Mirrors/coolify
1
0
Fork 0
mirror of https://github.com/coollabsio/coolify.git synced 2025-12-27 21:25:48 +00:00
Code Issues Actions 11 Packages Projects Releases Wiki Activity
coolify-json-detection
coolify/bootstrap/helpers
History
Andras Bacsai 954203db8c
Some checks are pending
Staging Build / build-push (aarch64, linux/aarch64, ubuntu-24.04-arm) (push) Waiting to run
Details
Staging Build / build-push (amd64, linux/amd64, ubuntu-24.04) (push) Waiting to run
Details
Staging Build / merge-manifest (push) Blocked by required conditions
Details
fix: Add escapeshellarg() to prevent command injection in loadConfigFromGit 
Add defense-in-depth shell argument escaping for repository URL, branch name,
and base_directory parameters in the loadConfigFromGit function. While input
validation rules already block dangerous characters, escapeshellarg() provides
an additional security layer at the function level.

Also adds comprehensive unit tests for shell argument escaping behavior.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2025-12-27 19:20:38 +01:00
..
api.php feat: Add support for coolify.json configuration import and schema validation 2025-12-27 19:20:38 +01:00
applications.php Add deployment queue limit to prevent queue bombing 2025-12-04 13:52:27 +01:00
constants.php feat:(service) Add Redis Insight to predefined docker networks by default (#7416) 2025-12-15 15:51:06 +01:00
databases.php fix: handle redis_password in API database creation 2025-10-24 18:04:30 +02:00
docker.php Add Garage as a one-click service 2025-12-05 13:46:57 +01:00
domains.php feat(domains): add force_domain_override option and enhance domain conflict detection responses 2025-08-28 11:21:30 +02:00
github.php refactor(github): enhance API request handling and validation 2025-09-22 15:41:56 +02:00
notifications.php refactor(configuration): centralize configuration management in ConfigurationRepository 2025-03-24 21:01:27 +01:00
parsers.php fix: remove {{port}} template variable and ensure ports are always appended to preview URLs 2025-12-07 21:53:47 +01:00
proxy.php Fix: Traefik proxy startup issues - handle null versions and filter predefined networks 2025-11-28 17:53:26 +01:00
remoteProcess.php Enhance log sanitization with GitHub, GitLab, AWS, and generic URL passwords 2025-12-17 17:59:10 +01:00
services.php Fix: Fragile service name parsing in applyServiceApplicationPrerequisites 2025-11-28 17:42:04 +01:00
shared.php fix: Add escapeshellarg() to prevent command injection in loadConfigFromGit 2025-12-27 19:20:38 +01:00
socialite.php refactor(dashboard): remove deployment loading logic and introduce DeploymentsIndicator component for better UI management 2025-09-30 11:43:30 +02:00
subscriptions.php refactor: replace queries with cached versions for performance improvements 2025-12-08 13:39:33 +01:00
sudo.php fix: add additional bash keywords to prevent sudo prefix in command parsing 2025-11-27 10:51:59 +01:00
timezone.php refactor: improve data formatting and UI 2025-01-15 18:35:20 +01:00
versions.php refactor(proxy): implement centralized caching for versions.json and improve UX 2025-11-18 14:53:49 +01:00