Andras Bacsai 64753b4136 fix(database): prevent command injection in healthcheck via CMD exec-form ... Replace CMD-SHELL string interpolation with CMD exec-form arrays in healthcheck configs for PostgreSQL, Dragonfly, KeyDB, and ClickHouse. CMD-SHELL passes the string to /bin/sh -c, allowing command injection through user-controlled fields (username, password, dbname). CMD exec-form bypasses the shell entirely — each value is a discrete argv element. Fixes GHSA-gvc4-f276-r88p. Adds regression tests covering semicolon, pipe, backtick, $(), background operator, redirect, newline, and null-byte injection vectors.		2026-04-20 13:17:15 +02:00
..
RestartDatabase.php	Fix database restart to skip unnecessary Docker cleanup	2025-11-20 17:15:45 +01:00
StartClickhouse.php	fix(database): prevent command injection in healthcheck via CMD exec-form	2026-04-20 13:17:15 +02:00
StartDatabase.php	Revert "rector: arrrrr"	2025-01-07 15:31:43 +01:00
StartDatabaseProxy.php	Merge remote-tracking branch 'origin/next' into fix/configurable-proxy-timeout	2026-03-10 10:01:46 +01:00
StartDragonfly.php	fix(database): prevent command injection in healthcheck via CMD exec-form	2026-04-20 13:17:15 +02:00
StartKeydb.php	fix(database): prevent command injection in healthcheck via CMD exec-form	2026-04-20 13:17:15 +02:00
StartMariadb.php	fix(database): use && instead of || for conf null/empty checks	2026-04-20 13:12:16 +02:00
StartMongodb.php	fix(docker): migrate database start actions from --time to -t flag	2025-11-28 11:18:12 +01:00
StartMysql.php	fix(database): use && instead of || for conf null/empty checks	2026-04-20 13:12:16 +02:00
StartPostgresql.php	fix(database): prevent command injection in healthcheck via CMD exec-form	2026-04-20 13:17:15 +02:00
StartRedis.php	fix(database): use && instead of || for conf null/empty checks	2026-04-20 13:12:16 +02:00
StopDatabase.php	fix(restart): reset restart count when resource is manually stopped	2025-12-27 15:21:19 +01:00
StopDatabaseProxy.php	chore: prepare for PR	2026-02-03 15:32:03 +01:00