rosslh/coolify
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
coolify/app/Traits
History
Andras Bacsai 096d4369e5 fix(sentinel): add token validation to prevent command injection 
Add validation to ensure sentinel tokens contain only safe characters
(alphanumeric, dots, hyphens, underscores, plus, forward slash, equals),
preventing OS command injection vulnerabilities when tokens are
interpolated into shell commands.

- Add ServerSetting::isValidSentinelToken() validation method
- Validate tokens in StartSentinel action and metrics queries
- Improve shell argument escaping with escapeshellarg()
- Add comprehensive test coverage for token validation
2026-03-10 22:19:19 +01:00
..
AuthorizesResourceCreation.php feat(auth): introduce resource creation authorization middleware and policies for enhanced access control 2025-08-26 10:27:38 +02:00
CalculatesExcludedStatus.php fix: don't show health status for exited containers 2025-11-24 09:09:37 +01:00
ClearsGlobalSearchCache.php feat(global-search): integrate projects and environments into global search functionality 2025-09-30 13:37:03 +02:00
DeletesUserSessions.php Changes auto-committed by Conductor 2025-10-16 09:51:37 +02:00
EnvironmentVariableAnalyzer.php fix(environment-variables): correct method call syntax in analyzeBuildVariable function 2025-09-23 11:40:56 +02:00
EnvironmentVariableProtection.php feat(deployment): add SERVICE_NAME variables for service discovery 2025-09-08 15:22:44 +02:00
ExecuteRemoteCommand.php feat(api): Improve OpenAPI spec and add rate limit handling for Hetzner 2025-12-11 12:12:43 +01:00
HasConfiguration.php feat(core): wip version of coolify.json 2025-01-21 14:09:12 +01:00
HasMetrics.php fix(sentinel): add token validation to prevent command injection 2026-03-10 22:19:19 +01:00
HasNotificationSettings.php Merge pull request #6837 from coollabsio/andrasbacsai/custom-webhooks 2025-10-12 10:57:47 +02:00
HasSafeStringAttribute.php feat(validation): centralize validation patterns for names and descriptions 2025-08-19 12:14:48 +02:00
SaveFromRedirect.php Revert "rector: arrrrr" 2025-01-07 15:31:43 +01:00
SshRetryable.php refactor(ssh-retry): remove Sentry tracking from retry logic 2026-02-15 14:00:27 +01:00