rosslh/coolify
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
coolify/app
History
Andras Bacsai 817128c5af refactor(validation): tokenize shell-safe command pattern 
Replace the flat character-class regex for SHELL_SAFE_COMMAND_PATTERN with
a token-aware alternation. The parser now recognizes explicit tokens
(`&&`, `||`, balanced single/double quotes, whitespace, and an unquoted
safe-char run) instead of a bag of characters, which lets us extend the
accepted grammar without loosening the guarantees.

New surface area, with tests:
- logical OR chaining (`make build || make clean`)
- shell globs and bang (`rm *.tmp`, `cp src/?.js dist/`, `! grep -q foo`)
- single-quoted arguments are now treated as balanced runs rather than
  rejected per-character

Preserved surface area:
- && chaining, balanced "..." and '...' quotes, the previous safe path /
  argument characters, and the existing error-path contract in
  ApplicationDeploymentJob::validateShellSafeCommand().

Also refreshes the user-facing validation messages in General.php so the
allow/deny list shown on failure matches the new grammar.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-04-20 22:00:41 +02:00
..
Actions fix(database): tighten Postgres init script filename handling 2026-04-20 21:26:34 +02:00
Console feat(security): support expiration on API tokens with warning notifications 2026-04-20 14:28:38 +02:00
Contracts refactor: streamline job status retrieval and clean up repository interface 2025-01-10 19:53:13 +01:00
Data refactor: simplify remote process chain and harden ActivityMonitor 2026-03-26 13:26:16 +01:00
Enums Add new role enum and apply authorization 2024-10-28 17:08:24 +01:00
Events Make proxy restart run as background job to prevent localhost lockout 2025-12-03 10:30:12 +01:00
Exceptions feat(api): Improve OpenAPI spec and add rate limit handling for Hetzner 2025-12-11 12:12:43 +01:00
Helpers fix(ssh): handle chmod failures gracefully and simplify key management 2026-03-16 21:27:10 +01:00
Http fix(database): enforce credential format validation and sanitize init/SSL arguments 2026-04-20 13:58:36 +02:00
Jobs feat(security): support expiration on API tokens with warning notifications 2026-04-20 14:28:38 +02:00
Listeners fix(proxy): defer UI refresh until Traefik version check completes 2025-12-27 15:16:58 +01:00
Livewire refactor(validation): tokenize shell-safe command pattern 2026-04-20 22:00:41 +02:00
Models refactor(auth): upgrade email verification hash to sha256 2026-04-20 12:09:48 +02:00
Notifications feat(security): support expiration on API tokens with warning notifications 2026-04-20 14:28:38 +02:00
Policies chore: prepare for PR 2026-02-25 11:18:46 +01:00
Providers refactor(api): validate and throttle feedback endpoint 2026-04-19 14:41:47 +02:00
Repositories refactor: streamline job status retrieval and clean up repository interface 2025-01-10 19:53:13 +01:00
Rules refactor(storage): tighten S3 endpoint URL validation 2026-04-20 11:50:19 +02:00
Services refactor: remove verbose logging and use explicit exception types 2026-03-20 15:57:26 +01:00
Support refactor(validation): tokenize shell-safe command pattern 2026-04-20 22:00:41 +02:00
Traits feat(security): support expiration on API tokens with warning notifications 2026-04-20 14:28:38 +02:00
View/Components feat(forms): make textarea monospace opt-in and improve multiline toggle 2026-03-31 15:37:42 +02:00