chore: copilot fix

Annonnymmousss · Annonnymmousss · commit f4bba32b16af · 2026-04-08T15:33:16.000+05:30
diff --git a/src/backend/health-api.ts b/src/backend/health-api.ts
@@ -6,7 +6,7 @@ import {
     type TimeStep,
     type TimeRange,
 } from "./utils/container-health.ts";
-import { restartContainer, stopContainer, getRestartCount, getStopCount } from "./utils/auto-restart.ts";
+import { restartContainer, stopContainer, getRestartCount, getStopCount, validateContainerName } from "./utils/auto-restart.ts";
 import { getMonitorStatus, triggerHealthCheck } from "./health-monitor.ts";
 import { checkJWT } from "./utils/jwt.ts";
 
@@ -127,6 +127,12 @@ export async function getHealthDashboard(ctx: Context): Promise<void> {
 
 export async function restartContainerHandler(ctx: Context): Promise<void> {
     const subdomain = ctx.params.subdomain;
+    let safeSubdomain = "";
+    try {
+        safeSubdomain = validateContainerName(subdomain);
+    } catch {
+        ctx.throw(400, "Invalid container identifier");
+    }
 
     const body = await ctx.request.body().value;
     let document;
@@ -145,24 +151,31 @@ export async function restartContainerHandler(ctx: Context): Promise<void> {
     }
 
     try {
-        await restartContainer(subdomain);
+        await restartContainer(safeSubdomain);
 
 
         ctx.response.body = {
             status: "success",
-            message: `Container ${subdomain} restart initiated`,
+            message: `Container ${safeSubdomain} restart initiated`,
         };
     } catch (error) {
+        console.error(`Failed to restart container ${safeSubdomain}`, error);
         ctx.response.status = 500;
         ctx.response.body = {
             status: "error",
-            message: `Failed to restart ${subdomain}: ${error}`,
+            message: `Failed to restart ${safeSubdomain}`,
         };
     }
 }
 
 export async function stopContainerHandler(ctx: Context): Promise<void> {
     const subdomain = ctx.params.subdomain;
+    let safeSubdomain = "";
+    try {
+        safeSubdomain = validateContainerName(subdomain);
+    } catch {
+        ctx.throw(400, "Invalid container identifier");
+    }
 
     const body = await ctx.request.body().value;
     let document;
@@ -181,18 +194,19 @@ export async function stopContainerHandler(ctx: Context): Promise<void> {
     }
 
     try {
-        await stopContainer(subdomain);
+        await stopContainer(safeSubdomain);
 
 
         ctx.response.body = {
             status: "success",
-            message: `Container ${subdomain} stop initiated`,
+            message: `Container ${safeSubdomain} stop initiated`,
         };
     } catch (error) {
+        console.error(`Failed to stop container ${safeSubdomain}`, error);
         ctx.response.status = 500;
         ctx.response.body = {
             status: "error",
-            message: `Failed to stop ${subdomain}: ${error}`,
+            message: `Failed to stop ${safeSubdomain}`,
         };
     }
 }
diff --git a/src/backend/shell_scripts/restart.sh b/src/backend/shell_scripts/restart.sh
@@ -10,18 +10,23 @@ fi
 
 arg1=$1
 
+if [[ ! "$arg1" =~ ^[a-zA-Z0-9_.-]+$ ]]; then
+    echo "Error: Invalid container name '$arg1'. Allowed characters: letters, digits, '.', '-', '_'." >&2
+    exit 1
+fi
+
 echo "Restarting... $arg1"
 
-sudo docker restart $arg1
+sudo docker restart -- "$arg1"
 
 # Re-enable nginx routing (check for .conf suffix)
 if [ ! -L "/etc/nginx/sites-enabled/$arg1.conf" ] && [ ! -f "/etc/nginx/sites-enabled/$arg1.conf" ] && [ -f "/etc/nginx/sites-available/$arg1.conf" ]; then
-    sudo ln -s /etc/nginx/sites-available/$arg1.conf /etc/nginx/sites-enabled/$arg1.conf
+    sudo ln -s -- "/etc/nginx/sites-available/$arg1.conf" "/etc/nginx/sites-enabled/$arg1.conf"
 fi
 
