Mirrors/coolify
1
0
Fork 0
mirror of https://github.com/coollabsio/coolify.git synced 2025-12-28 05:34:50 +00:00
Code Issues Actions 11 Packages Projects Releases Wiki Activity
coolify-json-detection
coolify/tests/Unit
History
Andras Bacsai 954203db8c
Some checks are pending
Staging Build / build-push (aarch64, linux/aarch64, ubuntu-24.04-arm) (push) Waiting to run
Details
Staging Build / build-push (amd64, linux/amd64, ubuntu-24.04) (push) Waiting to run
Details
Staging Build / merge-manifest (push) Blocked by required conditions
Details
fix: Add escapeshellarg() to prevent command injection in loadConfigFromGit 
Add defense-in-depth shell argument escaping for repository URL, branch name,
and base_directory parameters in the loadConfigFromGit function. While input
validation rules already block dangerous characters, escapeshellarg() provides
an additional security layer at the function level.

Also adds comprehensive unit tests for shell argument escaping behavior.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2025-12-27 19:20:38 +01:00
..
Actions Fix: Prevent coolify-helper and coolify-realtime images from being pruned 2025-12-11 13:38:52 +01:00
Api Add autogenerate_domain API parameter for applications 2025-12-05 21:16:04 +01:00
Jobs Combine stop+start into single activity for real-time logs 2025-12-03 16:21:26 +01:00
Livewire Merge branch 'next' into env-var-autocomplete 2025-11-25 11:21:53 +01:00
Notifications/Channels feat(EmailChannel): enhance error handling with user-friendly messages for Resend API errors 2025-11-11 13:23:45 +01:00
Parsers Inject commit-based image tags for Docker Compose build services 2025-12-05 11:41:47 +01:00
Policies feat: streamline S3 restore with single-step flow and improved UI consistency 2025-11-17 10:05:18 +01:00
Project/Database feat: add validation methods for S3 bucket names, paths, and server paths; update import logic to prevent command injection 2025-11-25 16:40:35 +01:00
Rules feat: add YAML validation for cloud-init scripts 2025-10-11 13:56:55 +02:00
AllExcludedContainersConsistencyTest.php fix: don't show health status for exited containers 2025-11-24 09:09:37 +01:00
ApplicationComposeEditorLoadTest.php fix: Monaco editor empty for docker compose applications 2025-10-27 12:48:20 +01:00
ApplicationConfigurationChangeTest.php fix: trigger configuration changed detection for build settings 2025-11-27 12:22:54 +01:00
ApplicationDeploymentCustomBuildCommandTest.php Fix: Docker build args injection regex to support service names 2025-12-01 13:16:05 +01:00
ApplicationDeploymentEmptyEnvTest.php Changes auto-committed by Conductor 2025-10-21 20:39:39 +02:00
ApplicationDeploymentErrorLoggingTest.php fix(deployment): improve error logging with exception types and hidden technical details 2025-11-17 14:44:39 +01:00
ApplicationDeploymentNixpacksNullEnvTest.php Fix Nixpacks null environment variable parsing error 2025-12-04 15:10:39 +01:00
ApplicationGitSecurityTest.php fix: prevent command injection in git ls-remote operations 2025-10-15 14:53:50 +02:00
ApplicationHealthcheckRemovalTest.php Changes auto-committed by Conductor 2025-10-22 12:41:17 +02:00
ApplicationNetworkAliasesSyncTest.php refactor: Improve handling of custom network aliases 2025-11-01 13:13:14 +01:00
ApplicationParserStringableTest.php fix: convert Stringable to plain strings in applicationParser for strict comparisons and collection lookups 2025-11-24 09:22:27 +01:00
ApplicationPortDetectionTest.php feat: add automated PORT environment variable detection and UI warnings 2025-11-10 13:43:27 +01:00
ApplicationServiceEnvironmentVariablesTest.php fix: properly handle SERVICE_URL and SERVICE_FQDN for abbreviated service names (#7243) 2025-11-21 11:21:49 +01:00
ApplicationSettingStaticCastTest.php feat: Update ApplicationSetting model to include additional boolean casts 2025-11-04 08:43:33 +01:00
ApplicationWatchPathsTest.php refactor(tests): simplify matchWatchPaths tests and update implementation for better clarity 2025-09-26 14:33:18 +02:00
BashEnvEscapingTest.php fix: handle null environment variable values in bash escaping 2025-10-15 13:35:58 +02:00
CheckForUpdatesJobTest.php Fix: Fragile service name parsing in applyServiceApplicationPrerequisites 2025-11-28 17:42:04 +01:00
CheckTraefikVersionForServerJobTest.php feat(proxy): enhance Traefik version notifications to show patch and minor upgrades 2025-11-18 14:53:49 +01:00
CheckTraefikVersionJobTest.php refactor: send immediate Traefik version notifications instead of delayed aggregation 2025-11-18 14:54:21 +01:00
ClickhouseOfficialImageMigrationTest.php - Made necessary changes to the migration and created new one as well. 2025-11-28 17:12:11 +05:30
CloudInitScriptValidationTest.php feat: add cloud-init script support for Hetzner server creation 2025-10-10 19:37:16 +02:00
ContainerHealthStatusTest.php feat(tests): add comprehensive tests for ContainerStatusAggregator and serverStatus accessor 2025-11-20 17:31:07 +01:00
ContainerStatusAggregatorTest.php Fix complex status logic: handle degraded sub-resources and mixed running+starting states 2025-12-02 21:47:15 +01:00
CoolifyJsonConfigTest.php fix: Add escapeshellarg() to prevent command injection in loadConfigFromGit 2025-12-27 19:20:38 +01:00
CoolifyTaskCleanupTest.php feat: streamline S3 restore with single-step flow and improved UI consistency 2025-11-17 10:05:18 +01:00
DatabaseBackupSecurityTest.php fix: enhance security by validating and escaping database names, file paths, and proxy configuration filenames to prevent command injection 2025-11-27 14:36:31 +01:00
DatalistComponentTest.php feat: add support for selecting additional SSH keys from Hetzner in server creation form 2025-10-10 12:17:05 +02:00
DeploymentExceptionTest.php feat(DeploymentException): add custom exception for deployment errors and update handler to exclude from reporting 2025-11-11 15:08:26 +01:00
DockerComposeEmptyStringPreservationTest.php feat: Implement required port validation for service applications 2025-11-06 14:32:36 +01:00
DockerComposeEmptyTopLevelSectionsTest.php fix: preserve empty strings and remove empty sections in docker-compose 2025-11-06 12:30:03 +01:00
DockerComposeLabelParsingTest.php Changes auto-committed by Conductor 2025-10-16 08:51:15 +02:00
DockerComposeRawContentRemovalTest.php Fix: Preserve clean docker_compose_raw without Coolify additions 2025-10-23 19:07:12 +02:00
DockerComposeRawSeparationTest.php Fix: Preserve clean docker_compose_raw without Coolify additions 2025-10-23 19:07:12 +02:00
DockerfileArgInsertionTest.php test: add unit tests for Dockerfile ARG insertion logic 2025-11-06 08:54:40 +01:00
DockerImageAutoParseTest.php fix: improve Docker image digest handling and add auto-parse feature 2025-10-15 10:19:01 +02:00
DockerImageParserTest.php fix: improve Docker image digest handling and add auto-parse feature 2025-10-15 10:19:01 +02:00
EnvVarInputComponentTest.php feat: add environment variable autocomplete component 2025-11-19 10:54:19 +01:00
ExcludeFromHealthCheckTest.php fix: don't show health status for exited containers 2025-11-24 09:09:37 +01:00
FileStorageSecurityTest.php fix: enhance security by validating and escaping database names, file paths, and proxy configuration filenames to prevent command injection 2025-11-27 14:36:31 +01:00
FormatBytesTest.php feat: streamline S3 restore with single-step flow and improved UI consistency 2025-11-17 10:05:18 +01:00
FormatContainerStatusTest.php feat: implement formatContainerStatus helper for human-readable status formatting and add unit tests 2025-11-21 09:12:56 +01:00
GetContainersStatusServiceAggregationTest.php fix: correct Sentinel default health status and remove debug logging 2025-11-20 11:10:34 +01:00
GitLsRemoteParsingTest.php test: improve Git ls-remote parsing tests with uppercase SHA and negative cases 2025-10-14 17:34:26 +02:00
GlobalSearchNewImageQuickActionTest.php fix: 'new image' quick action not progressing to resource selection 2025-10-15 10:49:07 +02:00
