diff options
| author | bndw <ben@bdw.to> | 2026-02-10 21:29:08 -0800 |
|---|---|---|
| committer | bndw <ben@bdw.to> | 2026-02-10 21:29:08 -0800 |
| commit | 47d4b3b6e4d68660e6e1e05fe2e1c0839f86e40e (patch) | |
| tree | af9b3274d2c4ef2bdcdfc1a074c52a52f8d523e3 /cmd/ship/deploy.go | |
| parent | 86a9dbce8b6c067c7e94bc6ba5a078b7d85eb9ca (diff) | |
Harden security: name validation, scoped sudoers, safe.directory
- Add ValidateName() enforcing ^[a-z][a-z0-9-]{0,62}$ on all entry points
- Tighten sudoers to restrict cp sources/destinations and chown targets
- Scope git safe.directory to www-data user only (preserves CVE-2022-24765)
- Add www-data to git group and caddy to www-data group for fcgiwrap
- Fix vanity import template to use orig_uri placeholder
- Restart (not reload) services after group changes
- Add name validation to env subcommands and deploy_cmd
Diffstat (limited to 'cmd/ship/deploy.go')
| -rw-r--r-- | cmd/ship/deploy.go | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/cmd/ship/deploy.go b/cmd/ship/deploy.go index 9ac754c..86d4878 100644 --- a/cmd/ship/deploy.go +++ b/cmd/ship/deploy.go | |||
| @@ -140,6 +140,9 @@ func runDeploy(cmd *cobra.Command, args []string) error { | |||
| 140 | name = filepath.Base(binary) | 140 | name = filepath.Base(binary) |
| 141 | } | 141 | } |
| 142 | } | 142 | } |
| 143 | if err := validateName(name); err != nil { | ||
| 144 | return err | ||
| 145 | } | ||
| 143 | 146 | ||
| 144 | // Check if this is an update to an existing app/site | 147 | // Check if this is an update to an existing app/site |
| 145 | existingApp, _ := st.GetApp(host, name) | 148 | existingApp, _ := st.GetApp(host, name) |