tiennm99/coolify
1
0
Fork 0
mirror of https://github.com/tiennm99/coolify.git synced 2026-04-26 20:19:56 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
ebfc87753e3164a538be7dd8fbdbdb21807d6a7f
coolify/app/Models
T
History
Andras Bacsai f254af0459 security: escape all shell directory paths in Git deployment commands 
Ensures all `cd` commands in Git deployment operations use properly escaped
directory paths via `escapeshellarg()` to prevent shell injection vulnerabilities
and handle special characters correctly.

**Changes:**

1. `setGitImportSettings()` method:
   - Added `$escapedBaseDir` variable for consistent path escaping
   - Replaced all 5 instances of `cd {$baseDir}` with `cd {$escapedBaseDir}`
   - Affects: commit checkout, submodules, and LFS operations

2. `generateGitImportCommands()` method (deploy_key type):
   - Replaced 3 instances in pull request handling for GitLab, GitHub/Gitea, Bitbucket

3. `generateGitImportCommands()` method (other type):
   - Replaced 3 instances in pull request handling for GitLab, GitHub/Gitea, Bitbucket

**Security Impact:**
- Prevents shell injection from malicious directory paths
- Fixes parsing issues with special characters (@, ~, spaces)
- Consistent escaping across all deployment types: source, deploy_key, other
- Complements existing URL escaping for comprehensive security