HetznerDeletionFailedNotificationTest.php feat: implement Hetzner deletion failure notification system with email and messaging support 2025-10-10 09:35:58 +02:00
HetznerServiceTest.php feat: add Hetzner Cloud server linking for manually-added servers 2025-12-11 22:14:41 +01:00
HetznerSshKeysTest.php feat: add support for selecting additional SSH keys from Hetzner in server creation form 2025-10-10 12:17:05 +02:00
LocalFileVolumeReadOnlyTest.php fix: Detect read-only Docker volumes with long-form syntax and enable refresh 2025-12-11 14:18:58 +01:00
LogViewerXssSecurityTest.php Move inline styles to global CSS file 2025-12-04 13:15:01 +01:00
NotifyOutdatedTraefikServersJobTest.php feat(proxy): enhance Traefik version notifications to show patch and minor upgrades 2025-11-18 14:53:49 +01:00
ParseCommandsByLineForSudoTest.php fix: resolve Docker validation race conditions and sudo prefix bug 2025-11-27 09:04:42 +01:00
ParseDockerVolumeStringTest.php fix(parsers): enhance volume string handling by preserving mode in application and service parsers. Update related unit tests for validation. 2025-08-27 16:54:49 +02:00
PathTraversalSecurityTest.php feat: streamline S3 restore with single-step flow and improved UI consistency 2025-11-17 10:05:18 +01:00
PostgresqlInitScriptSecurityTest.php fix: enhance security by validating and escaping database names, file paths, and proxy configuration filenames to prevent command injection 2025-11-27 14:36:31 +01:00
PostgRESTDetectionTest.php Fix PostgREST misclassification and empty Domains section 2025-12-01 16:52:09 +01:00
PreSaveValidationTest.php fix: prevent command injection in Docker Compose parsing - add pre-save validation 2025-10-16 09:51:37 +02:00
PreviewDeploymentPortTest.php test: Add comprehensive preview deployment port and path tests 2025-12-17 21:35:54 +01:00
PrivateKeyStorageTest.php fix(private-key): implement transaction handling and error verification for private key storage operations 2025-09-09 16:46:38 +02:00
ProxyConfigurationSecurityTest.php fix: enhance security by validating and escaping database names, file paths, and proxy configuration filenames to prevent command injection 2025-11-27 14:36:31 +01:00
ProxyCustomCommandsTest.php feat(proxy): enhance proxy configuration regeneration by extracting custom commands 2025-10-07 11:11:13 +02:00
ProxyHelperTest.php Fix: Traefik proxy startup issues - handle null versions and filter predefined networks 2025-11-28 17:53:26 +01:00
RestartCountTrackingTest.php feat: add container restart tracking and crash loop detection 2025-11-10 13:04:31 +01:00
RestoreJobFinishedNullServerTest.php fix: improve robustness and security in database restore flows 2025-11-17 14:13:10 +01:00
RestoreJobFinishedSecurityTest.php feat: streamline S3 restore with single-step flow and improved UI consistency 2025-11-17 10:05:18 +01:00
RestoreJobFinishedShellEscapingTest.php feat: improve S3 restore path handling and validation state 2025-11-25 10:18:30 +01:00
S3RestoreSecurityTest.php feat: streamline S3 restore with single-step flow and improved UI consistency 2025-11-17 10:05:18 +01:00
S3RestoreTest.php feat: add S3 storage integration for file import 2025-11-14 10:43:19 +01:00
S3StorageTest.php feat: streamline S3 restore with single-step flow and improved UI consistency 2025-11-17 10:05:18 +01:00
SanitizeLogsForExportTest.php Enhance log sanitization with GitHub, GitLab, AWS, and generic URL passwords 2025-12-17 17:59:10 +01:00
ScheduledJobManagerLockTest.php Fix stale lock issue causing scheduled tasks to stop (#4539) 2025-10-23 10:07:33 +02:00
ScheduledJobsRetryConfigTest.php feat(DatabaseBackupJob, ScheduledTaskJob): enforce minimum timeout and add execution ID for timeout handling 2025-11-11 12:07:39 +01:00
ScheduledTaskJobTimeoutTest.php feat(DatabaseBackupJob, ScheduledTaskJob): enforce minimum timeout and add execution ID for timeout handling 2025-11-11 12:07:39 +01:00
