rosslh/coolify
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix: prevent command injection and fix developer view shared variables error (#8889)

Browse source
This commit is contained in:
Andras Bacsai 2026-03-11 06:42:12 +01:00 committed by GitHub
commit 96b35bd2d8
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
4 changed files with 88 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
app/Livewire/SharedVariables/Environment/Show.php
View file

@ -139,7 +139,9 @@ private function deleteRemovedVariables($variables)
private function updateOrCreateVariables($variables) private function updateOrCreateVariables($variables)
{ {
$count = 0; $count = 0;
foreach ($variables as $key => $value) { foreach ($variables as $key => $data) {
$value = is_array($data) ? ($data['value'] ?? '') : $data;
$found = $this->environment->environment_variables()->where('key', $key)->first(); $found = $this->environment->environment_variables()->where('key', $key)->first();
if ($found) { if ($found) {

4
app/Livewire/SharedVariables/Project/Show.php
View file

@ -130,7 +130,9 @@ private function deleteRemovedVariables($variables)
private function updateOrCreateVariables($variables) private function updateOrCreateVariables($variables)
{ {
$count = 0; $count = 0;
foreach ($variables as $key => $value) { foreach ($variables as $key => $data) {
$value = is_array($data) ? ($data['value'] ?? '') : $data;
$found = $this->project->environment_variables()->where('key', $key)->first(); $found = $this->project->environment_variables()->where('key', $key)->first();
if ($found) { if ($found) {

4
app/Livewire/SharedVariables/Team/Index.php
View file

@ -129,7 +129,9 @@ private function deleteRemovedVariables($variables)
private function updateOrCreateVariables($variables) private function updateOrCreateVariables($variables)
{ {
$count = 0; $count = 0;
foreach ($variables as $key => $value) { foreach ($variables as $key => $data) {
$value = is_array($data) ? ($data['value'] ?? '') : $data;
$found = $this->team->environment_variables()->where('key', $key)->first(); $found = $this->team->environment_variables()->where('key', $key)->first();
if ($found) { if ($found) {

79
tests/Feature/SharedVariableDevViewTest.php Normal file
View file

@ -0,0 +1,79 @@
<?php
use App\Models\Environment;
use App\Models\Project;
use App\Models\SharedEnvironmentVariable;
use App\Models\Team;
use App\Models\User;
use Illuminate\Foundation\Testing\RefreshDatabase;
use Livewire\Livewire;
uses(RefreshDatabase::class);
beforeEach(function () {
$this->user = User::factory()->create();
$this->team = Team::factory()->create();
$this->user->teams()->attach($this->team, ['role' => 'admin']);
$this->project = Project::factory()->create(['team_id' => $this->team->id]);
$this->environment = Environment::factory()->create([
'project_id' => $this->project->id,
]);
$this->actingAs($this->user);
session(['currentTeam' => $this->team]);
});
test('environment shared variable dev view saves without openssl_encrypt error', function () {
Livewire::test(\App\Livewire\SharedVariables\Environment\Show::class)
->set('variables', "MY_VAR=my_value\nANOTHER_VAR=another_value")
->call('submit')
->assertHasNoErrors();
$vars = $this->environment->environment_variables()->pluck('value', 'key')->toArray();
expect($vars)->toHaveKey('MY_VAR')
->and($vars['MY_VAR'])->toBe('my_value')
->and($vars)->toHaveKey('ANOTHER_VAR')
->and($vars['ANOTHER_VAR'])->toBe('another_value');
});
test('project shared variable dev view saves without openssl_encrypt error', function () {
Livewire::test(\App\Livewire\SharedVariables\Project\Show::class)
->set('variables', 'PROJ_VAR=proj_value')
->call('submit')
->assertHasNoErrors();
$vars = $this->project->environment_variables()->pluck('value', 'key')->toArray();
expect($vars)->toHaveKey('PROJ_VAR')
->and($vars['PROJ_VAR'])->toBe('proj_value');
});
test('team shared variable dev view saves without openssl_encrypt error', function () {
Livewire::test(\App\Livewire\SharedVariables\Team\Index::class)
->set('variables', 'TEAM_VAR=team_value')
->call('submit')
->assertHasNoErrors();
$vars = $this->team->environment_variables()->pluck('value', 'key')->toArray();
expect($vars)->toHaveKey('TEAM_VAR')
->and($vars['TEAM_VAR'])->toBe('team_value');
});
test('environment shared variable dev view updates existing variable', function () {
SharedEnvironmentVariable::create([
'key' => 'EXISTING_VAR',
'value' => 'old_value',
'type' => 'environment',
'environment_id' => $this->environment->id,
'project_id' => $this->project->id,
'team_id' => $this->team->id,
]);
Livewire::test(\App\Livewire\SharedVariables\Environment\Show::class)
->set('variables', 'EXISTING_VAR=new_value')
->call('submit')
->assertHasNoErrors();
$var = $this->environment->environment_variables()->where('key', 'EXISTING_VAR')->first();
expect($var->value)->toBe('new_value');
});