rosslh/coolify
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
coolify/bootstrap/helpers
History
Andras Bacsai c9922c30c2 fix: add input validation for install/build/start command fields 
Add shellSafeCommandRules() validation to install_command, build_command,
and start_command fields in both the Livewire UI and REST API layers.
These fields previously accepted arbitrary strings without validation,
unlike other shell-adjacent fields which already used this pattern.

Also adds comprehensive tests for rejection of dangerous input and
acceptance of legitimate build commands.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-28 12:28:29 +01:00
..
api.php fix: add input validation for install/build/start command fields 2026-03-28 12:28:29 +01:00
applications.php chore: prepare for PR 2026-02-25 11:18:46 +01:00
constants.php fix(template): make databasus connect to predefined network 2025-12-28 21:30:01 +08:00
databases.php fix: handle redis_password in API database creation 2025-10-24 18:04:30 +02:00
docker.php fix(deployment): properly escape shell arguments in nixpacks commands 2026-03-23 21:55:46 +01:00
domains.php fix(api): include docker_compose_domains in domain conflict check 2026-01-14 15:22:43 +01:00
github.php feat(github): implement processing for GitHub pull request webhooks and add helper functions for commit and PR file retrieval 2026-01-05 11:13:18 +01:00
notifications.php refactor(configuration): centralize configuration management in ConfigurationRepository 2025-03-24 21:01:27 +01:00
parsers.php fix(parsers): preserve ${VAR} references in compose instead of resolving to DB values 2026-03-24 21:52:36 +01:00
proxy.php feat(proxy): add database-backed config storage with disk backups 2026-03-11 14:11:31 +01:00
remoteProcess.php refactor: simplify remote process chain and harden ActivityMonitor 2026-03-26 13:26:16 +01:00
services.php chore: prepare for PR 2026-03-10 17:37:13 +01:00
shared.php fix(backup): validate MongoDB collection names in backup input 2026-03-25 16:52:06 +01:00
socialite.php refactor(dashboard): remove deployment loading logic and introduce DeploymentsIndicator component for better UI management 2025-09-30 11:43:30 +02:00
subscriptions.php chore: prepare for PR 2026-02-24 10:17:16 +01:00
sudo.php fix: add additional bash keywords to prevent sudo prefix in command parsing 2025-11-27 10:51:59 +01:00
timezone.php refactor: improve data formatting and UI 2025-01-15 18:35:20 +01:00
versions.php refactor(proxy): implement centralized caching for versions.json and improve UX 2025-11-18 14:53:49 +01:00