mirror of
https://github.com/fleetdm/fleet
synced 2026-04-21 13:37:30 +00:00
c86ad041b2
Fixes #41009 ## Summary - Scope `ValidatePackageIdentifiers` to only run when `$PACKAGE_ID` or `$UPGRADE_CODE` template variables are present in the uninstall script - Move `dmg`/`zip` early return before validation - Switch from ASCII allowlist to shell metacharacter denylist, allowing legitimate non-ASCII product names (e.g., `®`, parens) while still blocking injection characters ## Test plan - [x] Added unit tests for conditional validation (non-ASCII IDs with/without template vars, dmg/zip bypass, upgrade code scoping) - [x] Existing input tests still pass - [x] Winget ingester tests unaffected --------- Co-authored-by: Ian Littman <iansltx@gmail.com> |
||
|---|---|---|
| .. | ||
| scripts | ||
| testdata | ||
| deb.go | ||
| file.go | ||
| file_bench_test.go | ||
| file_test.go | ||
| ipa.go | ||
| management.go | ||
| management_test.go | ||
| msi.go | ||
| pdf.go | ||
| pdf_test.go | ||
| pe.go | ||
| pe_test.go | ||
| rpm.go | ||
| rpm_test.go | ||
| tgz.go | ||
| validation.go | ||
| validation_test.go | ||
| xar.go | ||
| xar_test.go | ||