alihan/isaiah
1
0
Fork 0
mirror of https://github.com/will-moss/isaiah.git synced 2024-08-22 23:27:15 +03:00
Code Issues Packages Projects Releases Wiki Activity

fix(security): added a check to allow only docker run commands in edit container feature

Browse Source
This commit is contained in:
Will Moss
2024-08-19 00:36:04 +07:00
parent 643260752b
commit 1928ef5c2e
1 changed files with 16 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
app/server/server/containers.go
View File

@@ -384,7 +384,7 @@ func (Containers) RunCommand(server *Server, session _session.GenericSession, co
}, },
}), }),
) )
return break
} }
var container resources.Container var container resources.Container
@@ -425,12 +425,26 @@ func (Containers) RunCommand(server *Server, session _session.GenericSession, co
}, },
}), }),
) )
return break
} }
var container resources.Container var container resources.Container
mapstructure.Decode(command.Args["Resource"], &container) mapstructure.Decode(command.Args["Resource"], &container)
newCommand := command.Args["Content"].(string)
if !strings.HasPrefix(newCommand, "docker run") {
server.SendNotification(
session,
ui.NotificationError(ui.NP{
Content: ui.JSON{
"Message": "For your own security, you can only run a \"docker run\" command." +
" Please make sure that your command starts, indeed, with \"docker run\"",
},
}),
)
break
}
task := process.LongTask{ task := process.LongTask{
Function: container.Edit, Function: container.Edit,
Args: command.Args, // Expects : { "Content": <string> } Args: command.Args, // Expects : { "Content": <string> }