f81e839ba2
- validate instance names at the host lib and web boundary against
[a-z0-9][a-z0-9_-]{0,63} to prevent path traversal via Server.name
- fail-closed on SECRET_KEY: load_config returns None when env unset,
create_app raises if missing or "dev" outside TESTING
- close login timing oracle by hashing a dummy digest when the user
is not found, equalizing response time
- set SESSION_COOKIE_SECURE outside TESTING
- delete_instance tolerates stop_service and fusermount3 failures so
partially-initialized instances clean up without contract breaks;
drops the is_mount() preflight that violated AGENTS.md
- document claim_next_job's single-process assumption
- clarify emit_step contract via docstring
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
26 lines
865 B
Python
26 lines
865 B
Python
import re
|
|
|
|
|
|
_INSTANCE_NAME_RE = re.compile(r"^[a-z0-9][a-z0-9_-]{0,63}$")
|
|
|
|
|
|
def validate_instance_name(raw: str) -> str:
|
|
if not _INSTANCE_NAME_RE.fullmatch(raw):
|
|
raise ValueError(
|
|
"instance name must match [a-z0-9][a-z0-9_-]{0,63}"
|
|
)
|
|
return raw
|
|
|
|
|
|
def validate_overlay_ref(raw: str) -> str:
|
|
if raw != raw.strip():
|
|
raise ValueError("overlay ref must not have leading or trailing whitespace")
|
|
if not raw:
|
|
raise ValueError("overlay ref must not be empty")
|
|
if "\\" in raw:
|
|
raise ValueError("overlay ref must use forward slashes")
|
|
if raw.startswith("/"):
|
|
raise ValueError("overlay ref must be relative")
|
|
if any(component in {"", ".", ".."} for component in raw.split("/")):
|
|
raise ValueError("overlay ref must not contain empty, current, or parent components")
|
|
return raw
|