fix: monthly security scan — fix shell injection and add RPC body limit (MAINT-02)

- Replace sh -c echo with tokio::fs::write for bitcoin.conf generation
- Add client_max_body_size 1m to /rpc/ in both HTTP and HTTPS nginx blocks
- Document full audit findings in docs/security-audit-2026-03-11.md

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Dorian
2026-03-11 18:09:16 +00:00
parent 6700152416
commit 1505b1b1cc
4 changed files with 60 additions and 5 deletions

View File

@@ -305,10 +305,8 @@ rpcallowip=0.0.0.0/0\n\
rpcport=8332\n\
listen=1\n\
printtoconsole=1\n";
let _ = tokio::process::Command::new("sudo")
.args(["sh", "-c", &format!("echo '{}' > {}", bitcoin_conf, conf_path)])
.output()
.await;
let _ = tokio::fs::create_dir_all(bitcoin_dir).await;
let _ = tokio::fs::write(&conf_path, bitcoin_conf).await;
info!("Created bitcoin.conf at {} with RPC + txindex enabled", conf_path);
}