scanash.com / boop.cat
The codebase that powers boop.cat boop.cat
13
fork

Configure Feed

Select the types of activity you want to include in your feed.

fix git parsing in frontend and add validation to custom build commands

scanash.com 9fc2930c f1a65470

+53 -4
+46
backend-go/deploy/build.go
··· 6 6 7 7 import ( 8 8 "context" 9 + "errors" 9 10 "fmt" 10 11 "os" 11 12 "os/exec" 12 13 "path/filepath" 14 + "strings" 13 15 ) 16 + 17 + func validateBuildCommand(cmd string) error { 18 + cmd = strings.TrimSpace(cmd) 19 + if cmd == "" { 20 + return nil 21 + } 22 + 23 + dangerousMap := []string{ 24 + "&", "|", ";", ">", "<", "`", "$(", 25 + } 26 + for _, char := range dangerousMap { 27 + if strings.Contains(cmd, char) { 28 + return fmt.Errorf("command contains forbidden character: %s", char) 29 + } 30 + } 31 + 32 + allowedPrefixes := []string{ 33 + "npm ", "yarn ", "pnpm ", "bun ", "npx ", "node ", 34 + } 35 + isAllowed := false 36 + for _, p := range allowedPrefixes { 37 + if strings.HasPrefix(cmd, p) { 38 + isAllowed = true 39 + break 40 + } 41 + } 42 + if !isAllowed { 43 + return errors.New("command must start with npm, yarn, pnpm, bun, npx, or node") 44 + } 45 + 46 + forbiddenKeywords := []string{ 47 + " start", " dev", " serve", " preview", " watch", 48 + } 49 + for _, kw := range forbiddenKeywords { 50 + if strings.Contains(cmd, kw) { 51 + return fmt.Errorf("command looks like a runtime server (contains '%s'), only build commands are allowed", strings.TrimSpace(kw)) 52 + } 53 + } 54 + 55 + return nil 56 + } 14 57 15 58 func fileExists(path string) bool { 16 59 _, err := os.Stat(path) ··· 130 173 } 131 174 132 175 if customCommand != "" { 176 + if err := validateBuildCommand(customCommand); err != nil { 177 + return "", fmt.Errorf("invalid build command: %w", err) 178 + } 133 179 if b.Logger != nil { 134 180 b.Logger(fmt.Sprintf("Running custom build command: %s\n", customCommand)) 135 181 }
+4 -1
client/src/pages/DashboardLayout.jsx
··· 152 152 <div className="sidebarProjectInfo"> 153 153 <span className="sidebarProjectName">{s.name}</span> 154 154 <span className="sidebarProjectUrl"> 155 - {s.domain || s.git?.url?.replace('https://github.com/', '') || ''} 155 + {s.domain || 156 + s.gitUrl?.replace('https://github.com/', '') || 157 + s.git?.url?.replace('https://github.com/', '') || 158 + ''} 156 159 </span> 157 160 </div> 158 161 </Link>
+3 -3
client/src/pages/DashboardSite.jsx
··· 438 438 setEnvDraft(site.envText || ''); 439 439 setSettingsDraft({ 440 440 name: site.name || '', 441 - gitUrl: site.git?.url || '', 442 - branch: site.git?.branch || 'main', 443 - subdir: site.git?.subdir || '', 441 + gitUrl: site.gitUrl || site.git?.url || '', 442 + branch: site.gitBranch || site.git?.branch || 'main', 443 + subdir: site.gitSubdir || site.git?.subdir || '', 444 444 domain: edgeOnly ? toEdgeLabel(site.domain || '') : site.domain || '', 445 445 buildCommand: site.buildCommand || '', 446 446 outputDir: site.outputDir || ''