From 1928ef5c2e6f4c9167f12f5f1fe417f2641096bc Mon Sep 17 00:00:00 2001
From: Will Moss <will@adriel.solutions>
Date: Mon, 19 Aug 2024 00:36:04 +0700
Subject: [PATCH] fix(security): added a check to allow only docker run
 commands in edit container feature

---
 app/server/server/containers.go | 18 ++++++++++++++++--
 1 file changed, 16 insertions(+), 2 deletions(-)

diff --git a/app/server/server/containers.go b/app/server/server/containers.go
index 1d4c462..1d2d407 100644
--- a/app/server/server/containers.go
+++ b/app/server/server/containers.go
@@ -384,7 +384,7 @@ func (Containers) RunCommand(server *Server, session _session.GenericSession, co
 					},
 				}),
 			)
-			return
+			break
 		}
 
 		var container resources.Container
@@ -425,12 +425,26 @@ func (Containers) RunCommand(server *Server, session _session.GenericSession, co
 					},
 				}),
 			)
-			return
+			break
 		}
 
 		var container resources.Container
 		mapstructure.Decode(command.Args["Resource"], &container)
 
+		newCommand := command.Args["Content"].(string)
+		if !strings.HasPrefix(newCommand, "docker run") {
+			server.SendNotification(
+				session,
+				ui.NotificationError(ui.NP{
+					Content: ui.JSON{
+						"Message": "For your own security, you can only run a \"docker run\" command." +
+							" Please make sure that your command starts, indeed, with \"docker run\"",
+					},
+				}),
+			)
+			break
+		}
+
 		task := process.LongTask{
 			Function: container.Edit,
 			Args:     command.Args, // Expects : { "Content": <string> }