GTEdgeAI/gt-ai-os-community
3
0
Fork 0
Code Issues Packages Releases Wiki Activity
Files
main
gt-ai-os-community/scripts/postgresql/admin-entrypoint-wrapper.sh
HackWeasel b9dfb86260 GT AI OS Community Edition v2.0.33 
Security hardening release addressing CodeQL and Dependabot alerts:

- Fix stack trace exposure in error responses
- Add SSRF protection with DNS resolution checking
- Implement proper URL hostname validation (replaces substring matching)
- Add centralized path sanitization to prevent path traversal
- Fix ReDoS vulnerability in email validation regex
- Improve HTML sanitization in validation utilities
- Fix capability wildcard matching in auth utilities
- Update glob dependency to address CVE
- Add CodeQL suppression comments for verified false positives

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2025-12-12 17:04:45 -05:00

45 lines
1.6 KiB
Bash
Executable File
Raw Permalink Blame History

#!/bin/bash
# GT 2.0 Admin PostgreSQL Custom Entrypoint
# Ensures postgres user password is synced from environment variable on every startup
set -e
echo "🔧 GT 2.0 Admin PostgreSQL Startup..."
# Function to update postgres user password from environment variable
update_postgres_password() {
echo "🔐 Syncing postgres user password from environment..."
# Update postgres superuser password if POSTGRES_PASSWORD is set
if [ -n "$POSTGRES_PASSWORD" ]; then
psql -U postgres -d gt2_admin -c "ALTER USER postgres WITH PASSWORD '$POSTGRES_PASSWORD';" >/dev/null 2>&1 && \
echo "✅ Updated postgres user password" || \
echo "⚠️ Could not update postgres password (database may not be ready yet)"
fi
# Also update gt2_admin if it exists and ADMIN_USER_PASSWORD is set
if [ -n "$ADMIN_USER_PASSWORD" ]; then
psql -U postgres -d gt2_admin -c "ALTER USER gt2_admin WITH PASSWORD '$ADMIN_USER_PASSWORD';" >/dev/null 2>&1 && \
echo "✅ Updated gt2_admin user password" || \
echo "⚠️ Could not update gt2_admin password (user may not exist yet)"
fi
}
# Function to configure after PostgreSQL starts
configure_after_start() {
sleep 5 # Wait for PostgreSQL to fully start
# Update passwords from environment variables if PostgreSQL is running
if pg_isready -U postgres >/dev/null 2>&1; then
update_postgres_password
fi
}
# Configure after PostgreSQL starts (in background)
configure_after_start &
echo "🚀 Starting Admin PostgreSQL..."
# Call the original PostgreSQL entrypoint
exec docker-entrypoint.sh "$@"
View Git Blame Copy Permalink