Fix 8 code-review findings: security + reliability

1. agent.py: shell allow-check reads cfg, not server payload (RCE fix)
2. webhook.php: move WEBHOOK_SECRET to gitignored config.php; rotate secret
3. agent.py: replace recursive main() with while loop (RecursionError fix)
4. jarvis-deploy.sh: push force-revert to GitHub on syntax fail (loop fix)
5. agent.py: self_update() verifies SHA-256 before exec (integrity fix)
6. agent.php: remove JARVIS_IP from browser-action bypass (auth fix)
7. jarvis-watchdog.sh: escape SQL vars in alert() to prevent injection
8. jarvis-deploy.sh: atomic mv instead of cat+truncate (TOCTOU fix)

Also: distribute jarvis-agent.py.sha256 alongside agent for integrity checks
This commit is contained in:
2026-05-25 14:27:27 +00:00
parent 45fef11785
commit ecbc2e09a5
7 changed files with 99 additions and 27 deletions
+8 -1
View File
@@ -3,9 +3,16 @@
* GitHub Auto-Deploy Webhook
* Verifies GitHub HMAC signature, then queues the repo for git pull.
* A root cron job (/usr/local/bin/jarvis-deploy.sh) processes the queue every minute.
*
* WEBHOOK_SECRET is loaded from api/config.php (gitignored) — never hardcoded here.
*/
define('WEBHOOK_SECRET', '8a8c50c83d37527bdef876f1736b654235724a1a475cb8e5');
require_once __DIR__ . '/../../api/config.php';
if (!defined('WEBHOOK_SECRET')) {
http_response_code(500);
echo json_encode(['error' => 'Webhook not configured']);
exit;
}
define('DEPLOY_QUEUE', '/tmp/jarvis-deploy-queue.txt');
define('DEPLOY_LOG', '/home/jarvis.orbishosting.com/logs/deploy.log');