rosslh/coolify
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
coolify/app/Actions/Server
History
Andras Bacsai 096d4369e5 fix(sentinel): add token validation to prevent command injection 
Add validation to ensure sentinel tokens contain only safe characters
(alphanumeric, dots, hyphens, underscores, plus, forward slash, equals),
preventing OS command injection vulnerabilities when tokens are
interpolated into shell commands.

- Add ServerSetting::isValidSentinelToken() validation method
- Validate tokens in StartSentinel action and metrics queries
- Improve shell argument escaping with escapeshellarg()
- Add comprehensive test coverage for token validation
2026-03-10 22:19:19 +01:00
..
CheckUpdates.php Add Arch Linux server support and fix package sanitization 2025-12-08 09:02:00 +01:00
CleanupDocker.php chore: prepare for PR 2026-03-10 18:32:19 +01:00
ConfigureCloudflared.php Revert "refactor(file-transfer): replace base64 encoding with direct file transfer method across multiple database actions for improved clarity and efficiency" 2025-09-15 17:55:08 +02:00
DeleteServer.php feat: implement Hetzner deletion failure notification system with email and messaging support 2025-10-10 09:35:58 +02:00
InstallDocker.php chore: prepare for PR 2026-02-25 12:00:24 +01:00
InstallPrerequisites.php Add Arch Linux server support and fix package sanitization 2025-12-08 09:02:00 +01:00
ResourcesCheck.php Revert "rector: arrrrr" 2025-01-07 15:31:43 +01:00
RestartContainer.php fix: restart sentinel once a day 2024-10-29 10:28:05 +01:00
RunCommand.php Inline many variables. 2024-10-31 18:20:11 +01:00
StartLogDrain.php Revert "refactor(file-transfer): replace base64 encoding with direct file transfer method across multiple database actions for improved clarity and efficiency" 2025-09-15 17:55:08 +02:00
StartSentinel.php fix(sentinel): add token validation to prevent command injection 2026-03-10 22:19:19 +01:00
StopLogDrain.php Revert "rector: arrrrr" 2025-01-07 15:31:43 +01:00
StopSentinel.php pint 2024-10-17 22:08:23 +02:00
UpdateCoolify.php Add human-friendly output to upgrade script 2025-12-12 15:18:57 +01:00
UpdatePackage.php Add package validation guard and make pacman idempotent 2025-12-08 09:17:24 +01:00
ValidatePrerequisites.php feat: enhance prerequisite validation to return detailed results 2025-11-21 13:14:48 +01:00
ValidateServer.php feat: enhance prerequisite validation to return detailed results 2025-11-21 13:14:48 +01:00