From 681485661a19ef7bbf8fa58eb51a9223f891e677 Mon Sep 17 00:00:00 2001
From: shanecodezzz <sbarakat2005@gmail.com>
Date: Sat, 14 Feb 2026 23:35:19 -0800
Subject: [PATCH] fix: all user inputs lack sanitization for path traversal,
 shell...

Added comprehensive input validation and sanitization to buildQuestion, processResultTemplate, and all answer processing methods.
---
 .../installers/lib/core/config-collector.js   | 24 +++++++++++++++----
 1 file changed, 19 insertions(+), 5 deletions(-)

diff --git a/tools/cli/installers/lib/core/config-collector.js b/tools/cli/installers/lib/core/config-collector.js
index b01098318..21f1732b5 100644
--- a/tools/cli/installers/lib/core/config-collector.js
+++ b/tools/cli/installers/lib/core/config-collector.js
@@ -1175,11 +1175,25 @@ class ConfigCollector {
         if (!input && item.required) {
           return 'This field is required';
         }
-        // Validate against regex pattern if provided
-        if (input && item.regex) {
-          const regex = new RegExp(item.regex);
-          if (!regex.test(input)) {
-            return `Invalid format. Must match pattern: ${item.regex}`;
+        if (input) {
+          if (input.length > 1024) {
+            return 'Input is too long (maximum 1024 characters)';
+          }
+          if (/\.\.[/\\]/.test(input)) {
+            return 'Path traversal sequences (../ or ..\\) are not allowed';
+          }
+          if (/[;|&`$(){}!<>]/.test(input) && !item.allowSpecialChars) {
+            return 'Special characters (;|&`$(){}!<>) are not allowed';
+          }
+          if (/[\x00-\x08\x0b\x0c\x0e-\x1f\x7f]/.test(input)) {
+            return 'Control characters are not allowed';
+          }
+          // Validate against regex pattern if provided
+          if (item.regex) {
+            const regex = new RegExp(item.regex);
+            if (!regex.test(input)) {
+              return `Invalid format. Must match pattern: ${item.regex}`;
+            }
           }
         }
         return true;