From 72a5efe74490f916ee7d649b889a6ccefd597452 Mon Sep 17 00:00:00 2001 From: yiliang114 <1204183885@qq.com> Date: Wed, 13 May 2026 20:43:30 +0800 Subject: [PATCH] fix(installer): make Windows option validation readable --- scripts/installation/install-qwen-standalone.bat | 15 +++++++++++---- scripts/tests/install-script.test.js | 8 ++++++-- 2 files changed, 17 insertions(+), 6 deletions(-) diff --git a/scripts/installation/install-qwen-standalone.bat b/scripts/installation/install-qwen-standalone.bat index bc7c349bb..bb9b378d7 100644 --- a/scripts/installation/install-qwen-standalone.bat +++ b/scripts/installation/install-qwen-standalone.bat @@ -303,11 +303,18 @@ set "QWEN_VALIDATE_INSTALL_BASE=!INSTALL_BASE!" set "QWEN_VALIDATE_INSTALL_DIR=!INSTALL_DIR!" set "QWEN_VALIDATE_INSTALL_BIN_DIR=!INSTALL_BIN_DIR!" set "QWEN_VALIDATE_SOURCE=!SOURCE!" -REM Keep this PowerShell script encoded so cmd.exe does not parse its metacharacters first. -set "QWEN_VALIDATE_OPTIONS_COMMAND=JAB1AG4AcwBhAGYAZQAgAD0AIABbAGMAaABhAHIAWwBdAF0AKAAxADAALAAxADMALAAzADMALAAzADQALAAzADcALAAzADgALAA2ADAALAA2ADIALAA5ADQALAA5ADYALAAxADIANAApAAoAZgBvAHIAZQBhAGMAaAAgACgAJABuAGEAbQBlACAAaQBuACAAJwBNAEUAVABIAE8ARAAnACwAJwBNAEkAUgBSAE8AUgAnACwAJwBCAEEAUwBFAF8AVQBSAEwAJwAsACcAQQBSAEMASABJAFYARQBfAFAAQQBUAEgAJwAsACcAVgBFAFIAUwBJAE8ATgAnACwAJwBOAFAATQBfAFIARQBHAEkAUwBUAFIAWQAnACwAJwBJAE4AUwBUAEEATABMAF8AQgBBAFMARQAnACwAJwBJAE4AUwBUAEEATABMAF8ARABJAFIAJwAsACcASQBOAFMAVABBAEwATABfAEIASQBOAF8ARABJAFIAJwAsACcAUwBPAFUAUgBDAEUAJwApACAAewAKACAAIAAkAHYAYQBsAHUAZQAgAD0AIABbAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABdADoAOgBHAGUAdABFAG4AdgBpAHIAbwBuAG0AZQBuAHQAVgBhAHIAaQBhAGIAbABlACgAJwBRAFcARQBOAF8AVgBBAEwASQBEAEEAVABFAF8AJwAgACsAIAAkAG4AYQBtAGUAKQAKACAAIABpAGYAIAAoACQAbgB1AGwAbAAgAC0AbgBlACAAJAB2AGEAbAB1AGUAIAAtAGEAbgBkACAAJAB2AGEAbAB1AGUALgBJAG4AZABlAHgATwBmAEEAbgB5ACgAJAB1AG4AcwBhAGYAZQApACAALQBnAGUAIAAwACkAIAB7ACAAZQB4AGkAdAAgADEAIAB9AAoAfQAKAGUAeABpAHQAIAAwAA==" -powershell -NoProfile -ExecutionPolicy Bypass -EncodedCommand !QWEN_VALIDATE_OPTIONS_COMMAND! +set "QWEN_VALIDATE_OPTIONS_SCRIPT=%TEMP%\qwen-validate-options-%RANDOM%-%RANDOM%.ps1" +> "!QWEN_VALIDATE_OPTIONS_SCRIPT!" echo $unsafe = [char[]](10,13,33,34,37,38,60,62,94,96,124) +>> "!QWEN_VALIDATE_OPTIONS_SCRIPT!" echo $names = @('METHOD','MIRROR','BASE_URL','ARCHIVE_PATH','VERSION','NPM_REGISTRY','INSTALL_BASE','INSTALL_DIR','INSTALL_BIN_DIR','SOURCE') +>> "!QWEN_VALIDATE_OPTIONS_SCRIPT!" echo foreach ($name in $names) { +>> "!QWEN_VALIDATE_OPTIONS_SCRIPT!" echo $value = [Environment]::GetEnvironmentVariable('QWEN_VALIDATE_' + $name) +>> "!QWEN_VALIDATE_OPTIONS_SCRIPT!" echo if ($null -ne $value -and $value.IndexOfAny($unsafe) -ge 0) { exit 1 } +>> "!QWEN_VALIDATE_OPTIONS_SCRIPT!" echo } +>> "!QWEN_VALIDATE_OPTIONS_SCRIPT!" echo exit 0 +powershell -NoProfile -ExecutionPolicy Bypass -File "!QWEN_VALIDATE_OPTIONS_SCRIPT!" set "PS_STATUS=%ERRORLEVEL%" -set "QWEN_VALIDATE_OPTIONS_COMMAND=" +del /F /Q "!QWEN_VALIDATE_OPTIONS_SCRIPT!" >nul 2>&1 +set "QWEN_VALIDATE_OPTIONS_SCRIPT=" set "QWEN_VALIDATE_METHOD=" set "QWEN_VALIDATE_MIRROR=" set "QWEN_VALIDATE_BASE_URL=" diff --git a/scripts/tests/install-script.test.js b/scripts/tests/install-script.test.js index 88c901ca1..9f7d2432b 100644 --- a/scripts/tests/install-script.test.js +++ b/scripts/tests/install-script.test.js @@ -182,8 +182,12 @@ describe('installation scripts', () => { expect(script).toContain( 'installer options contain unsafe command characters', ); - expect(script).toContain('-EncodedCommand'); - expect(script).toContain('QWEN_VALIDATE_OPTIONS_COMMAND'); + expect(script).not.toContain('-EncodedCommand'); + expect(script).toContain('QWEN_VALIDATE_OPTIONS_SCRIPT'); + expect(script).toContain('$unsafe = [char[]](10,13,33,34'); + expect(script).toContain( + 'powershell -NoProfile -ExecutionPolicy Bypass -File "!QWEN_VALIDATE_OPTIONS_SCRIPT!"', + ); expect(script).toContain('if "!INSTALL_BASE:~1,2!"==":/"'); expect(script).toContain('if "!INSTALL_DIR:~1,2!"==":/"'); expect(script).toContain('if "!INSTALL_BIN_DIR:~1,2!"==":/"');