Canary backup

[SeanAkin]

Synk fork with Project

Greptile Summary

This PR adds registry-aware Docker provider configuration: users can now select a configured registry and browse its images and tags via searchable comboboxes, instead of typing image references manually. It also introduces safeDockerLoginCommand to prevent shell injection during docker login and wires up rollback-registry push support in the cluster upload path.

• P1 – command injection in upload.ts: getRegistryCommands still uses the old unsafe echo \"${registry.password}\" | docker login … pattern. safeDockerLoginCommand was introduced in this PR and applied to docker.ts but not to upload.ts; a registry password with \" or $(…) can execute arbitrary shell code on the host.

Confidence Score: 4/5

Do not merge until the command injection in getRegistryCommands is fixed; all other changes look solid.

One P1 security finding blocks merge: the registry password is interpolated unescaped into a shell command in upload.ts, enabling command injection for any registry whose password contains shell metacharacters. The fix is straightforward — use the safeDockerLoginCommand helper already introduced in this PR. All other changes look correct and safe.

packages/server/src/utils/cluster/upload.ts — getRegistryCommands needs to use safeDockerLoginCommand.

Security Review

• Command injection (packages/server/src/utils/cluster/upload.ts, getRegistryCommands): registry.password is interpolated unescaped into a double-quoted shell string. A password containing ", `, or $(…) can break out of the quoted context. safeDockerLoginCommand was introduced in this same PR and correctly applied in docker.ts, but was not applied to upload.ts.

Comments Outside Diff (1)

1. packages/server/src/utils/cluster/upload.ts, line 119-136 (link)

   Unescaped registry password in shell command — command injection

   registry.password is interpolated inside a double-quoted shell string. A password containing ", `, or $(…) can break out of the string and execute arbitrary commands on the host. This PR introduced safeDockerLoginCommand in registry.ts and correctly applied it in docker.ts, but the same fix was not applied here.

   You also need to add the import at the top of the file:

   import { safeDockerLoginCommand } from "../../services/registry";

_{Reviews (1): Last reviewed commit: "Merge branch 'Dokploy:canary' into canar..." | Re-trigger Greptile}

Greptile also left 1 inline comment on this PR.

[greptile-apps]

Image search input not cleared on selection

When a user selects an image from the combobox, imageSearchInput is left with the previous search term. The next time the popover is opened, it shows a stale query rather than an empty search box. Consider resetting it alongside the tag state by adding setImageSearchInput("") in the onSelect handler.