From 47d4b3b6e4d68660e6e1e05fe2e1c0839f86e40e Mon Sep 17 00:00:00 2001
From: bndw <ben@bdw.to>
Date: Tue, 10 Feb 2026 21:29:08 -0800
Subject: Harden security: name validation, scoped sudoers, safe.directory

- Add ValidateName() enforcing ^[a-z][a-z0-9-]{0,62}$ on all entry points
- Tighten sudoers to restrict cp sources/destinations and chown targets
- Scope git safe.directory to www-data user only (preserves CVE-2022-24765)
- Add www-data to git group and caddy to www-data group for fcgiwrap
- Fix vanity import template to use orig_uri placeholder
- Restart (not reload) services after group changes
- Add name validation to env subcommands and deploy_cmd
---
 cmd/ship/validate.go | 9 +++++++++
 1 file changed, 9 insertions(+)
 create mode 100644 cmd/ship/validate.go

(limited to 'cmd/ship/validate.go')

diff --git a/cmd/ship/validate.go b/cmd/ship/validate.go
new file mode 100644
index 0000000..00275af
--- /dev/null
+++ b/cmd/ship/validate.go
@@ -0,0 +1,9 @@
+package main
+
+import "github.com/bdw/ship/internal/state"
+
+// validateName checks that an app/project name is safe for use in shell
+// commands, file paths, systemd units, and DNS labels.
+func validateName(name string) error {
+	return state.ValidateName(name)
+}
-- 
cgit v1.2.3