A aa0b182f71 fix: validate GCP_USERNAME before assignment to prevent injection (#1537) ... * fix: validate GCP_USERNAME before assignment to prevent injection Assign logname output to _username first, validate against ^[a-zA-Z0-9_-]+$ regex, then assign to GCP_USERNAME. This ensures the validated value is what gets used in su commands. Fixes #1536 Agent: security-auditor Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * fix: validate whoami output in gcp/lib/common.sh main script Apply same validation pattern to line 27 as was applied in cloud-init. Assigns whoami output to temp var, validates against alphanumeric pattern, then assigns to GCP_USERNAME only after validation passes. Agent: security-auditor Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com> --------- Co-authored-by: B <6723574+louisgv@users.noreply.github.com> Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>		2026-02-20 20:38:34 -05:00
..
common.sh	fix: validate GCP_USERNAME before assignment to prevent injection (#1537)	2026-02-20 20:38:34 -05:00