usmannasir b05d9cb5bb Implement comprehensive security for Docker container command execution ...

- Add command whitelist validation with 60+ safe commands
- Implement multi-layer security: whitelist + blacklist + specific rules
- Add rate limiting: max 10 commands per minute per user-container
- Enable comprehensive logging for all command executions
- Add input validation for container names and command syntax
- Implement output size limits to prevent memory exhaustion
- Allow privileged mode but restrict through command validation
- Add specific validation rules for systemctl, kill, wget/curl commands
- Block dangerous patterns: command injection, path traversal, destructive operations
- Maintain ACL-based container ownership verification

2025-09-10 14:23:40 +05:00

65 KiB

Raw Blame History

View Raw