ServerManagerJobExecutionTimeTest.php Fix: Pass $serverTimezone to shouldRunNow() in ServerCheckJob dispatch 2025-12-02 16:58:43 +01:00
ServerManagerJobSentinelCheckTest.php Refactor: Move sentinel update checks to ServerManagerJob and add tests for hourly dispatch 2025-12-04 14:58:18 +01:00
ServerQueryScopeTest.php fix(performance): eliminate N+1 query in CheckTraefikVersionJob 2025-11-18 14:53:49 +01:00
ServerStatusAccessorTest.php feat(tests): add comprehensive tests for ContainerStatusAggregator and serverStatus accessor 2025-11-20 17:31:07 +01:00
ServiceApplicationPrerequisitesTest.php Fix: Fragile service name parsing in applyServiceApplicationPrerequisites 2025-11-28 17:42:04 +01:00
ServiceConfigurationRefreshTest.php fix: prevent duplicate services on image change and enable real-time UI refresh 2025-10-14 10:12:36 +02:00
ServiceExcludedStatusTest.php fix: don't show health status for exited containers 2025-11-24 09:09:37 +01:00
ServiceNameSecurityTest.php fix: prevent command injection in Docker Compose parsing - add pre-save validation 2025-10-16 09:51:37 +02:00
ServiceParserImageUpdateTest.php fix: prevent duplicate services on image change and enable real-time UI refresh 2025-10-14 10:12:36 +02:00
ServiceParserPathDuplicationTest.php fix: prevent SERVICE_FQDN/SERVICE_URL path duplication on FQDN updates 2025-11-27 10:57:24 +01:00
ServiceParserPortDetectionLogicTest.php feat: implement service environment variable parsing and add unit tests for port detection logic 2025-11-11 11:19:33 +01:00
ServicePortSpecificVariablesTest.php feat: implement service environment variable parsing and add unit tests for port detection logic 2025-11-11 11:19:33 +01:00
ServiceRequiredPortTest.php fix: enhance getRequiredPort to support map-style environment variables for SERVICE_URL and SERVICE_FQDN 2025-11-21 12:41:25 +01:00
SshMultiplexingDisableTest.php Fix SSH multiplexing contention for concurrent scheduled tasks (#6736) 2025-12-05 09:54:30 +01:00
SshRetryMechanismTest.php fix(ssh): introduce SshRetryHandler and SshRetryable trait for enhanced SSH command retry logic with exponential backoff and error handling 2025-09-07 17:17:35 +02:00
StartProxyTest.php fix(proxy): prevent "container name already in use" error during proxy restart 2025-11-18 14:53:49 +01:00
StartupExecutionCleanupTest.php feat(Cleanup): implement failure marking for stuck scheduled tasks and database backups during startup 2025-11-11 12:32:52 +01:00
StopProxyTest.php fix(docker): migrate database start actions from --time to -t flag 2025-11-28 11:18:12 +01:00
StripCoolifyCustomFieldsTest.php feat: add validation for YAML parsing, integer parameters, and Docker Compose custom fields 2025-11-20 18:34:49 +01:00
TimescaleDbDetectionTest.php feat(ServiceDatabase): add support for TimescaleDB detection and database type identification 2025-11-12 00:36:38 +01:00
UpdateComposeAbbreviatedVariablesTest.php fix: handle map-style environment variables in updateCompose 2025-11-21 11:21:49 +01:00
UpdateCoolifyTest.php Fix: Fragile service name parsing in applyServiceApplicationPrerequisites 2025-11-28 17:42:04 +01:00
ValidateShellSafePathTest.php refactor: harden and deduplicate validateShellSafePath 2025-10-16 09:51:37 +02:00
ValidGitRepositoryUrlTest.php fix(validation): update git:// URL validation to support port numbers and tilde characters in paths 2025-09-29 12:21:15 +02:00
ValidHostnameTest.php feat: implement ValidHostname validation rule and integrate it into server creation process 2025-10-10 11:03:13 +02:00
ValidProxyConfigFilenameTest.php Add ValidProxyConfigFilename rule for dynamic proxy config validation 2025-12-09 16:12:45 +01:00
VolumeArrayFormatSecurityTest.php refactor: improve docker compose validation and transaction handling in StackForm 2025-11-07 14:03:19 +01:00
VolumeSecurityTest.php refactor: improve docker compose validation and transaction handling in StackForm 2025-11-07 14:03:19 +01:00
WindowsPathVolumeTest.php fix: use canonical parser for Windows path validation 2025-10-16 09:51:37 +02:00