rosslh/coolify
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
coolify/app/Livewire/Project
History
Andras Bacsai a1c30cb0e7 fix(git-ref-validation): prevent command injection via git references 
Add validateGitRef() helper function that uses an allowlist approach to prevent
OS command injection through git commit SHAs, branch names, and tags. Only allows
alphanumeric characters, dots, hyphens, underscores, and slashes.

Changes include:
- Add validateGitRef() helper in bootstrap/helpers/shared.php
- Apply validation in Rollback component when accepting rollback commit
- Add regex validation to git commit SHA fields in Livewire components
- Apply regex validation to API rules for git_commit_sha
- Use escapeshellarg() in git log and git checkout commands
- Add comprehensive unit tests covering injection payloads

Addresses GHSA-mw5w-2vvh-mgf4
2026-03-10 22:22:48 +01:00
..
Application fix(git-ref-validation): prevent command injection via git references 2026-03-10 22:22:48 +01:00
Database Merge remote-tracking branch 'origin/next' into fix/database-import-modal-not-closing-v2 2026-03-10 10:38:10 +01:00
New Merge remote-tracking branch 'origin/next' into env-var-descriptions 2026-02-28 00:09:54 +01:00
Resource fix: optimize queries and caching for projects and environments 2026-01-16 11:51:26 +01:00
Service fix(proxy): add validation and normalization for database proxy timeout 2026-03-10 09:59:19 +01:00
Shared Merge remote-tracking branch 'origin/next' into env-var-descriptions 2026-02-28 00:09:54 +01:00
AddEmpty.php fix(project): update redirect logic after resource creation to include environment UUID 2025-10-07 20:46:32 +02:00
CloneMe.php fix(clone): update destinations method call to ensure correct retrieval of selected destination 2025-09-18 13:44:56 +02:00
DeleteEnvironment.php refactor(redirect): replace redirect calls with redirectRoute helper for consistency 2025-12-26 13:29:59 +01:00
DeleteProject.php refactor(redirect): replace redirect calls with redirectRoute helper for consistency 2025-12-26 13:29:59 +01:00
Edit.php feat(validation): centralize validation patterns for names and descriptions 2025-08-19 12:14:48 +02:00
EnvironmentEdit.php refactor(redirect): replace redirect calls with redirectRoute helper for consistency 2025-12-26 13:29:59 +01:00
Index.php refactor: replace queries with cached versions for performance improvements 2025-12-08 13:39:33 +01:00
Show.php refactor(redirect): replace redirect calls with redirectRoute helper for consistency 2025-12-26 13:29:59 +01:00