Harden security: name validation, scoped sudoers, safe.directory

- Add ValidateName() enforcing ^[a-z][a-z0-9-]{0,62}$ on all entry points - Tighten sudoers to restrict cp sources/destinations and chown targets - Scope git safe.directory to www-data user only (preserves CVE-2022-24765) - Add www-data to git group and caddy to www-data group for fcgiwrap - Fix vanity import template to use orig_uri placeholder - Restart (not reload) services after group changes - Add name validation to env subcommands and deploy_cmd
author: bndw <ben@bdw.to> 2026-02-10 21:29:08 -0800
committer: bndw <ben@bdw.to> 2026-02-10 21:29:08 -0800
commit: 47d4b3b6e4d68660e6e1e05fe2e1c0839f86e40e (patch)
tree: af9b3274d2c4ef2bdcdfc1a074c52a52f8d523e3 /cmd/ship/validate.go
parent: 86a9dbce8b6c067c7e94bc6ba5a078b7d85eb9ca (diff)
1 files changed, 9 insertions, 0 deletions
diff --git a/cmd/ship/validate.go b/cmd/ship/validate.go
new file mode 100644
index 0000000..00275af
--- /dev/null
+++ b/cmd/ship/validate.go
@@ -0,0 +1,9 @@
+package main
+import "github.com/bdw/ship/internal/state"
+// validateName checks that an app/project name is safe for use in shell
+// commands, file paths, systemd units, and DNS labels.
+func validateName(name string) error {
+        return state.ValidateName(name)
+}
author	bndw <ben@bdw.to>	2026-02-10 21:29:08 -0800
committer	bndw <ben@bdw.to>	2026-02-10 21:29:08 -0800
commit	47d4b3b6e4d68660e6e1e05fe2e1c0839f86e40e (patch)
tree	af9b3274d2c4ef2bdcdfc1a074c52a52f8d523e3 /cmd/ship/validate.go
parent	86a9dbce8b6c067c7e94bc6ba5a078b7d85eb9ca (diff)

diff --git a/cmd/ship/validate.go b/cmd/ship/validate.go new file mode 100644 index 0000000..00275af --- /dev/null +++ b/cmd/ship/validate.go
@@ -0,0 +1,9 @@
	1	package main
	2
	3	import "github.com/bdw/ship/internal/state"
	4
	5	// validateName checks that an app/project name is safe for use in shell
	6	// commands, file paths, systemd units, and DNS labels.
	7	func validateName(name string) error {
	8	return state.ValidateName(name)
	9	}