Validate ENV VAR

install-scripts/install-safe-chain.ps1

@@ -8,19 +8,21 @@ param(
 )
 
 $Version = $env:SAFE_CHAIN_VERSION  # Will be fetched from latest release if not set
+
+# Validate SAFE_CHAIN_DIR before use
+if ($env:SAFE_CHAIN_DIR) {
+    if (-not [System.IO.Path]::IsPathRooted($env:SAFE_CHAIN_DIR)) {
+        Write-Host "[ERROR] SAFE_CHAIN_DIR must be an absolute path, got: $($env:SAFE_CHAIN_DIR)" -ForegroundColor Red; exit 1
+    }
+    if ($env:SAFE_CHAIN_DIR -match '\.\.') {
+        Write-Host "[ERROR] SAFE_CHAIN_DIR must not contain path traversal (..)" -ForegroundColor Red; exit 1
+    }
+    if ($env:SAFE_CHAIN_DIR -match '^[A-Za-z]:[/\\]?$' -or $env:SAFE_CHAIN_DIR -eq '/') {
+        Write-Host "[ERROR] SAFE_CHAIN_DIR cannot be a root or drive-root directory" -ForegroundColor Red; exit 1
+    }
+}
+
 $SafeChainBase = if ($env:SAFE_CHAIN_DIR) { $env:SAFE_CHAIN_DIR } else { Join-Path $env:USERPROFILE ".safe-chain" }
-
-# Validate $SafeChainBase before any filesystem operations
-if (-not [System.IO.Path]::IsPathRooted($SafeChainBase)) {
-    Write-Host "[ERROR] SAFE_CHAIN_DIR must be an absolute path, got: $SafeChainBase" -ForegroundColor Red; exit 1
-}
-if ($SafeChainBase -match '\.\.') {
-    Write-Host "[ERROR] SAFE_CHAIN_DIR must not contain path traversal (..)" -ForegroundColor Red; exit 1
-}
-if ($SafeChainBase -match '^[A-Za-z]:[/\\]?$' -or $SafeChainBase -eq '/') {
-    Write-Host "[ERROR] SAFE_CHAIN_DIR cannot be a root or drive-root directory" -ForegroundColor Red; exit 1
-}
-
 $InstallDir = Join-Path $SafeChainBase "bin"
 $RepoUrl = "https://github.com/AikidoSec/safe-chain"