 # Re-enable nginx routing (check for no suffix)
 if [ ! -L "/etc/nginx/sites-enabled/$arg1" ] && [ ! -f "/etc/nginx/sites-enabled/$arg1" ] && [ -f "/etc/nginx/sites-available/$arg1" ]; then
-    sudo ln -s /etc/nginx/sites-available/$arg1 /etc/nginx/sites-enabled/$arg1
+    sudo ln -s -- "/etc/nginx/sites-available/$arg1" "/etc/nginx/sites-enabled/$arg1"
 fi
 
 sudo systemctl reload nginx
diff --git a/src/backend/shell_scripts/stop.sh b/src/backend/shell_scripts/stop.sh
@@ -10,17 +10,22 @@ fi
 
 arg1=$1
 
+if [[ ! "$arg1" =~ ^[a-zA-Z0-9_.-]+$ ]]; then
+    echo "Error: Invalid container name '$arg1'. Allowed characters: letters, digits, '.', '-', '_'." >&2
+    exit 1
+fi
+
 echo "Stopping... $arg1"
 
-sudo docker stop $arg1
+sudo docker stop -- "$arg1"
 
 # Disable nginx routing for this domain so it doesn't return 502
 if [ -L "/etc/nginx/sites-enabled/$arg1.conf" ] || [ -f "/etc/nginx/sites-enabled/$arg1.conf" ]; then
-    sudo rm /etc/nginx/sites-enabled/$arg1.conf
+    sudo rm -- "/etc/nginx/sites-enabled/$arg1.conf"
 fi
 
 if [ -L "/etc/nginx/sites-enabled/$arg1" ] || [ -f "/etc/nginx/sites-enabled/$arg1" ]; then
-    sudo rm /etc/nginx/sites-enabled/$arg1
+    sudo rm -- "/etc/nginx/sites-enabled/$arg1"
 fi
 
 sudo systemctl reload nginx
diff --git a/src/backend/tests/container-health.test.ts b/src/backend/tests/container-health.test.ts
@@ -4,6 +4,14 @@ import {
     assert,
     assertThrows,
 } from "https://deno.land/std@0.208.0/assert/mod.ts";
+import {
+    getRestartCount,
+    getStopCount,
+    restartContainer,
+    stopContainer,
+    resetContainerActionStatsForTest,
+    setCommandExecutorForTest,
+} from "../utils/auto-restart.ts";
 
 type ContainerStatus = 'running' | 'exited' | 'paused' | 'unhealthy' | 'unknown';
 type TimeStep = '1s' | '15s' | '1m' | '5m' | '1h' | '1d';
@@ -623,105 +631,93 @@ Deno.test("TIME_RANGE_PRESETS - all presets defined", () => {
 });
 
 Deno.test("getRestartCount - returns 0 for unknown container", () => {
-    const restartCounts = new Map<string, { count: number; lastRestart: Date }>();
-
-    const getRestartCount = (containerName: string): number => {
-        return restartCounts.get(containerName)?.count || 0;
-    };
+    resetContainerActionStatsForTest();
 
     assertEquals(getRestartCount("unknown-container"), 0);
 });
 
-Deno.test("getRestartCount - returns correct count", () => {
-    const restartCounts = new Map<string, { count: number; lastRestart: Date }>();
-    restartCounts.set("test-container", { count: 3, lastRestart: new Date() });
+Deno.test("getRestartCount - returns correct count", async () => {
+    resetContainerActionStatsForTest();
+    setCommandExecutorForTest(async () => {});
 
-    const getRestartCount = (containerName: string): number => {
-        return restartCounts.get(containerName)?.count || 0;
-    };
+    try {
+        await restartContainer("test-container");
+        await restartContainer("test-container");
+        await restartContainer("test-container");
+    } finally {
+        setCommandExecutorForTest(null);
+    }
 
     assertEquals(getRestartCount("test-container"), 3);
 });
 
