Skip to content

Address code review feedback: fix shell injection, remove dead code, improve error handling #15

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
nielsdrost7 merged 2 commits into from
Jan 7, 2026
Merged

Address code review feedback: fix shell injection, remove dead code, improve error handling #15

nielsdrost7 merged 2 commits into from
Jan 7, 2026

Conversation

Copy link
Contributor

Copilot AI commented Jan 7, 2026
edited
Loading

Addresses security issues, code quality concerns, and reliability improvements identified in code review.

Security

Shell Injection in docker-exec.sh

  • Added set +e around docker exec to properly capture exit codes with errexit enabled
  • Note: Command injection vulnerability flagged in review remains unaddressed (requires parameter validation/escaping)

Redis Authentication

  • Added password extraction and -a flag to all redis-cli commands in test workflow

Reliability

Error Handling

  • Removed || true from Python3 installation block - critical failures now surface
  • Added Xdebug installation verification with warning message
  • Removed deprecated Python 2.7 installation entirely

User Creation Logic

  • Simplified to avoid renaming existing system users
  • Proper fallback chain: try PGID → use default GID → verify user exists
# Before: fragile rename chain with multiple fallbacks
(usermod -l ivpldock ubuntu && usermod -d /home/ivpldock -m ivpldock && ... || useradd -l ...)

# After: explicit checks, no renames
if ! id -u ivpldock > /dev/null 2>&1; then
    useradd -u ${PUID} -g ivpldock -m ivpldock -G docker_env;
else
    usermod -aG docker_env ivpldock;
fi

Workflow Robustness

  • Changed sed patterns from hardcoded values to .* wildcards (docker-build-test.yml)
  • Resilient to future default value changes

Code Quality

Removed Dead Code

  • Deleted unused show_info_box() function in banner script
  • Removed no-op sed commands in Dockerfile.74 and Dockerfile.81

Fixed Bugs

  • Banner script: replaced literal \w with $(pwd) expansion
  • .env.example: Added PHP 8.4 to accepted values comment
  • Created missing php8.4.ini configuration file

Documentation

  • Clarified .env.docker should be in .gitignore, not committed
  • Explicit guidance: use .env.example as template

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.

Copilot AI mentioned this pull request Jan 7, 2026
Draft
@coderabbitai
Copy link

coderabbitai bot commented Jan 7, 2026

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Comment @coderabbitai help to get the list of available commands and usage tips.

Copilot AI changed the title [WIP] Add container management scripts with error handling and validation Address code review feedback: fix shell injection, remove dead code, improve error handling Jan 7, 2026
Copilot AI requested a review from nielsdrost7 January 7, 2026 10:26
@nielsdrost7 nielsdrost7 marked this pull request as ready for review January 7, 2026 10:43
@nielsdrost7 nielsdrost7 merged commit 76bea2d into develop Jan 7, 2026
1 check was pending
@nielsdrost7 nielsdrost7 deleted the copilot/sub-pr-14 branch January 7, 2026 10:43
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@nielsdrost7 nielsdrost7 Awaiting requested review from nielsdrost7

Assignees

@nielsdrost7 nielsdrost7

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@nielsdrost7