fix: monthly security scan — fix shell injection and add RPC body limit (MAINT-02)
- Replace sh -c echo with tokio::fs::write for bitcoin.conf generation - Add client_max_body_size 1m to /rpc/ in both HTTP and HTTPS nginx blocks - Document full audit findings in docs/security-audit-2026-03-11.md Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
@@ -113,6 +113,9 @@ server {
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
# Connection header managed by nginx default
|
||||
|
||||
# Limit request body to 1MB for RPC calls
|
||||
client_max_body_size 1m;
|
||||
|
||||
# Increase timeout for long-running operations (e.g., Docker image pulls)
|
||||
proxy_connect_timeout 600s;
|
||||
proxy_send_timeout 600s;
|
||||
@@ -518,6 +521,10 @@ server {
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
# Connection header managed by nginx default
|
||||
|
||||
# Limit request body to 1MB for RPC calls
|
||||
client_max_body_size 1m;
|
||||
|
||||
proxy_connect_timeout 600s;
|
||||
proxy_send_timeout 600s;
|
||||
proxy_read_timeout 600s;
|
||||
|
||||
Reference in New Issue
Block a user