Dokploy/dokploy
1
0
Fork 0
mirror of https://github.com/Dokploy/dokploy.git synced 2026-06-15 20:25:23 +02:00
Code Issues Packages Projects Releases Wiki Activity

feat(validation): enhance destination path validation in file upload schema

Browse Source 
- Updated the `destinationPath` field in the upload file schema to include a regex validation, ensuring only alphanumeric characters, dots, dashes, underscores, and forward slashes are allowed.
- Added a corresponding regex check in the `uploadFileToContainer` function to validate the destination path before processing, improving input integrity and preventing errors.
This commit is contained in:
Mauricio Siu
2026-05-09 00:57:12 -06:00
parent a4e2317f3e
commit b9e97eb321
2 changed files with 13 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
packages/server/src/services/docker.ts
View File

@@ -655,6 +655,8 @@ export const getAllContainerStats = async (serverId?: string) => {
}
};
const destinationPathRegex = /^[a-zA-Z0-9.\-_/]+$/;
export const uploadFileToContainer = async (
containerId: string,
fileBuffer: Buffer,
@@ -667,7 +669,10 @@ export const uploadFileToContainer = async (
throw new Error("Invalid container ID");
}
// Ensure destination path starts with /
if (!destinationPathRegex.test(destinationPath)) {
throw new Error("Invalid destination path: shell metacharacters are not allowed");
}
const normalizedPath = destinationPath.startsWith("/")
? destinationPath
: `/${destinationPath}`;