From 700b3b0902842bbec51af9c9a6638fa10fc18866 Mon Sep 17 00:00:00 2001 From: Kroese Date: Fri, 3 Jul 2026 16:25:39 +0200 Subject: [PATCH] feat: Sanitize environment variables (#1785) --- src/define.sh | 19 ++++++++++++------- src/power.sh | 1 + 2 files changed, 13 insertions(+), 7 deletions(-) diff --git a/src/define.sh b/src/define.sh index 63075c5..99f79b9 100644 --- a/src/define.sh +++ b/src/define.sh @@ -16,17 +16,22 @@ set -Eeuo pipefail : "${USERNAME:=""}" : "${PASSWORD:=""}" +# Sanitize variables +KEY=$(strip "$KEY") +WIDTH=$(strip "$WIDTH") +HEIGHT=$(strip "$HEIGHT") +REGION=$(strip "$REGION") +EDITION=$(strip "$EDITION") +KEYBOARD=$(strip "$KEYBOARD") +LANGUAGE=$(strip "$LANGUAGE") +USERNAME=$(strip "$USERNAME") +PASSWORD=$(strip "$PASSWORD") + MIRRORS=4 parseVersion() { - if [[ "${VERSION}" == \"*\" || "${VERSION}" == \'*\' ]]; then - VERSION="${VERSION:1:-1}" - fi - - VERSION="${VERSION#"${VERSION%%[! ]*}"}" - VERSION="${VERSION%"${VERSION##*[! ]}"}" - + VERSION=$(strip "$VERSION") [ -z "$VERSION" ] && VERSION="win11" case "${VERSION,,}" in diff --git a/src/power.sh b/src/power.sh index a10401b..9e97201 100644 --- a/src/power.sh +++ b/src/power.sh @@ -168,6 +168,7 @@ graceful_shutdown() { local term_grace=3 # seconds before loop ends to send SIGTERM local cleanup_grace=3 # seconds reserved after the loop for cleanup + TIMEOUT=$(strip "$TIMEOUT") if [[ ! "$TIMEOUT" =~ ^[0-9]+$ ]]; then TIMEOUT=115 fi