feat: add hard-coded allowed script paths, for security reasons

apps/demo-nextjs-app-router/api_scripts/hello_test.sh

@@ -0,0 +1,3 @@
+#!/bin/bash
+echo "Script executed with args: $1 $2"
+echo "Current time: $(date)"

apps/demo-nextjs-app-router/api_scripts/video_add_watermark.sh

@@ -0,0 +1,4 @@
+#!/bin/bash
+echo "Script executed with args: $1 $2"
+echo "Current time: $(date)"
+echo "Current directory: $(pwd)"

apps/demo-nextjs-app-router/services/bashExecService.ts

@@ -24,6 +24,22 @@ export async function executeScript(
   params: ScriptParams,
 ): Promise<ScriptResult> {
   // Add the script execution to the queue
+
+  // hardcoded the allowed script path for security reasons
+  var allowedScriptPaths = [
+    "/tmp/api_scripts/hello_test.sh",
+    "/tmp/api_scripts/video_add_watermark.sh",
+  ];
+
+  if (!allowedScriptPaths.includes(params.scriptPath)) {
+    return {
+      success: false,
+      stdout: "",
+      stderr: "",
+      error: "Script path is not allowed",
+    };
+  }
+
   const result = await scriptQueue.add(async () => {
     try {
       // Execute the bash script

apps/demo-nextjs-app-router/startup.sh

@@ -8,6 +8,8 @@ SCRIPT_DIR="$(dirname "$SCRIPT_PATH")"
 # Set project directory
 PROJECT_DIR="$SCRIPT_DIR"
 
+cp -rv "$PROJECT_DIR/api_scripts" /tmp/
+
 LOG_FILE="$PROJECT_DIR/startup.log"
 
 # Function to log messages