references/coolify
1
0
Fork 0
mirror of https://github.com/coollabsio/coolify.git synced 2026-06-14 03:19:51 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'origin/next' into fix/application-image-validation

Browse Source
This commit is contained in:
Andras Bacsai
2026-06-02 11:14:35 +02:00
parent 6dae53a0e5 aa63eaafcb
commit 507ecfdf54
4 changed files with 50 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files
app/Livewire/Project/Application/General.php
+2 -1
View File
@@ -5,6 +5,7 @@ namespace App\Livewire\Project\Application;
use App\Actions\Application\GenerateConfig;
use App\Jobs\ApplicationDeploymentJob;
use App\Models\Application;
use App\Rules\ValidGitBranch;
use App\Support\ValidationPatterns;
use Illuminate\Auth\Access\AuthorizationException;
use Illuminate\Foundation\Auth\Access\AuthorizesRequests;
@@ -144,7 +145,7 @@ class General extends Component
'description' => ValidationPatterns::descriptionRules(),
'fqdn' => 'nullable',
'gitRepository' => 'required',
'gitBranch' => 'required',
'gitBranch' => ['required', 'string', new ValidGitBranch],
'gitCommitSha' => ['nullable', 'string', 'regex:/^[a-zA-Z0-9][a-zA-Z0-9._\-\/]*$/'],
'installCommand' => ValidationPatterns::shellSafeCommandRules(),
'buildCommand' => ValidationPatterns::shellSafeCommandRules(),
app/Livewire/Project/Application/Source.php
+2 -1
View File
@@ -6,6 +6,7 @@ use App\Models\Application;
use App\Models\GithubApp;
use App\Models\GitlabApp;
use App\Models\PrivateKey;
use App\Rules\ValidGitBranch;
use Illuminate\Foundation\Auth\Access\AuthorizesRequests;
use Livewire\Attributes\Locked;
use Livewire\Attributes\Validate;
@@ -29,7 +30,7 @@ class Source extends Component
#[Validate(['required', 'string'])]
public string $gitRepository;
#[Validate(['required', 'string'])]
#[Validate(['required', 'string', new ValidGitBranch])]
public string $gitBranch;
#[Validate(['nullable', 'string', 'regex:/^[a-zA-Z0-9][a-zA-Z0-9._\-\/]*$/'])]
bootstrap/helpers/api.php
+2 -1
View File
@@ -3,6 +3,7 @@
use App\Enums\BuildPackTypes;
use App\Enums\RedirectTypes;
use App\Enums\StaticImageTypes;
use App\Rules\ValidGitBranch;
use App\Support\ValidationPatterns;
use Illuminate\Database\Eloquent\Collection;
use Illuminate\Http\Request;
@@ -90,7 +91,7 @@ function sharedDataApplications()
{
return [
'git_repository' => 'string',
'git_branch' => 'string',
'git_branch' => ['string', new ValidGitBranch],
'build_pack' => Rule::enum(BuildPackTypes::class),
'is_static' => 'boolean',
'is_spa' => 'boolean',
tests/Feature/CommandInjectionSecurityTest.php
+44
View File
@@ -1,6 +1,7 @@
<?php
use App\Jobs\ApplicationDeploymentJob;
use App\Rules\ValidGitBranch;
use App\Support\ValidationPatterns;
describe('deployment job path field validation', function () {
@@ -978,3 +979,46 @@ describe('install/build/start command rules survive array_merge in controller',
expect($merged['start_command'])->toContain('regex:'.ValidationPatterns::SHELL_SAFE_COMMAND_PATTERN);
});
});
describe('git_branch validation rules survive array_merge in controller', function () {
test('git_branch uses ValidGitBranch in shared application rules', function () {
$rules = sharedDataApplications();
expect($rules['git_branch'])->toBeArray();
expect(collect($rules['git_branch'])->contains(fn ($rule) => $rule instanceof ValidGitBranch))->toBeTrue();
});
test('git_branch rejects shell metacharacter payloads', function (string $payload) {
$rules = sharedDataApplications();
$validator = validator(
['git_branch' => $payload],
['git_branch' => $rules['git_branch']]
);
expect($validator->fails())->toBeTrue();
})->with([
'semicolon command separator' => 'main;touch /tmp/pwned;#',
'command substitution' => 'main$(touch /tmp/pwned)',
'backtick substitution' => 'main`touch /tmp/pwned`',
'pipe operator' => 'main|id',
'newline injection' => "main\ntouch /tmp/pwned",
'redirect operator' => 'main>/tmp/pwned',
'single quote breakout' => "main';id;#",
]);
test('git_branch accepts safe branch names', function (string $branch) {
$rules = sharedDataApplications();
$validator = validator(
['git_branch' => $branch],
['git_branch' => $rules['git_branch']]
);
expect($validator->fails())->toBeFalse();
})->with([
'main',
'feature/my-branch',
'release_1.2.3',
]);
});