- Fix container filtering to properly distinguish base deployments (pullRequestId=0) from PR deployments
- Add deployment cancellation when PR closes via webhook to prevent race conditions
- Prevent CleanupHelperContainersJob from killing active deployment containers
- Enhance error messages with exit codes and actual errors instead of vague "Oops" messages
- Protect status transitions in finally blocks to ensure proper job failure handling
This commit addresses a critical security issue where malicious Docker Compose
data was being saved to the database before validation occurred.
Problem:
- Service models were saved to database first
- Validation ran afterwards during parse()
- Malicious data persisted even when validation failed
- User saw error but damage was already done
Solution:
1. Created validateDockerComposeForInjection() to validate YAML before save
2. Added pre-save validation to all Service creation/update points:
- Livewire: DockerCompose.php, StackForm.php
- API: ServicesController.php (create, update, one-click)
3. Validates service names and volume paths (string + array formats)
4. Blocks shell metacharacters: backticks, $(), |, ;, &, >, <, newlines
Security fixes:
- Volume source paths (string format) - validated before save
- Volume source paths (array format) - validated before save
- Service names - validated before save
- Environment variable patterns - safe ${VAR} allowed, ${VAR:-$(cmd)} blocked
Testing:
- 60 security tests pass (176 assertions)
- PreSaveValidationTest.php: 15 tests for pre-save validation
- ValidateShellSafePathTest.php: 15 tests for core validation
- VolumeSecurityTest.php: 15 tests for volume parsing
- ServiceNameSecurityTest.php: 15 tests for service names
Related commits:
- Previous: Added validation during parse() phase
- This commit: Moves validation before database save
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Replace manual regex parsing with DockerImageParser in ApplicationsController
- Fix double-decoration bug where image names like nginx@sha256:hash would
become nginx:hash@sha256 causing malformed references
- Add auto-parse feature in Livewire DockerImage component
- Users can now paste complete references like nginx:stable@sha256:abc123...
and fields auto-populate
- Update UI placeholder with examples: nginx, docker.io/nginx:latest,
ghcr.io/user/app:v1.2.3, nginx:stable@sha256:abc123...
- Add comprehensive unit tests for auto-parse functionality
- All tests passing (20 tests, 73 assertions)
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Fixes#6847
The API endpoints for environment variables were rejecting valid fields
like is_buildtime, is_runtime, is_multiline, and is_shown_once with
422 errors, even though the code was using these fields internally.
Changes:
- Added missing fields to $allowedFields in create_env()
- Added missing fields to $allowedFields in update_env_by_uuid()
- Updated allowed fields in create_bulk_envs()
- Added validation rules for is_runtime and is_buildtime
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Enhanced logic to process Docker image name and tag, including stripping 'sha256:' prefix and removing '@sha256' suffix.
- Implemented validation to check for valid SHA256 hashes and conditionally append '@sha256' to the image name.
- Defaulted the image tag to 'latest' if not provided, improving user experience and data integrity.
- Replace OA\Schema with OA\Items for array items in DatabasesController
- Replace OA\Items with OA\Schema for array type properties in GithubController
- Update generated OpenAPI documentation files (openapi.json and openapi.yaml)
- Modified the update_by_uuid method to use only the specified allowed fields from the request for database updates, enhancing data integrity and security.
- Changed security scheme from 'api_token' to 'bearerAuth' for the update and delete GitHub app endpoints.
- Ensured consistent authentication handling across GitHub app operations.
- Added authorization checks for updating and deleting backups in DatabasesController.
- Implemented validation for S3 storage UUID when saving backups, ensuring it belongs to the current team.
- Improved error handling during backup deletion with transaction management for better data integrity.
- Modified backup retrieval logic in DatabasesController to utilize the new ownedByCurrentTeamAPI method for improved access control based on team ID.
- Enhanced code consistency and maintainability by centralizing team-based filtering in the ScheduledDatabaseBackup model.
- Updated backup retrieval logic in DatabasesController to utilize the new ownedByCurrentTeam method for improved access control.
- Enhanced code readability and maintainability by centralizing team-based filtering in the ScheduledDatabaseBackup model.
- Modified backup configuration queries in the DatabasesController to filter by team ID, ensuring proper access control.
- Enhanced S3 storage retrieval to use the current team context for better data integrity.
- Added a relationship method in ScheduledDatabaseBackup model to associate backups with teams.
- Removed obsolete backup-related parameters from the OpenAPI specification in the DatabasesController.
- Streamlined the API documentation to enhance clarity and focus on current functionality.
- Updated validation rules for 'custom_user' and 'custom_port' fields to be nullable in the GithubController.
- Refactored API request handling in GithubController, GithubPrivateRepository, and helper functions to use a consistent Http::GitHub method with timeout and retry logic.
- Improved error handling for repository and branch loading processes.
- Implemented endpoints to update and delete GitHub apps in the GithubController.
- Added OpenAPI annotations for the new endpoints, including request and response specifications.
- Removed the 'is_public' field from the app creation and update processes, defaulting it to false.
- Enhanced validation for update requests to ensure proper data handling.
- Implemented a new GithubController with endpoints to create GitHub apps, load repositories, and fetch branches for a given repository.
- Added OpenAPI annotations for API documentation.
- Included validation for incoming requests and error handling for various scenarios.
- Refactored backup configuration retrieval and update logic to use UUIDs instead of IDs.
- Added new endpoint to list backup executions for a specific backup configuration.
- Improved error handling and validation for backup operations.
- Updated API documentation to reflect changes in parameter names and descriptions.
- Introduced `ValidGitRepositoryUrl` and `ValidGitBranch` validation rules to ensure safe and valid input for Git repository URLs and branch names.
- Updated relevant Livewire components and API controllers to utilize the new validation rules, enhancing security against command injection and invalid inputs.
- Refactored existing validation logic to improve consistency and maintainability across the application.
- Introduced `ValidationPatterns` class to standardize validation rules and messages for name and description fields across the application.
- Updated various components and models to utilize the new validation patterns, ensuring consistent sanitization and validation logic.
- Replaced the `HasSafeNameAttribute` trait with `HasSafeStringAttribute` to enhance attribute handling and maintain consistency in name sanitization.
- Enhanced the `CleanupNames` command to align with the new validation rules, allowing for a broader range of valid characters in names.
- Introduced `CleanupNames` command to sanitize name fields by removing invalid characters, ensuring only letters, numbers, spaces, dashes, underscores, and dots are retained.
- Implemented options for dry run, model-specific cleaning, database backup, and forced execution.
- Updated `Init` command to call the new `cleanup:names` command.
- Enhanced project and environment validation to enforce name sanitization rules.
- Added `HasSafeNameAttribute` trait to relevant models for consistent name handling.
