fix(security): sanitize newlines in health check commands to prevent RCE (#8898)

This commit is contained in:
Andras Bacsai 2026-03-11 08:57:38 +01:00 committed by GitHub
commit b817ed97c1
No known key found for this signature in database
GPG key ID: B5690EEEBB952194

View file

@ -2777,9 +2777,10 @@ class ApplicationDeploymentJob implements ShouldBeEncrypted, ShouldQueue
{ {
// Handle CMD type healthcheck // Handle CMD type healthcheck
if ($this->application->health_check_type === 'cmd' && ! empty($this->application->health_check_command)) { if ($this->application->health_check_type === 'cmd' && ! empty($this->application->health_check_command)) {
$this->full_healthcheck_url = $this->application->health_check_command; $command = str_replace(["\r\n", "\r", "\n"], ' ', $this->application->health_check_command);
$this->full_healthcheck_url = $command;
return $this->application->health_check_command; return $command;
} }
// HTTP type healthcheck (default) // HTTP type healthcheck (default)