rosslh/coolify
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
coolify/tests
History
Andras Bacsai 64753b4136 fix(database): prevent command injection in healthcheck via CMD exec-form 
Replace CMD-SHELL string interpolation with CMD exec-form arrays in
healthcheck configs for PostgreSQL, Dragonfly, KeyDB, and ClickHouse.

CMD-SHELL passes the string to /bin/sh -c, allowing command injection
through user-controlled fields (username, password, dbname). CMD
exec-form bypasses the shell entirely — each value is a discrete argv
element.

Fixes GHSA-gvc4-f276-r88p.

Adds regression tests covering semicolon, pipe, backtick, $(),
background operator, redirect, newline, and null-byte injection vectors.
2026-04-20 13:17:15 +02:00
..
Browser test: add dashboard test and improve browser test coverage 2026-02-11 16:37:40 +01:00
Feature refactor(cli): validate --date and escape shell args on logs:scheduled 2026-04-20 12:09:48 +02:00
Traits test: setup database for upcoming tests 2024-12-04 12:43:52 +01:00
Unit fix(database): prevent command injection in healthcheck via CMD exec-form 2026-04-20 13:17:15 +02:00
v4 fix(models): replace forceFill/forceCreate with fill/create and add fillable guards 2026-03-31 13:45:31 +02:00
CreatesApplication.php Fix styling 2024-06-10 20:43:34 +00:00
DuskTestCase.php Refactor DuskTestCase.php to use a hardcoded base URL 2024-10-17 21:26:06 +02:00
Pest.php test: add Pest browser testing with SQLite :memory: schema 2026-02-11 15:25:47 +01:00
TestCase.php init of v4 🌮 2023-03-17 15:33:48 +01:00