Skip to content

security: No input validation on deployment names or port numbers #57

New issue
New issue
Open
Open
security: No input validation on deployment names or port numbers#57
@nfebe

Description

@nfebe
nfebe
opened on Jan 28, 2026

Problem

Deployment Names

Deployment names are used directly in filesystem paths and compose file generation without validation. A crafted name like ../../../etc could cause path traversal.

Port Numbers

internal/api/server.go (lines ~2231-2242) uses HostPort directly in compose generation:

fmt.Sprintf("ports:\n      - \"%s:%d\"", opts.HostPort, containerPort)

No range check (0-65535), format validation, or privileged port restriction.

Impact

  • Path traversal leading to arbitrary file read/write
  • Invalid port assignments causing failed deployments or privilege escalation

Proposed Fix

// Deployment name validation
var validName = regexp.MustCompile(`^[a-z0-9][a-z0-9_-]{0,49}$`)

// Port validation
func validatePort(port string) error {
    p, err := strconv.Atoi(port)
    if err != nil || p < 1 || p > 65535 {
        return fmt.Errorf("invalid port: %s", port)
    }
    return nil
}

Also reject reserved deployment names (nginx, certbot, agent, etc.).

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions