Validate user parameter in CommandCollector to prevent invalid input

devanshjainms · devanshjainms · commit 311b3b4d952d · 2025-10-28T21:03:32.000Z
diff --git a/src/module_utils/collector.py b/src/module_utils/collector.py
@@ -109,6 +109,11 @@ def collect(self, check, context) -> str:
             user = check.collector_args.get("user", "")
             if not command:
                 return "ERROR: No command specified"
+            if user:
+                if not re.match(r"^[a-zA-Z0-9_-]+$", user):
+                    self.parent.log(logging.ERROR, f"Invalid user parameter detected: {user}")
+                    return "ERROR: Invalid user parameter"
+
             try:
                 command = self.sanitize_command(command)
             except ValueError as e:
