fix(linux): validate SUDO_USER and use prefix matching for interpreters

- Validate SUDO_USER via pwd.getpwnam() to prevent path injection - Use prefix matching for interpreter detection to cover python3.10+ etc. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-06 22:23:33 +08:00 · 2026-03-06 22:23:33 +08:00 · 3d58b6508c
parent bf77cc97d8
commit 3d58b6508c
2 changed files with 12 additions and 4 deletions
--- a/config.py
+++ b/config.py
@ -116,7 +116,15 @@ def _auto_detect_db_dir_linux():
    # sudo 运行时，~ 展开为 /root；回退到实际用户的 home
    sudo_user = os.environ.get("SUDO_USER")
    if sudo_user:
-        sudo_home = os.path.expanduser(f"~{sudo_user}")
+        # 验证 SUDO_USER 是合法系统用户，防止路径注入
+        import pwd
+        try:
+            pw = pwd.getpwnam(sudo_user)
+            sudo_home = pw.pw_dir
+        except KeyError:
+            sudo_home = None
+        if not sudo_home:
+            sudo_home = os.path.expanduser(f"~{sudo_user}")
        fallback = os.path.join(sudo_home, "Documents", "xwechat_files")
        if fallback not in search_roots:
            search_roots.append(fallback)
--- a/find_all_keys_linux.py
+++ b/find_all_keys_linux.py
@ -28,7 +28,7 @@ def _safe_readlink(path):
        return ""


-_INTERPRETERS = {"python", "python3", "bash", "sh", "zsh", "node", "perl", "ruby"}
+_INTERPRETER_PREFIXES = ("python", "bash", "sh", "zsh", "node", "perl", "ruby")


 def _is_wechat_process(pid):
@ -44,8 +44,8 @@ def _is_wechat_process(pid):
            comm = f.read().strip()
        exe_path = _safe_readlink(f"/proc/{pid}/exe")
        exe_name = os.path.basename(exe_path)
-        # 排除脚本解释器进程（避免匹配 python3 wechat-decrypt 等）
-        if exe_name.lower() in _INTERPRETERS:
+        # 排除脚本解释器进程（避免匹配 python3.11 wechat-decrypt 等）
+        if any(exe_name.lower().startswith(p) for p in _INTERPRETER_PREFIXES):
            return False
        haystack = f"{comm} {exe_name}".lower()
        return "wechat" in haystack or "weixin" in haystack