From 683b1e27abe11529762fb161dff58e2eb6ee11b5 Mon Sep 17 00:00:00 2001
From: Jacob Prezant <179630496+jacobprezant@users.noreply.github.com>
Date: Thu, 1 Jan 2026 20:43:27 -0500
Subject: [PATCH] Harden iOS build script argument handling

Hardens the iOS build script making output handling safe against symlinks. Also protects the scp transfer from argument splitting.
---
 build-iOS.sh | 13 +++++++++----
 1 file changed, 9 insertions(+), 4 deletions(-)

diff --git a/build-iOS.sh b/build-iOS.sh
index b7080fb..fd73e48 100755
--- a/build-iOS.sh
+++ b/build-iOS.sh
@@ -3,12 +3,14 @@
 set -e
 
 NAME=appdecrypt
+BUILD_OUTPUT=".build/release/appdecrypt"
+OUTPUT="./appdecrypt"
 SDK_VERSION=11.0
 
 function build() {
   START=$(date +%s)
 
-  swift build --product $NAME \
+  swift build --product "$NAME" \
     -c release \
     -Xswiftc "-sdk" \
     -Xswiftc "$(xcrun --sdk iphoneos --show-sdk-path)" \
@@ -33,11 +35,14 @@ function main() {
 
 main
 
-mv .build/release/appdecrypt .
-chmod +x appdecrypt
+if [ -L "$OUTPUT" ]; then
+  rm -f "$OUTPUT"
+fi
+cp "$BUILD_OUTPUT" "$OUTPUT"
+chmod 0755 "$OUTPUT"
 ldid -Sglobal.xml appdecrypt
 
 # if ip is provided, send to the device in one go
 if [ -n "$1" ]; then
-  scp appdecrypt mobile@$1:/var/mobile/Documents/appdecrypt
+  scp -- appdecrypt "mobile@$1:/var/mobile/Documents/appdecrypt"
 fi