coolify

rosslh/coolify

Fork 0

Commit graph

Author	SHA1	Message	Date
Andras Bacsai	952f324797	fix(backup): use escapeshellarg for credentials in database backup commands Apply proper shell escaping to all user-controlled values interpolated into backup shell commands (PostgreSQL username/password, MySQL/MariaDB root password, MongoDB URI). Also URL-encode MongoDB credentials before embedding in connection URI. Adds unit tests for escaping behavior. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-25 23:43:57 +01:00
Andras Bacsai	99043600ee	fix(backup): validate MongoDB collection names in backup input Add validateDatabasesBackupInput() helper that properly parses all database backup formats including MongoDB's "db:col1,col2\|db2:col3" and validates each component individually. - Validate and escape collection names in DatabaseBackupJob - Replace comma-only split in BackupEdit with format-aware validation - Add input validation in API create_backup and update_backup endpoints - Add unit tests for collection name and multi-format validation Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-25 16:52:06 +01:00
Andras Bacsai	0073d045fb	fix: enhance security by validating and escaping database names, file paths, and proxy configuration filenames to prevent command injection	2025-11-27 14:36:31 +01:00

Author

SHA1

Message

Date

Andras Bacsai

952f324797

fix(backup): use escapeshellarg for credentials in database backup commands

Apply proper shell escaping to all user-controlled values interpolated into
backup shell commands (PostgreSQL username/password, MySQL/MariaDB root
password, MongoDB URI). Also URL-encode MongoDB credentials before embedding
in connection URI. Adds unit tests for escaping behavior.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

2026-03-25 23:43:57 +01:00

Andras Bacsai

99043600ee

fix(backup): validate MongoDB collection names in backup input

Add validateDatabasesBackupInput() helper that properly parses all
database backup formats including MongoDB's "db:col1,col2|db2:col3"
and validates each component individually.

- Validate and escape collection names in DatabaseBackupJob
- Replace comma-only split in BackupEdit with format-aware validation
- Add input validation in API create_backup and update_backup endpoints
- Add unit tests for collection name and multi-format validation

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

2026-03-25 16:52:06 +01:00

Andras Bacsai

0073d045fb

fix: enhance security by validating and escaping database names, file paths, and proxy configuration filenames to prevent command injection

2025-11-27 14:36:31 +01:00

3 commits