ric/dockge
1
0
Fork 0
mirror of https://github.com/louislam/dockge.git synced 2025-02-26 13:35:57 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Compare commits

base: ric:035782c5abe617b4f2a8ebf5271fcb3af52bb48d
Branches Tags
ric:master
ric:1.5.X
ric:fix-353
ric:fix-337
ric:multiple
ric:revert-303-compose
ric:compose
ric:fix-env3
ric:s
ric:build-windows
ric:update-deploy
ric:fix-check-update
ric:env2
ric:fix-234
ric:env-follow-up
ric:child-process-async
ric:sort
ric:reset-password
ric:healthcheck
ric:arm-runner
ric:fix-cpu
ric:urls
ric:websocket
ric:rollout
ric:remove-version
ric:close-terminal
ric:fix-inactive
ric:rebase-discussion-form
ric:docs
ric:improvements
ric:down
ric:check-ts
ric:eslint
ric:release-process
ric:feat-use-monospace-fonts
ric:wip
ric:1.4.2
ric:1.4.1
ric:1.4.0
ric:1.4.0-beta.0
ric:1.3.5
ric:1.3.4
ric:1.3.3
ric:1.3.2
ric:1.3.1
ric:1.3.0
ric:1.2.0
ric:1.1.1
ric:1.1.0
ric:1.0.4
ric:1.0.3
ric:1.0.2
ric:1.0.1
ric:1.0.0
...
compare: ric:f63718b1d4621a8b207e406a0c769751d4bb4bde
Branches Tags
ric:master
ric:1.5.X
ric:fix-353
ric:fix-337
ric:multiple
ric:revert-303-compose
ric:compose
ric:fix-env3
ric:s
ric:build-windows
ric:update-deploy
ric:fix-check-update
ric:env2
ric:fix-234
ric:env-follow-up
ric:child-process-async
ric:sort
ric:reset-password
ric:healthcheck
ric:arm-runner
ric:fix-cpu
ric:urls
ric:websocket
ric:rollout
ric:remove-version
ric:close-terminal
ric:fix-inactive
ric:rebase-discussion-form
ric:docs
ric:improvements
ric:down
ric:check-ts
ric:eslint
ric:release-process
ric:feat-use-monospace-fonts
ric:wip
ric:1.4.2
ric:1.4.1
ric:1.4.0
ric:1.4.0-beta.0
ric:1.3.5
ric:1.3.4
ric:1.3.3
ric:1.3.2
ric:1.3.1
ric:1.3.0
ric:1.2.0
ric:1.1.1
ric:1.1.0
ric:1.0.4
ric:1.0.3
ric:1.0.2
ric:1.0.1
ric:1.0.0

3 commits
035782c5ab ... f63718b1d4

Author SHA1 Message Date
zx
f63718b1d4
Merge 673fb8f8dd into a65a9f5549 2025-01-01 01:45:29 +01:00
zx
673fb8f8dd
refactor: unneeded extra check 2023-11-13 20:58:09 -05:00
zx
52ea324129
fix(security): bypass allowed cmds 2023-11-13 20:50:30 -05:00
1 changed files with 3 additions and 0 deletions
Show stats Expand all files Collapse all files

3
backend/terminal.ts
View file

@ -294,11 +294,14 @@ export class MainTerminal extends InteractiveTerminal {
// Check if the command is allowed // Check if the command is allowed
const cmdParts = input.split(" "); const cmdParts = input.split(" ");
const executable = cmdParts[0].trim(); const executable = cmdParts[0].trim();
const knownOperators = ["||", "&", ";"];
log.debug("console", "Executable: " + executable); log.debug("console", "Executable: " + executable);
log.debug("console", "Executable length: " + executable.length); log.debug("console", "Executable length: " + executable.length);
if (!allowedCommandList.includes(executable)) { if (!allowedCommandList.includes(executable)) {
throw new Error("Command not allowed."); throw new Error("Command not allowed.");
} else if (knownOperators.some(operator => input.includes(operator))) {
throw new Error("Control operators are not allowed.");
} }
super.write(input); super.write(input);
} }