fix(linux): validate SUDO_USER and use prefix matching for interpreters

- Validate SUDO_USER via pwd.getpwnam() to prevent path injection
- Use prefix matching for interpreter detection to cover python3.10+ etc.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

config.py

@@ -116,6 +116,14 @@ def _auto_detect_db_dir_linux():
     # sudo 运行时，~ 展开为 /root；回退到实际用户的 home
     sudo_user = os.environ.get("SUDO_USER")
     if sudo_user:
+        # 验证 SUDO_USER 是合法系统用户，防止路径注入
+        import pwd
+        try:
+            pw = pwd.getpwnam(sudo_user)
+            sudo_home = pw.pw_dir
+        except KeyError:
+            sudo_home = None
+        if not sudo_home:
             sudo_home = os.path.expanduser(f"~{sudo_user}")
         fallback = os.path.join(sudo_home, "Documents", "xwechat_files")
         if fallback not in search_roots:

find_all_keys_linux.py

@@ -28,7 +28,7 @@ def _safe_readlink(path):
         return ""
 
 
-_INTERPRETERS = {"python", "python3", "bash", "sh", "zsh", "node", "perl", "ruby"}
+_INTERPRETER_PREFIXES = ("python", "bash", "sh", "zsh", "node", "perl", "ruby")
 
 
 def _is_wechat_process(pid):
@@ -44,8 +44,8 @@ def _is_wechat_process(pid):
             comm = f.read().strip()
         exe_path = _safe_readlink(f"/proc/{pid}/exe")
         exe_name = os.path.basename(exe_path)
-        # 排除脚本解释器进程（避免匹配 python3 wechat-decrypt 等）
-        if exe_name.lower() in _INTERPRETERS:
+        # 排除脚本解释器进程（避免匹配 python3.11 wechat-decrypt 等）
+        if any(exe_name.lower().startswith(p) for p in _INTERPRETER_PREFIXES):
             return False
         haystack = f"{comm} {exe_name}".lower()
         return "wechat" in haystack or "weixin" in haystack