nevaforget/moonarch
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: shell script quoting and argument injection hardening

Browse Source 
Audit fixes for command injection risks in helper scripts:
- moonarch-cpugov: eval for quoted COMMANDS expansion (pkexec context)
- moonarch-btnote: while+read with process substitution, quoted vars
- moonarch-vpn: -- guard before connection name in nmcli calls
- post-install.sh: else-logging when USER_DEFAULTS dir missing
This commit is contained in:
nevaforget
2026-03-31 11:06:14 +02:00
parent 491a3cd3e2
commit 1e19f08776
5 changed files with 19 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files
defaults/bin/moonarch-vpn
+2 -2
View File
@@ -41,7 +41,7 @@ function connect_vpn() {
local connection="$1"
local feedback
if feedback=$(nmcli connection up "$connection" 2>&1); then
if feedback=$(nmcli connection up -- "$connection" 2>&1); then
notify-send "VPN" "Connected to '$connection'"
else
notify-send -u critical "VPN" "Connection failed: $feedback"
@@ -53,7 +53,7 @@ function disconnect_vpn() {
local connection="$1"
local feedback
if feedback=$(nmcli connection down "$connection" 2>&1); then
if feedback=$(nmcli connection down -- "$connection" 2>&1); then
notify-send "VPN" "Disconnected from '$connection'"
else
notify-send -u critical "VPN" "Disconnect failed: $feedback"