aiolabs/nix-bitcoin
1
0
Fork 0
Code Issues Pull requests Projects Releases 1 Packages Wiki Activity Actions

Fix security vulnerabilities in lamassu module
Some checks failed
nix-bitcoin tests / build_test_drivers (push) Has been cancelled
Details
nix-bitcoin tests / check_flake (push) Has been cancelled
Details
nix-bitcoin tests / test_scenario (default) (push) Has been cancelled
Details
nix-bitcoin tests / test_scenario (joinmarket-bitcoind-29) (push) Has been cancelled
Details
nix-bitcoin tests / test_scenario (netns) (push) Has been cancelled
Details
nix-bitcoin tests / test_scenario (netnsRegtest) (push) Has been cancelled
Details

Browse source 
- Fix SQL injection in PostgreSQL password setup by using psql's
  parameterized variable syntax (:'password') instead of direct
  string interpolation
- Change skip2FA default to false for secure-by-default behavior

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
Patrick Mulligan 2026-01-11 20:03:39 +01:00
parent 6a69fe4672
commit 4d2d65803b
1 changed files with 3 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

6
modules/lamassu-lnbits.nix
View file

@ -128,8 +128,8 @@ in
skip2FA = mkOption { skip2FA = mkOption {
type = types.bool; type = types.bool;
default = true; default = false;
description = "Skip 2FA authentication (useful for initial setup)"; description = "Skip 2FA authentication (only enable for initial setup, then disable)";
}; };
database = { database = {
@ -252,7 +252,7 @@ in
for i in {1..30}; do for i in {1..30}; do
if ${pkgs.postgresql}/bin/psql -tAc "SELECT 1 FROM pg_roles WHERE rolname='${cfg.database.user}'" | grep -q 1; then if ${pkgs.postgresql}/bin/psql -tAc "SELECT 1 FROM pg_roles WHERE rolname='${cfg.database.user}'" | grep -q 1; then
password=$(cat ${secretsDir}/lamassu-db-password) password=$(cat ${secretsDir}/lamassu-db-password)
${pkgs.postgresql}/bin/psql -c "ALTER USER \"${cfg.database.user}\" WITH PASSWORD '$password';" ${pkgs.postgresql}/bin/psql -v password="$password" -c "ALTER USER \"${cfg.database.user}\" WITH PASSWORD :'password';"
exit 0 exit 0
fi fi
sleep 1 sleep 1