From 20ac212d340a7db5e3233df1a29199a46848d4e7 Mon Sep 17 00:00:00 2001
From: tomaioo <hongsaygio.com@gmail.com>
Date: Wed, 15 Apr 2026 05:10:01 -0700
Subject: [PATCH 1/2] fix(security): 2 improvements across 2 files

- Security: TLS certificate verification disabled for Celery broker connection
- Security: Path traversal in backup upload command allows arbitrary file read/delete

Signed-off-by: tomaioo <203048277+tomaioo@users.noreply.github.com>
---
 compute_worker/celery_config.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/compute_worker/celery_config.py b/compute_worker/celery_config.py
index 674a3ae60..0e3d0454c 100644
--- a/compute_worker/celery_config.py
+++ b/compute_worker/celery_config.py
@@ -4,7 +4,8 @@
 broker_url = os.environ.get('BROKER_URL')
 if os.environ.get('BROKER_USE_SSL', False):
     broker_use_ssl = {
-        "cert_reqs": ssl.CERT_NONE,
+        "cert_reqs": ssl.CERT_REQUIRED,
+        "ca_certs": os.environ.get('BROKER_SSL_CA_CERTS', ssl.get_default_verify_paths().cafile),
     }
 worker_concurrency = 1
 worker_prefetch_multiplier = 1

From 1e640cee548452fb665647160d22aaad4334ef5c Mon Sep 17 00:00:00 2001
From: tomaioo <hongsaygio.com@gmail.com>
Date: Wed, 15 Apr 2026 05:10:02 -0700
Subject: [PATCH 2/2] fix(security): 2 improvements across 2 files

- Security: TLS certificate verification disabled for Celery broker connection
- Security: Path traversal in backup upload command allows arbitrary file read/delete

Signed-off-by: tomaioo <203048277+tomaioo@users.noreply.github.com>
---
 .../commands/management/commands/upload_backup.py     | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/src/apps/commands/management/commands/upload_backup.py b/src/apps/commands/management/commands/upload_backup.py
index f593c5564..40311e7e9 100644
--- a/src/apps/commands/management/commands/upload_backup.py
+++ b/src/apps/commands/management/commands/upload_backup.py
@@ -1,6 +1,6 @@
 import os
 
-from django.core.management.base import BaseCommand
+from django.core.management.base import BaseCommand, CommandError
 
 from utils.data import make_url_sassy, put_blob
 
@@ -13,7 +13,14 @@ def add_arguments(self, parser):
 
     def handle(self, *args, **options):
         backup_file_name = options['backup_path']
-        backup_path = os.path.join("/app/backups", options['backup_path'])
+        backup_root = os.path.realpath("/app/backups")
+
+        if os.path.isabs(backup_file_name):
+            raise CommandError("backup_path must be relative to /app/backups")
+
+        backup_path = os.path.realpath(os.path.join(backup_root, backup_file_name))
+        if os.path.commonpath([backup_root, backup_path]) != backup_root:
+            raise CommandError("backup_path must be relative to /app/backups")
 
         # Upload it
         upload_url = make_url_sassy(