
 
 # Test directories