-Deno.test("getRestartCount - tracks multiple containers separately", () => {
-    const restartCounts = new Map<string, { count: number; lastRestart: Date }>();
-    restartCounts.set("container-a", { count: 2, lastRestart: new Date() });
-    restartCounts.set("container-b", { count: 5, lastRestart: new Date() });
+Deno.test("getRestartCount - tracks multiple containers separately", async () => {
+    resetContainerActionStatsForTest();
+    setCommandExecutorForTest(async () => {});
 
-    const getRestartCount = (containerName: string): number => {
-        return restartCounts.get(containerName)?.count || 0;
-    };
+    try {
+        await restartContainer("container-a");
+        await restartContainer("container-a");
+        await restartContainer("container-b");
+        await restartContainer("container-b");
+        await restartContainer("container-b");
+        await restartContainer("container-b");
+        await restartContainer("container-b");
+    } finally {
+        setCommandExecutorForTest(null);
+    }
 
     assertEquals(getRestartCount("container-a"), 2);
     assertEquals(getRestartCount("container-b"), 5);
 });
 
-Deno.test("getStopCount - returns correct count", () => {
-    const stopCounts = new Map<string, { count: number; lastStop: Date }>();
-    stopCounts.set("test-container", { count: 3, lastStop: new Date() });
+Deno.test("getStopCount - returns correct count", async () => {
+    resetContainerActionStatsForTest();
+    setCommandExecutorForTest(async () => {});
 
-    const getStopCount = (containerName: string): number => {
-        return stopCounts.get(containerName)?.count || 0;
-    };
+    try {
+        await stopContainer("test-container");
+        await stopContainer("test-container");
+        await stopContainer("test-container");
+    } finally {
+        setCommandExecutorForTest(null);
+    }
 
     assertEquals(getStopCount("test-container"), 3);
 });
 
 Deno.test("restartContainer - updates restart count", async () => {
-    const restartCounts = new Map<string, { count: number; lastRestart: Date }>();
-    restartCounts.set("test-container", { count: 1, lastRestart: new Date(Date.now() - 10000) });
-
+    resetContainerActionStatsForTest();
     let execCalledWith = "";
-    const mockExec = async (cmd: string) => {
+    setCommandExecutorForTest(async (cmd: string) => {
         execCalledWith = cmd;
-    };
-
-    const restartContainer = async (containerName: string): Promise<void> => {
-        await mockExec(`bash -c "echo 'bash ../../src/backend/shell_scripts/restart.sh ${containerName}' > /hostpipe/pipe"`);
-        const current = restartCounts.get(containerName);
-        restartCounts.set(containerName, {
-            count: (current?.count || 0) + 1,
-            lastRestart: new Date(),
-        });
-    };
+    });
 
-    const before = new Date();
-    await restartContainer("test-container");
-    const after = new Date();
+    try {
+        await restartContainer("test-container");
+    } finally {
+        setCommandExecutorForTest(null);
+    }
 
     assertEquals(execCalledWith, `bash -c "echo 'bash ../../src/backend/shell_scripts/restart.sh test-container' > /hostpipe/pipe"`);
-
-    const stats = restartCounts.get("test-container");
-    assertExists(stats);
-    assertEquals(stats.count, 2);
-    assert(stats.lastRestart.getTime() >= before.getTime() && stats.lastRestart.getTime() <= after.getTime());
+    assertEquals(getRestartCount("test-container"), 1);
 });
 
 Deno.test("stopContainer - updates stop count and calls stop script", async () => {
-    const stopCounts = new Map<string, { count: number; lastStop: Date }>();
+    resetContainerActionStatsForTest();
     let execCalledWith = "";
-    const mockExec = async (cmd: string) => {
+    setCommandExecutorForTest(async (cmd: string) => {
         execCalledWith = cmd;
-    };
-
-    const stopContainer = async (containerName: string): Promise<void> => {
-        await mockExec(`bash -c "echo 'bash ../../src/backend/shell_scripts/stop.sh ${containerName}' > /hostpipe/pipe"`);
-        const current = stopCounts.get(containerName);
-        stopCounts.set(containerName, {
-            count: (current?.count || 0) + 1,
-            lastStop: new Date(),
-        });
-    };
+    });
 
