diff options
| author | bndw <ben@bdw.to> | 2026-02-10 21:29:08 -0800 |
|---|---|---|
| committer | bndw <ben@bdw.to> | 2026-02-10 21:29:08 -0800 |
| commit | 47d4b3b6e4d68660e6e1e05fe2e1c0839f86e40e (patch) | |
| tree | af9b3274d2c4ef2bdcdfc1a074c52a52f8d523e3 /cmd/ship/deploy_cmd.go | |
| parent | 86a9dbce8b6c067c7e94bc6ba5a078b7d85eb9ca (diff) | |
Harden security: name validation, scoped sudoers, safe.directory
- Add ValidateName() enforcing ^[a-z][a-z0-9-]{0,62}$ on all entry points
- Tighten sudoers to restrict cp sources/destinations and chown targets
- Scope git safe.directory to www-data user only (preserves CVE-2022-24765)
- Add www-data to git group and caddy to www-data group for fcgiwrap
- Fix vanity import template to use orig_uri placeholder
- Restart (not reload) services after group changes
- Add name validation to env subcommands and deploy_cmd
Diffstat (limited to 'cmd/ship/deploy_cmd.go')
| -rw-r--r-- | cmd/ship/deploy_cmd.go | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/cmd/ship/deploy_cmd.go b/cmd/ship/deploy_cmd.go index ca5c54d..ba45c4f 100644 --- a/cmd/ship/deploy_cmd.go +++ b/cmd/ship/deploy_cmd.go | |||
| @@ -24,6 +24,9 @@ Examples: | |||
| 24 | 24 | ||
| 25 | func runDeployGit(cmd *cobra.Command, args []string) error { | 25 | func runDeployGit(cmd *cobra.Command, args []string) error { |
| 26 | name := args[0] | 26 | name := args[0] |
| 27 | if err := validateName(name); err != nil { | ||
| 28 | return err | ||
| 29 | } | ||
| 27 | 30 | ||
| 28 | st, err := state.Load() | 31 | st, err := state.Load() |
| 29 | if err != nil { | 32 | if err != nil { |