From 76b83437ac0b887f1f833bed66afc4c5e0e10fcb Mon Sep 17 00:00:00 2001
From: Riyyi <riyyi3@gmail.com>
Date: Sun, 3 May 2026 22:17:51 +0200
Subject: [PATCH] Add safety check before rm -rf call

---
 pkg/pacman/sync/sync.go | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/pkg/pacman/sync/sync.go b/pkg/pacman/sync/sync.go
index 6e4667f..4c4434a 100644
--- a/pkg/pacman/sync/sync.go
+++ b/pkg/pacman/sync/sync.go
@@ -191,6 +191,10 @@ func cloneRepo(sudoUser string, packageBase string, tmpDir string, logWriter io.
 }
 
 func createTempDir(sudoUser string, tmpDir string) error {
+	if tmpDir == "" || tmpDir == "/" || !strings.HasPrefix(tmpDir, "/tmp") {
+		return fmt.Errorf("safety check: prevented malformed rm -rf call")
+	}
+
 	mkdirCmd := log.Command("su", "-", sudoUser, "-c", "rm -rf "+tmpDir+" && mkdir -p "+tmpDir)
 	if err := mkdirCmd.Run(); err != nil {
 		return fmt.Errorf("failed to create temp directory: %w", err)