rosslh/coolify
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
coolify/bootstrap
History
Andras Bacsai a1c30cb0e7 fix(git-ref-validation): prevent command injection via git references 
Add validateGitRef() helper function that uses an allowlist approach to prevent
OS command injection through git commit SHAs, branch names, and tags. Only allows
alphanumeric characters, dots, hyphens, underscores, and slashes.

Changes include:
- Add validateGitRef() helper in bootstrap/helpers/shared.php
- Apply validation in Rollback component when accepting rollback commit
- Add regex validation to git commit SHA fields in Livewire components
- Apply regex validation to API rules for git_commit_sha
- Use escapeshellarg() in git log and git checkout commands
- Add comprehensive unit tests covering injection payloads

Addresses GHSA-mw5w-2vvh-mgf4
2026-03-10 22:22:48 +01:00
..
cache init of v4 🌮 2023-03-17 15:33:48 +01:00
helpers fix(git-ref-validation): prevent command injection via git references 2026-03-10 22:22:48 +01:00
app.php testing php storm code cleanup and styling 2023-08-08 11:51:36 +02:00
getHelperVersion.php chore(versions): update coolify versions to v4.0.0-beta.389 and add helper version retrieval script 2025-01-22 14:01:05 +01:00
getRealtimeVersion.php refactor(workflows): replace jq with PHP script for version retrieval in workflows 2025-01-22 14:05:29 +01:00
getVersion.php Refactor getVersion.php to prevent GitHub Actions failure 2024-11-26 10:53:34 +01:00
includeHelpers.php Fix styling 2024-06-10 20:43:34 +00:00