Dokploy/dokploy
1
0
Fork 0
mirror of https://github.com/Dokploy/dokploy.git synced 2026-06-24 00:25:27 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #3529 from Dokploy/fix/prevent-send-malicious-bash

Browse Source 
fix(wss): add container ID validation to enhance security in WebSocke…
This commit is contained in:
Mauricio Siu
2026-01-27 09:21:06 -06:00
committed by GitHub
parent 6fdb2e4a21 24c1c2a377
commit f3bb56910a
1 changed files with 7 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
apps/dokploy/server/wss/docker-container-logs.ts
View File

@@ -3,7 +3,7 @@ import { findServerById, IS_CLOUD, validateRequest } from "@dokploy/server";
import { spawn } from "node-pty";
import { Client } from "ssh2";
import { WebSocketServer } from "ws";
import { getShell } from "./utils";
import { getShell, isValidContainerId } from "./utils";
export const setupDockerContainerLogsWebSocketServer = (
server: http.Server<typeof http.IncomingMessage, typeof http.ServerResponse>,
@@ -42,6 +42,12 @@ export const setupDockerContainerLogsWebSocketServer = (
return;
}
// Security: Validate containerId to prevent command injection
if (!isValidContainerId(containerId)) {
ws.close(4000, "Invalid container ID format");
return;
}
if (!user || !session) {
ws.close();
return;