Code Quality

install-scripts/install-safe-chain.sh

@@ -247,6 +247,20 @@ parse_arguments() {
 
 # Main installation
 main() {
+    # Validate SAFE_CHAIN_DIR before using it to write files
+    if [ -n "${SAFE_CHAIN_DIR}" ]; then
+        case "${SAFE_CHAIN_DIR}" in
+            /*) ;; # absolute path — OK
+            *) error "SAFE_CHAIN_DIR must be an absolute path, got: ${SAFE_CHAIN_DIR}" ;;
+        esac
+        case "${SAFE_CHAIN_DIR}" in
+            *../*|*/..*|..) error "SAFE_CHAIN_DIR must not contain path traversal (..)" ;;
+        esac
+        if [ "${SAFE_CHAIN_DIR}" = "/" ]; then
+            error "SAFE_CHAIN_DIR cannot be the root directory"
+        fi
+    fi
+
     # Initialize argument flags
     USE_CI_SETUP=false