diff options
| author | bndw <ben@bdw.to> | 2026-02-10 21:29:08 -0800 |
|---|---|---|
| committer | bndw <ben@bdw.to> | 2026-02-10 21:29:08 -0800 |
| commit | 47d4b3b6e4d68660e6e1e05fe2e1c0839f86e40e (patch) | |
| tree | af9b3274d2c4ef2bdcdfc1a074c52a52f8d523e3 /cmd/ship/remove.go | |
| parent | 86a9dbce8b6c067c7e94bc6ba5a078b7d85eb9ca (diff) | |
Harden security: name validation, scoped sudoers, safe.directory
- Add ValidateName() enforcing ^[a-z][a-z0-9-]{0,62}$ on all entry points
- Tighten sudoers to restrict cp sources/destinations and chown targets
- Scope git safe.directory to www-data user only (preserves CVE-2022-24765)
- Add www-data to git group and caddy to www-data group for fcgiwrap
- Fix vanity import template to use orig_uri placeholder
- Restart (not reload) services after group changes
- Add name validation to env subcommands and deploy_cmd
Diffstat (limited to 'cmd/ship/remove.go')
| -rw-r--r-- | cmd/ship/remove.go | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/cmd/ship/remove.go b/cmd/ship/remove.go index 8380e87..b55d0c8 100644 --- a/cmd/ship/remove.go +++ b/cmd/ship/remove.go | |||
| @@ -18,6 +18,9 @@ var removeCmd = &cobra.Command{ | |||
| 18 | 18 | ||
| 19 | func runRemove(cmd *cobra.Command, args []string) error { | 19 | func runRemove(cmd *cobra.Command, args []string) error { |
| 20 | name := args[0] | 20 | name := args[0] |
| 21 | if err := validateName(name); err != nil { | ||
| 22 | return err | ||
| 23 | } | ||
| 21 | 24 | ||
| 22 | st, err := state.Load() | 25 | st, err := state.Load() |
| 23 | if err != nil { | 26 | if err != nil { |