Add safety check before rm -rf call

1 week ago · 76b83437ac
1 changed files with 4 additions and 0 deletions
--- a/pkg/pacman/sync/sync.go
+++ b/pkg/pacman/sync/sync.go
@ -191,6 +191,10 @@ func cloneRepo(sudoUser string, packageBase string, tmpDir string, logWriter io.
 }

 func createTempDir(sudoUser string, tmpDir string) error {
+	if tmpDir == "" || tmpDir == "/" || !strings.HasPrefix(tmpDir, "/tmp") {
+		return fmt.Errorf("safety check: prevented malformed rm -rf call")
+	}
+
 	mkdirCmd := log.Command("su", "-", sudoUser, "-c", "rm -rf "+tmpDir+" && mkdir -p "+tmpDir)
 	if err := mkdirCmd.Run(); err != nil {
 		return fmt.Errorf("failed to create temp directory: %w", err)