container-dockter
by abhitatachar2000
Overview
This server provides a web interface to deploy and manage applications within Docker containers by interacting with the Docker daemon and Git repositories.
Installation
docker-compose up -dEnvironment Variables
- APP_PORT
- SECRET_KEY
- DB_PATH
- GITHUB_CLIENT_ID
- GITHUB_CLIENT_SECRET
- GITHUB_CALLBACK_URL
- GITHUB_APP_NAME
Security Notes
The application is critically vulnerable to remote code execution. It uses `child_process.exec` extensively (via `src/lib/docker.js`) to execute Docker commands, and it passes unsanitized user inputs (e.g., `repoUrl`, `appName`, `envVars`, `buildArgs`, `port`) directly from API requests (e.g., `/api/apps/deploy`) into these `exec` calls. This allows attackers to inject arbitrary shell commands. For example, by crafting a malicious `appName` or `envVars` payload, an attacker can execute commands on the host system where the 'container-dockter' server is running. No input validation or sanitization is evident in the provided code snippets before these dangerous operations.
Similar Servers
tiger-gh-mcp-server
Provides a set of focused tools to Large Language Models (LLMs) for interacting with the GitHub API, enabling capabilities like fetching issues, pull requests, commits, releases, and searching code within a specified organization.
mcp-server
A web-based Docker management platform for deploying, managing, and building custom AI tools (MCP servers) for integration with language models.
mcp-collection
Provides a containerized server application, likely part of a larger collection or system, designed for automated dependency management.
mcp-server-bbc
An AI assistant that manages BuilderBot projects by listing, retrieving, creating, updating, deleting, and duplicating projects using a set of defined tools.