From 71b8f8e53b67828632586f39b1fd22eced63d2f5 Mon Sep 17 00:00:00 2001 From: TastyHeadphones Date: Sun, 15 Mar 2026 16:59:16 +0900 Subject: [PATCH] vm: validate restore and switch backup names (#210) --- scripts/vm_restore.sh | 11 +++++++++++ scripts/vm_switch.sh | 13 +++++++++++++ 2 files changed, 24 insertions(+) diff --git a/scripts/vm_restore.sh b/scripts/vm_restore.sh index f2241d6..305a874 100755 --- a/scripts/vm_restore.sh +++ b/scripts/vm_restore.sh @@ -11,6 +11,15 @@ BACKUPS_DIR="${BACKUPS_DIR:-vm.backups}" NAME="${NAME:-}" FORCE="${FORCE:-0}" +validate_backup_name() { + local name="$1" + local label="${2:-NAME}" + if [[ "$name" == */* || "$name" == .* ]]; then + echo "ERROR: ${label} must be a simple identifier (no slashes or leading dots)." + exit 1 + fi +} + # --- Parse args --- while [[ $# -gt 0 ]]; do case "$1" in @@ -39,6 +48,8 @@ if [[ -z "${NAME}" ]]; then exit 1 fi +validate_backup_name "${NAME}" + SRC="${BACKUPS_DIR}/${NAME}" # --- Validate backup --- diff --git a/scripts/vm_switch.sh b/scripts/vm_switch.sh index 7322832..37b5335 100755 --- a/scripts/vm_switch.sh +++ b/scripts/vm_switch.sh @@ -13,6 +13,15 @@ BACKUPS_DIR="${BACKUPS_DIR:-vm.backups}" NAME="${NAME:-}" BACKUP_INCLUDE_IPSW="${BACKUP_INCLUDE_IPSW:-0}" +validate_backup_name() { + local name="$1" + local label="${2:-NAME}" + if [[ "$name" == */* || "$name" == .* ]]; then + echo "ERROR: ${label} must be a simple identifier (no slashes or leading dots)." + exit 1 + fi +} + # --- Parse args --- while [[ $# -gt 0 ]]; do case "$1" in @@ -41,6 +50,8 @@ if [[ -z "${NAME}" ]]; then exit 1 fi +validate_backup_name "${NAME}" + TARGET="${BACKUPS_DIR}/${NAME}" if [[ ! -d "${TARGET}" || ! -f "${TARGET}/config.plist" ]]; then @@ -81,6 +92,8 @@ if [[ -d "${VM_DIR}" && -f "${VM_DIR}/config.plist" ]]; then fi fi + validate_backup_name "${CURRENT}" "Current VM name" + if [[ "${CURRENT}" == "${NAME}" ]]; then echo "'${NAME}' is already the active VM." exit 0