fix: monthly security scan — fix shell injection and add RPC body limit (MAINT-02)
- Replace sh -c echo with tokio::fs::write for bitcoin.conf generation - Add client_max_body_size 1m to /rpc/ in both HTTP and HTTPS nginx blocks - Document full audit findings in docs/security-audit-2026-03-11.md Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
@@ -305,10 +305,8 @@ rpcallowip=0.0.0.0/0\n\
|
||||
rpcport=8332\n\
|
||||
listen=1\n\
|
||||
printtoconsole=1\n";
|
||||
let _ = tokio::process::Command::new("sudo")
|
||||
.args(["sh", "-c", &format!("echo '{}' > {}", bitcoin_conf, conf_path)])
|
||||
.output()
|
||||
.await;
|
||||
let _ = tokio::fs::create_dir_all(bitcoin_dir).await;
|
||||
let _ = tokio::fs::write(&conf_path, bitcoin_conf).await;
|
||||
info!("Created bitcoin.conf at {} with RPC + txindex enabled", conf_path);
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user