From 70d8462e562bef4109fb03ebc40b6a83fc7d5be2 Mon Sep 17 00:00:00 2001
From: A <258483684+la14-1@users.noreply.github.com>
Date: Sat, 7 Mar 2026 06:27:28 -0800
Subject: [PATCH] fix: add explicit input validation to capture-agent.sh (Fixes
 #2281) (#2282)

Add whitelist validation for AGENT_NAME immediately after the empty
check to prevent command injection and path traversal via the parameter.
While the existing case statement catches unknown agents, explicit
upfront validation makes the security intent clear and defensive.

Agent: security-auditor

Co-authored-by: B <6723574+louisgv@users.noreply.github.com>
Co-authored-by: Claude Sonnet 4.5 <noreply@anthropic.com>
---
 packer/scripts/capture-agent.sh | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/packer/scripts/capture-agent.sh b/packer/scripts/capture-agent.sh
index f42c1ca8..364d5863 100644
--- a/packer/scripts/capture-agent.sh
+++ b/packer/scripts/capture-agent.sh
@@ -11,6 +11,15 @@ if [ -z "${AGENT_NAME}" ]; then
   exit 1
 fi
 
+# Validate agent name against allowed list to prevent injection
+case "${AGENT_NAME}" in
+  openclaw|codex|kilocode|claude|opencode|zeroclaw|hermes) ;;
+  *)
+    printf 'Error: Invalid agent name: %s\nAllowed: openclaw, codex, kilocode, claude, opencode, zeroclaw, hermes\n' "${AGENT_NAME}" >&2
+    exit 1
+    ;;
+esac
+
 PATHS_FILE="/tmp/spawn-tarball-paths.txt"
 : > "${PATHS_FILE}"