nevaforget/moonarch
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: shell script quoting and argument injection hardening

Browse Source 
Audit fixes for command injection risks in helper scripts:
- moonarch-cpugov: eval for quoted COMMANDS expansion (pkexec context)
- moonarch-btnote: while+read with process substitution, quoted vars
- moonarch-vpn: -- guard before connection name in nmcli calls
- post-install.sh: else-logging when USER_DEFAULTS dir missing
This commit is contained in:
nevaforget
2026-03-31 11:06:14 +02:00
parent 491a3cd3e2
commit 1e19f08776
5 changed files with 19 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files
defaults/bin/moonarch-btnote
+5 -4
View File
@@ -5,15 +5,16 @@
NOTIFY_AT_PERCENTAGE=70
ICON="battery-empty"
for d in $(upower -e); do
while IFS= read -r d; do
[ -z "$d" ] && continue
DEVICE_DATA=$(upower -i "$d")
PERCENTAGE=$(echo $DEVICE_DATA | grep -Po '(?<=(percentage: )).*(?= icon)')
PERCENTAGE=$(echo "$DEVICE_DATA" | grep -Po '(?<=(percentage: )).*(?= icon)')
PER_INT=$(echo "${PERCENTAGE//%}")
DEVICE_NAME=$(echo $DEVICE_DATA | grep -Po '(?<=(model: )).*(?= serial)')
DEVICE_NAME=$(echo "$DEVICE_DATA" | grep -Po '(?<=(model: )).*(?= serial)')
if [ -n "$DEVICE_NAME" ] && [ -n "$PER_INT" ] && [ "$PER_INT" -lt "$NOTIFY_AT_PERCENTAGE" ]; then
notify-send -t 5000 -e "Low battery $DEVICE_NAME $PER_INT%" -i "$ICON" \
-h string:x-canonical-private-synchronous:battery \
-h int:value:"$PER_INT" -u critical
fi
done
done < <(upower -e)