-    const before = new Date();
-    await stopContainer("test-container");
-    const after = new Date();
+    try {
+        await stopContainer("test-container");
+    } finally {
+        setCommandExecutorForTest(null);
+    }
 
     assertEquals(execCalledWith, `bash -c "echo 'bash ../../src/backend/shell_scripts/stop.sh test-container' > /hostpipe/pipe"`);
-    const stats = stopCounts.get("test-container");
-    assertExists(stats);
-    assertEquals(stats.count, 1);
-    assert(stats.lastStop.getTime() >= before.getTime() && stats.lastStop.getTime() <= after.getTime());
+    assertEquals(getStopCount("test-container"), 1);
 });
 
 Deno.test("ContainerStats - validates all required fields", () => {
diff --git a/src/backend/utils/auto-restart.ts b/src/backend/utils/auto-restart.ts
@@ -2,6 +2,36 @@ import { exec } from "../dependencies.ts";
 
 const restartCounts = new Map<string, { count: number; lastRestart: Date }>();
 const stopCounts = new Map<string, { count: number; lastStop: Date }>();
+const SAFE_CONTAINER_NAME_PATTERN = /^[a-zA-Z0-9_.-]+$/;
+
+let execCommand = async (command: string): Promise<void> => {
+    await exec(command);
+};
+
+export function validateContainerName(containerName: string): string {
+    if (!containerName || !SAFE_CONTAINER_NAME_PATTERN.test(containerName)) {
+        throw new Error(`Invalid container name: ${containerName}`);
+    }
+    return containerName;
+}
+
+function buildHostPipeCommand(scriptName: "restart.sh" | "stop.sh", containerName: string): string {
+    const safeName = validateContainerName(containerName);
+    return `bash -c "echo 'bash ../../src/backend/shell_scripts/${scriptName} ${safeName}' > /hostpipe/pipe"`;
+}
+
+export function setCommandExecutorForTest(
+    executor: ((command: string) => Promise<void>) | null,
+): void {
+    execCommand = executor ?? (async (command: string): Promise<void> => {
+        await exec(command);
+    });
+}
+
+export function resetContainerActionStatsForTest(): void {
+    restartCounts.clear();
+    stopCounts.clear();
+}
 
 export function getRestartCount(containerName: string): number {
     return restartCounts.get(containerName)?.count || 0;
@@ -12,36 +42,36 @@ export function getStopCount(containerName: string): number {
 }
 
 export async function restartContainer(containerName: string): Promise<void> {
+    const safeContainerName = validateContainerName(containerName);
+
     try {
-        await exec(
-            `bash -c "echo 'bash ../../src/backend/shell_scripts/restart.sh ${containerName}' > /hostpipe/pipe"`
-        );
+        await execCommand(buildHostPipeCommand("restart.sh", safeContainerName));
 
-        const current = restartCounts.get(containerName);
-        restartCounts.set(containerName, {
+        const current = restartCounts.get(safeContainerName);
+        restartCounts.set(safeContainerName, {
             count: (current?.count || 0) + 1,
             lastRestart: new Date(),
         });
 
     } catch (error) {
-        console.error(`[Auto-Restart] Failed to restart ${containerName}:`, error);
+        console.error(`[Auto-Restart] Failed to restart ${safeContainerName}:`, error);
         throw error;
     }
 }
 
 export async function stopContainer(containerName: string): Promise<void> {
+    const safeContainerName = validateContainerName(containerName);
+
     try {
-        await exec(
-            `bash -c "echo 'bash ../../src/backend/shell_scripts/stop.sh ${containerName}' > /hostpipe/pipe"`
-        );
+        await execCommand(buildHostPipeCommand("stop.sh", safeContainerName));
 
-        const current = stopCounts.get(containerName);
-        stopCounts.set(containerName, {
+        const current = stopCounts.get(safeContainerName);
+        stopCounts.set(safeContainerName, {
             count: (current?.count || 0) + 1,
             lastStop: new Date(),
         });
     } catch (error) {
-        console.error(`Failed to stop ${containerName}:`, error);
+        console.error(`Failed to stop ${safeContainerName}:`, error);
         throw error;
     }
 }
diff --git a/src/frontend/src/components/ContainerHealth.vue b/src/frontend/src/components/ContainerHealth.vue
