@@ -59,7 +59,28 @@ int main(int argc, char* argv[])
5959 appendindex = i-1 ;
6060 i++;
6161 if (i < argc) {
62- waylanddisplay = argv[i];
62+ // Validate wayland display string to contain only safe characters
63+ std::string tempDisplay = argv[i];
64+ bool isValid = true ;
65+
66+ // Check if string is not empty and has reasonable length
67+ if (tempDisplay.empty () || tempDisplay.length () > 256 ) {
68+ isValid = false ;
69+ }
70+
71+ // Allow only alphanumeric, dash, underscore, dot, slash, and colon
72+ for (char c : tempDisplay) {
73+ if (!isalnum (c) && c != ' -' ' _' ' .' ' /' ' :'
74+ isValid = false ;
75+ break ;
76+ }
77+ }
78+
79+ if (isValid) {
80+ waylanddisplay = tempDisplay;
81+ } else {
82+ NativeJSLogger::log (WARN, " Invalid wayland display format provided, using default\n "
83+ }
6384 }
6485 }
6586 else if (strcmp (argv[i], " --enableHttp" 0 )
@@ -111,11 +132,7 @@ int main(int argc, char* argv[])
111132 i++;
112133 }
113134
114- // CID:430751 - Intentional: waylanddisplay from command line argument
115- // This is a display socket name passed to Wayland compositor, used only for
116- // local display connection. The value is passed to system compositor APIs
117- // which handle validation. No injection risk as it's used as display identifier only.
118- /* coverity[tainted_data] */
135+ // waylanddisplay is validated before use (alphanumeric, dash, underscore, dot, slash, colon only)
119136 std::shared_ptr<NativeJSRenderer> renderer = std::make_shared<NativeJSRenderer>(waylanddisplay);
120137 if (consoleMode) {
121138 renderer->setEnvForConsoleMode (moduleSettings);
0 commit comments