myron
|
ecbc2e09a5
|
Fix 8 code-review findings: security + reliability
1. agent.py: shell allow-check reads cfg, not server payload (RCE fix)
2. webhook.php: move WEBHOOK_SECRET to gitignored config.php; rotate secret
3. agent.py: replace recursive main() with while loop (RecursionError fix)
4. jarvis-deploy.sh: push force-revert to GitHub on syntax fail (loop fix)
5. agent.py: self_update() verifies SHA-256 before exec (integrity fix)
6. agent.php: remove JARVIS_IP from browser-action bypass (auth fix)
7. jarvis-watchdog.sh: escape SQL vars in alert() to prevent injection
8. jarvis-deploy.sh: atomic mv instead of cat+truncate (TOCTOU fix)
Also: distribute jarvis-agent.py.sha256 alongside agent for integrity checks
|
2026-05-25 14:27:27 +00:00 |
|
myron
|
d3156b98b3
|
Add DB schema, agent script, vhost config, deploy cron
- db/schema.sql: full jarvis_db schema (15 tables)
- agent/jarvis-agent.py: production agent script
- config/vhost/: OpenLiteSpeed vhost configuration
- deploy/jarvis-agent.service: systemd unit
- deploy/cron-jarvis.txt: JARVIS cron entries
- .gitignore: exclude system dirs and logs
|
2026-05-25 13:51:12 +00:00 |
|