milliways-infosec/AikidoSec-safe-chain
7
0
Fork 0
mirror of https://github.com/AikidoSec/safe-chain.git synced 2026-05-26 12:10:49 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Verify token format

Browse source
This commit is contained in:
Sander Declerck 2026-03-13 14:19:25 +01:00
parent af90b20f12
commit 8eabdd17ba
No known key found for this signature in database
2 changed files with 12 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

7
install-scripts/install-endpoint-mac.sh
View file

@ -103,6 +103,13 @@ main() {
error "Token is required. Pass it with --token <TOKEN> or enter it when prompted." error "Token is required. Pass it with --token <TOKEN> or enter it when prompted."
fi fi
# Validate token to prevent injection
case "$TOKEN" in
*[\"\'\;\`\$\ ]*)
error "Invalid token format. Token must not contain quotes, semicolons, backticks, dollar signs, or whitespace."
;;
esac
# 2. Download and verify checksum # 2. Download and verify checksum
PKG_FILE=$(mktemp /tmp/SafeChainUltimate.XXXXXX.pkg) PKG_FILE=$(mktemp /tmp/SafeChainUltimate.XXXXXX.pkg)
trap cleanup EXIT trap cleanup EXIT

5
install-scripts/install-endpoint-windows.ps1
View file

@ -47,6 +47,11 @@ function Install-Endpoint {
} }
} }
# Validate token to prevent command/property injection via msiexec
if ($token -match '[";`$\s]') {
Write-Error-Custom "Invalid token format. Token must not contain quotes, semicolons, backticks, dollar signs, or whitespace."
}
# 2. Download the .msi # 2. Download the .msi
$msiFile = Join-Path $env:TEMP "SafeChainUltimate-$([System.Guid]::NewGuid().ToString('N')).msi" $msiFile = Join-Path $env:TEMP "SafeChainUltimate-$([System.Guid]::NewGuid().ToString('N')).msi"