fix: add allow-list for global config keys from Docker labels

[CybotTM]

Summary

• Adds a globalLabelAllowList in cli/docker-labels.go that defines which global config keys may be set via Docker labels on service containers
• Blocks security-sensitive keys (allow-host-jobs-from-labels, web auth settings, pprof, default-user) from being overridden via labels — they can only be set via config file
• Blocked keys emit a SECURITY: Blocked global config key ... warning log
• Adds 3 test cases: blocked keys filtered, allowed keys pass through, full attack scenario (label cannot enable host job execution)

Security Context

Any container with ofelia.service=true could override any global config field via Docker labels, including allow-host-jobs-from-labels (enabling host code execution) and web authentication settings. This PR closes that privilege escalation vector with a secure-by-default allow-list.

See detailed analysis in #486.

Test Plan

• TestGlobalLabelAllowListBlocksSecurityKeys — verifies 7 security-sensitive keys are blocked
• TestGlobalLabelAllowListPermitsSafeKeys — verifies 5 safe keys pass through
• TestGlobalLabelAllowListPreventsHostJobEscalation — full attack scenario end-to-end
• Full test suite passes (go test ./...)
• golangci-lint clean, go vet clean

Closes #486

[gemini-code-assist]

Summary of Changes

Hello @CybotTM, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request significantly enhances the security posture by introducing an allow-list mechanism for global configuration keys derived from Docker labels. It prevents malicious or misconfigured containers from overriding critical security settings, thereby closing a privilege escalation vector and ensuring that sensitive configurations can only be managed through the main configuration file.

Highlights

• Security Enhancement: Introduced a globalLabelAllowList in cli/docker-labels.go to explicitly define which global configuration keys can be set via Docker labels.
• Privilege Escalation Prevention: Implemented logic to block security-sensitive global configuration keys (e.g., allow-host-jobs-from-labels, web authentication settings) from being overridden by Docker labels, preventing potential privilege escalation.
• Warning Logs: Added warning logs for any attempts to set blocked global config keys via Docker labels, providing visibility into potential security issues.
• Comprehensive Testing: Included comprehensive test cases to verify that security-sensitive keys are blocked, safe keys are permitted, and host job escalation is prevented.

Changelog

• cli/docker-labels.go
  • Defined globalLabelAllowList to specify allowed global config keys from Docker labels.
  • Modified the buildFromDockerContainers method to filter global config keys based on the new allow-list, logging warnings for blocked keys.
• cli/docker_labels_test.go
  • Added TestGlobalLabelAllowListBlocksSecurityKeys to confirm security-sensitive keys are not applied.
  • Added TestGlobalLabelAllowListPermitsSafeKeys to verify non-sensitive keys are correctly processed.
  • Added TestGlobalLabelAllowListPreventsHostJobEscalation to test the prevention of host job execution via labels.

Activity

• Verified that 7 security-sensitive keys are blocked as intended.
• Confirmed that 5 safe keys are correctly passed through.
• Validated the prevention of a full attack scenario involving host job escalation.
• Ensured the entire test suite passes without errors.
• Confirmed that golangci-lint and go vet report no issues.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[github-actions]

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

Scanned Files

None

[github-actions]

Automated approval for solo maintainer project

All CI checks passed. See SECURITY.md for compensating controls.

[github-actions]

✅ Mutation Testing Results

Mutation Score: 100.00% (threshold: 60%)

✨ Good job! Mutation score meets the threshold.

What is mutation testing?

Mutation testing measures test quality by introducing small changes (mutations) to the code and checking if tests detect them. A higher score means better test effectiveness.

• Killed mutants: Tests caught the mutation (good!)
• Survived mutants: Tests missed the mutation (needs improvement)

[Copilot]

Pull request overview

This PR implements a security fix to prevent privilege escalation via Docker labels by introducing an allow-list for global configuration keys that can be set by service containers. The fix addresses issue #486 where malicious containers with ofelia.service=true could override security-critical settings like allow-host-jobs-from-labels to enable arbitrary command execution on the host.

Changes:

• Adds globalLabelAllowList map in cli/docker-labels.go defining which global config keys may be set via Docker labels
• Implements filtering logic that blocks non-allowed keys and logs security warnings
• Adds comprehensive test coverage for blocked/allowed keys and end-to-end attack prevention

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 4 comments.

File	Description
cli/docker-labels.go	Adds globalLabelAllowList map with 23 allowed keys and filtering logic to block security-sensitive keys from being set via Docker labels
cli/docker_labels_test.go	Adds three test cases validating blocked keys, allowed keys, and end-to-end host job escalation prevention

[github-actions]

Automated approval for solo maintainer project

All CI checks passed. See SECURITY.md for compensating controls.

[codspeed-hq]

Merging this PR will degrade performance by 40.19%

❌ 3 regressed benchmarks
✅ 23 untouched benchmarks

⚠️ Please fix the performance issues or acknowledge them on CodSpeed.

Performance Changes

	Benchmark	BASE	HEAD	Efficiency
❌	BenchmarkExecutionMemoryWithoutPool	7 ms	11.7 ms	-40.19%
❌	remove	31.3 µs	42.4 µs	-26.36%
❌	BenchmarkRateLimiter	99.4 µs	113.1 µs	-12.16%

---

_{Comparing fix/global-label-allowlist (c0d1704) with main (95f8485)}

[github-actions]

Automated approval for solo maintainer project

All CI checks passed. See SECURITY.md for compensating controls.

[github-actions]

🚀 Released in v0.21.0

Thank you for your contribution! 🙏

This is now available in the latest release. Please test and verify everything works as expected in your environment.

If you encounter any issues, please open a new issue.