fix: Escape container name in orphaned PR cleanup job
Add shell escaping with escapeshellarg() for container names in the docker rm command to prevent command injection. Also add validation to skip containers with missing names and log a warning. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
This commit is contained in:
Andras Bacsai
parent
86a02a12e6
commit
ebac90097a
1 changed files with 13 additions and 1 deletions
|
|
@ -179,6 +179,16 @@ private function isOrphanedContainer($container): bool
|
|||
private function removeContainer($container, Server $server): void
|
||||
{
|
||||
$containerName = data_get($container, 'Names');
|
||||
|
||||
if (empty($containerName)) {
|
||||
Log::warning('CleanupOrphanedPreviewContainersJob - Cannot remove container: missing container name', [
|
||||
'container_data' => $container,
|
||||
'server' => $server->name,
|
||||
]);
|
||||
|
||||
return;
|
||||
}
|
||||
|
||||
$applicationId = $this->extractApplicationId($container);
|
||||
$pullRequestId = $this->extractPullRequestId($container);
|
||||
|
||||
|
|
@ -189,9 +199,11 @@ private function removeContainer($container, Server $server): void
|
|||
'server' => $server->name,
|
||||
]);
|
||||
|
||||
$escapedContainerName = escapeshellarg($containerName);
|
||||
|
||||
try {
|
||||
instant_remote_process(
|
||||
["docker rm -f {$containerName}"],
|
||||
["docker rm -f {$escapedContainerName}"],
|
||||
$server,
|
||||
false
|
||||
);
|
||||
|
|
|
|||
Loading…
Reference in a new issue