rosslh/coolify
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
coolify/tests
History
Andras Bacsai a1c30cb0e7 fix(git-ref-validation): prevent command injection via git references 
Add validateGitRef() helper function that uses an allowlist approach to prevent
OS command injection through git commit SHAs, branch names, and tags. Only allows
alphanumeric characters, dots, hyphens, underscores, and slashes.

Changes include:
- Add validateGitRef() helper in bootstrap/helpers/shared.php
- Apply validation in Rollback component when accepting rollback commit
- Add regex validation to git commit SHA fields in Livewire components
- Apply regex validation to API rules for git_commit_sha
- Use escapeshellarg() in git log and git checkout commands
- Add comprehensive unit tests covering injection payloads

Addresses GHSA-mw5w-2vvh-mgf4
2026-03-10 22:22:48 +01:00
..
Browser test: add dashboard test and improve browser test coverage 2026-02-11 16:37:40 +01:00
Feature chore: prepare for PR 2026-03-10 20:37:22 +01:00
Traits test: setup database for upcoming tests 2024-12-04 12:43:52 +01:00
Unit fix(git-ref-validation): prevent command injection via git references 2026-03-10 22:22:48 +01:00
v4 test: add dashboard test and improve browser test coverage 2026-02-11 16:37:40 +01:00
CreatesApplication.php Fix styling 2024-06-10 20:43:34 +00:00
DuskTestCase.php Refactor DuskTestCase.php to use a hardcoded base URL 2024-10-17 21:26:06 +02:00
Pest.php test: add Pest browser testing with SQLite :memory: schema 2026-02-11 15:25:47 +01:00
TestCase.php init of v4 🌮 2023-03-17 15:33:48 +01:00