**Testing:**
- All existing unit tests pass (5/5 Git ls-remote parsing tests)
- Code formatted with Laravel Pint

Co-Authored-By: Claude <noreply@anthropic.com>
2025-10-14 17:23:28 +02:00
..
Application.php
security: escape all shell directory paths in Git deployment commands
2025-10-14 17:23:28 +02:00
ApplicationDeploymentQueue.php
refactor(deployment): enhance deployment data retrieval and relationships
2025-10-04 18:02:20 +02:00
ApplicationPreview.php
fix(previews): simplify FQDN generation logic by removing unnecessary empty check
2025-08-28 10:11:56 +02:00
ApplicationSetting.php
feat(settings): add option to restrict PR deployments to repository members and contributors
2025-09-05 14:30:51 +02:00
BaseModel.php
refactor: rename name method to sanitizedName in BaseModel for clarity
2024-12-10 08:50:07 +01:00
CloudInitScript.php
refactor: improve cloud-init script UX and remove description field
2025-10-11 11:16:28 +02:00
CloudProviderToken.php
improved hetzner features
2025-10-09 12:53:57 +02:00
DiscordNotificationSettings.php
feat(server): implement server patch check notifications
2025-05-26 14:03:59 +02:00
DockerCleanupExecution.php
feat: DB and Model for docker cleanup executions
2025-01-15 17:11:15 +01:00
EmailNotificationSettings.php
feat(server): implement server patch check notifications
2025-05-26 14:03:59 +02:00
Environment.php
refactor(global-search, environment): streamline environment retrieval with new query method
2025-10-08 19:58:36 +02:00
EnvironmentVariable.php
feat(environment): replace is_buildtime_only with is_runtime and is_buildtime flags for environment variables, updating related logic and views
2025-09-18 18:14:54 +02:00
GithubApp.php
fix: system-wide GitHub apps (#5114)
2025-02-11 17:07:57 +01:00
GitlabApp.php
fix: access team's github apps only
2024-10-24 13:28:31 +02:00
InstanceSettings.php
refactor(notifications): standardize getRecipients method signatures
2025-03-24 17:55:10 +01:00
LocalFileVolume.php
feat(storage): add read-only volume handling and UI notifications
2025-10-03 20:05:43 +02:00
LocalPersistentVolume.php
feat(storage): add read-only volume handling and UI notifications
2025-10-03 20:05:43 +02:00
OauthSetting.php
feat(auth): Add Clerk OAuth Provider (#5553)
2025-06-18 14:29:46 +02:00
PersonalAccessToken.php
Fix styling
2024-06-10 20:43:34 +00:00
PrivateKey.php
basics of adding / removing hetzner servers
2025-10-09 10:41:29 +02:00
Project.php
feat(global-search): integrate projects and environments into global search functionality
2025-09-30 13:37:03 +02:00
ProjectSetting.php
feat: initial api endpoints
2024-02-16 21:56:38 +01:00
PushoverNotificationSettings.php
feat(server): implement server patch check notifications
2025-05-26 14:03:59 +02:00
S3Storage.php
feat(validation): centralize validation patterns for names and descriptions
2025-08-19 12:14:48 +02:00
ScheduledDatabaseBackup.php
fix(models): update sorting of scheduled database backups to order by creation date instead of name
2025-09-26 08:24:38 +02:00
ScheduledDatabaseBackupExecution.php
feat(backup): enhance backup job with S3 upload handling and notifications
2025-10-07 15:02:23 +02:00
ScheduledTask.php
feat(validation): centralize validation patterns for names and descriptions
2025-08-19 12:14:48 +02:00
ScheduledTaskExecution.php
Start scheduled task job execution.
2024-01-01 18:23:58 -08:00
Server.php
refactor: replace direct SslCertificate queries with server relationship methods for consistency
2025-10-09 17:00:05 +02:00
ServerSetting.php
feat(terminal-access): implement terminal access control for servers and containers, including UI updates and backend logic
2025-05-29 14:09:05 +02:00
Service.php
feat(service): add Elasticsearch password handling in extraFields method
2025-10-03 20:05:43 +02:00
ServiceApplication.php
Revert "rector: arrrrr"
2025-01-07 15:31:43 +01:00
ServiceDatabase.php
feat(backup): implement custom database type selection and enhance scheduled backups management
2025-04-30 16:44:44 +02:00
SharedEnvironmentVariable.php
feat(acl): Change views/backend code to able to use proper ACL's later on. Currently it is not enabled.
2025-08-26 10:27:38 +02:00
SlackNotificationSettings.php
feat(server): implement server patch check notifications
2025-05-26 14:03:59 +02:00
SslCertificate.php
fix(ssl): when regenerating SSL certs the cert is not singed with the new CN
2025-02-07 19:36:52 +01:00
StandaloneClickhouse.php
feat(search): implement global search functionality with caching and modal interface
2025-09-19 10:17:55 +02:00
StandaloneDocker.php
feat(validation): centralize validation patterns for names and descriptions
2025-08-19 12:14:48 +02:00
StandaloneDragonfly.php
feat(search): implement global search functionality with caching and modal interface
2025-09-19 10:17:55 +02:00
StandaloneKeydb.php
feat(search): implement global search functionality with caching and modal interface
2025-09-19 10:17:55 +02:00
StandaloneMariadb.php
feat(search): implement global search functionality with caching and modal interface
2025-09-19 10:17:55 +02:00
StandaloneMongodb.php
feat(search): implement global search functionality with caching and modal interface
2025-09-19 10:17:55 +02:00
StandaloneMysql.php
feat(search): implement global search functionality with caching and modal interface
2025-09-19 10:17:55 +02:00
StandalonePostgresql.php
feat(search): implement global search functionality with caching and modal interface
2025-09-19 10:17:55 +02:00
StandaloneRedis.php
feat(search): implement global search functionality with caching and modal interface
2025-09-19 10:17:55 +02:00
Subscription.php
Revert "rector: arrrrr"
2025-01-07 15:31:43 +01:00
SwarmDocker.php
Revert "rector: arrrrr"
2025-01-07 15:31:43 +01:00
Tag.php
feat(validation): centralize validation patterns for names and descriptions
2025-08-19 12:14:48 +02:00
Team.php
Merge pull request #6837 from coollabsio/andrasbacsai/custom-webhooks
2025-10-12 10:57:47 +02:00
TeamInvitation.php
Update app/Models/TeamInvitation.php
2025-09-25 11:33:32 +02:00
TelegramNotificationSettings.php
feat(server): implement server patch check notifications
2025-05-26 14:03:59 +02:00
User.php
fix(user): ensure email attributes are stored in lowercase for consistency and prevent case-related issues
2025-09-05 17:44:34 +02:00
UserChangelogRead.php
feat(changelog): implement automated changelog fetching from GitHub and enhance changelog read tracking
2025-08-12 10:07:11 +02:00
WebhookNotificationSettings.php
feat: add custom webhook notification support
2025-10-10 15:37:00 +02:00