fix: address security issues and improve Docker implementation

Security Fixes: - Add command injection prevention in n8n-mcp wrapper with whitelist validation - Fix race condition in database initialization with proper lock directory creation - Add flock availability check with fallback behavior - Implement comprehensive input sanitization in parse-config.js Improvements: - Add debug logging support to parse-config.js (DEBUG_CONFIG=true) - Improve test cleanup error handling with proper error tracking - Increase integration test timeouts for CI compatibility - Update test assertions to check environment variables instead of processes All critical security vulnerabilities identified by code review have been addressed. 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
2025-07-31 13:04:25 +02:00
parent 903a49d3b0
commit 71cd20bf95
6 changed files with 127 additions and 39 deletions
--- a/docker/docker-entrypoint.sh
+++ b/docker/docker-entrypoint.sh
@@ -54,10 +54,27 @@ fi
 # Database initialization with file locking to prevent race conditions
 if [ ! -f "$DB_PATH" ]; then
    log_message "Database not found at $DB_PATH. Initializing..."
-    # Use a lock file to prevent multiple containers from initializing simultaneously
-    (
-        flock -x 200
-        # Double-check inside the lock
+    
+    # Ensure lock directory exists before attempting to create lock
+    mkdir -p "$DB_DIR"
+    
+    # Check if flock is available
+    if command -v flock >/dev/null 2>&1; then
+        # Use a lock file to prevent multiple containers from initializing simultaneously
+        (
+            flock -x 200
+            # Double-check inside the lock
+            if [ ! -f "$DB_PATH" ]; then
+                log_message "Initializing database at $DB_PATH..."
+                cd /app && NODE_DB_PATH="$DB_PATH" node dist/scripts/rebuild.js || {
+                    log_message "ERROR: Database initialization failed" >&2
+                    exit 1
+                }
+            fi
+        ) 200>"$DB_DIR/.db.lock"
+    else
+        # Fallback without locking (log warning)
+        log_message "WARNING: flock not available, database initialization may have race conditions"
        if [ ! -f "$DB_PATH" ]; then
            log_message "Initializing database at $DB_PATH..."
            cd /app && NODE_DB_PATH="$DB_PATH" node dist/scripts/rebuild.js || {
@@ -65,7 +82,7 @@ if [ ! -f "$DB_PATH" ]; then
                exit 1
            }
        fi
-    ) 200>"$DB_DIR/.db.lock"
+    fi
 fi

 # Fix permissions if running as root (for development)