Expose unauthenticated health probe #7

Merged

quentinreytinas merged 1 commit from codex/remove-sh-from-dangerous_commands-tzk1f3 into main

2025-10-28 22:48:51 +01:00

quentinreytinas commented

2025-10-28 22:48:41 +01:00

(Migrated from github.com)

Summary

centralize health check computation to reuse across routes
expose a public /health/public endpoint while keeping /health authenticated and returning 401 without tokens
add tests covering both the authenticated and public health probes

Testing

pytest

https://chatgpt.com/codex/tasks/task_e_69013228a6008332a17492cc7c2cab43

## Summary - centralize health check computation to reuse across routes - expose a public `/health/public` endpoint while keeping `/health` authenticated and returning 401 without tokens - add tests covering both the authenticated and public health probes ## Testing - pytest ------ https://chatgpt.com/codex/tasks/task_e_69013228a6008332a17492cc7c2cab43

chatgpt-codex-connector[bot] (Migrated from github.com) reviewed

2025-10-28 22:51:18 +01:00

chatgpt-codex-connector[bot] (Migrated from github.com) left a comment

💡 Codex Review

github.com/quentinreytinas/borgmatic-api-nextcloud-aio@5c881641e4/borgmatic_api_app/docker.py (L76-L80)
Dangerous command filtering no longer blocks absolute paths

The new blocked computation only flags commands when an argument exactly matches a string from settings.dangerous_commands. This means invoking /bin/rm, /usr/bin/curl, or /bin/bash will no longer be rejected because none of the command tokens are equal to "rm", "curl", or "bash". Previously the substring check caught those forms. Any whitelist entry that allows arbitrary commands but relies on dangerous_commands as a safety net now permits destructive operations simply by calling the absolute path. Consider comparing each token’s basename or performing case-insensitive substring checks so /bin/rm and similar variants remain blocked.

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

Open a pull request for review
Mark a draft as ready
Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

### 💡 Codex Review https://github.com/quentinreytinas/borgmatic-api-nextcloud-aio/blob/5c881641e494bddc080499e0bcb9020b3809fc68/borgmatic_api_app/docker.py#L76-L80 **![P1 Badge](https://img.shields.io/badge/P1-orange?style=flat) Dangerous command filtering no longer blocks absolute paths** The new `blocked` computation only flags commands when an argument exactly matches a string from `settings.dangerous_commands`. This means invoking `/bin/rm`, `/usr/bin/curl`, or `/bin/bash` will no longer be rejected because none of the command tokens are equal to `"rm"`, `"curl"`, or `"bash"`. Previously the substring check caught those forms. Any whitelist entry that allows arbitrary commands but relies on `dangerous_commands` as a safety net now permits destructive operations simply by calling the absolute path. Consider comparing each token’s basename or performing case-insensitive substring checks so `/bin/rm` and similar variants remain blocked. <details> <summary>ℹ️ About Codex in GitHub</summary> [Your team has set up Codex to review pull requests in this repo](http://chatgpt.com/codex/settings/general). Reviews are triggered when you - Open a pull request for review - Mark a draft as ready - Comment "@codex review". If Codex has suggestions, it will comment; otherwise it will react with 👍. Codex can also answer questions or update the PR. Try commenting "@codex address that feedback". </details>