From 5501f2d447c0a0ff0498a4d81c3451c5706944a8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E7=85=8E=E9=A5=BC=E6=9E=9C=E5=AD=90=E5=8D=B7=E9=B2=A8?=
 =?UTF-8?q?=E9=B1=BC=E8=BE=A3=E6=A4=92?= <yuaotian1998@163.com>
Date: Sat, 25 Jan 2025 20:51:14 +0800
Subject: [PATCH] Enhance sed command safety with advanced escaping in Linux
 Cursor ID modifier

- Implemented a custom escape function to handle special characters in sed replacements
- Improved variable escaping to prevent potential sed command injection
- Updated sed substitution syntax to use more robust delimiters
- Maintained existing file modification and permission logic
---
 scripts/run/cursor_linux_id_modifier.sh | 21 ++++++++++++++++-----
 1 file changed, 16 insertions(+), 5 deletions(-)

diff --git a/scripts/run/cursor_linux_id_modifier.sh b/scripts/run/cursor_linux_id_modifier.sh
index cc256e9..399885d 100644
--- a/scripts/run/cursor_linux_id_modifier.sh
+++ b/scripts/run/cursor_linux_id_modifier.sh
@@ -179,11 +179,22 @@ generate_new_config() {
     local device_id=$(generate_uuid | tr '[:upper:]' '[:lower:]')
     local sqm_id="{$(generate_uuid | tr '[:lower:]' '[:upper:]')}"
     
-    # 修改现有文件，使用更安全的分隔符和转义
-    sed -i "s/\"telemetry\.machineId\":[[:space:]]*\"[^\"]*\"/\"telemetry.machineId\": \"${machine_id}\"/" "$STORAGE_FILE"
-    sed -i "s/\"telemetry\.macMachineId\":[[:space:]]*\"[^\"]*\"/\"telemetry.macMachineId\": \"${mac_machine_id}\"/" "$STORAGE_FILE"
-    sed -i "s/\"telemetry\.devDeviceId\":[[:space:]]*\"[^\"]*\"/\"telemetry.devDeviceId\": \"${device_id}\"/" "$STORAGE_FILE"
-    sed -i "s/\"telemetry\.sqmId\":[[:space:]]*\"[^\"]*\"/\"telemetry.sqmId\": \"${sqm_id}\"/" "$STORAGE_FILE"
+    # 增强的转义函数
+    escape_sed_replacement() {
+        echo "$1" | sed -e 's/[\/&|]/\\&/g'  # 转义 / & | 符号
+    }
+
+    # 对变量进行转义处理
+    machine_id_escaped=$(escape_sed_replacement "$machine_id")
+    mac_machine_id_escaped=$(escape_sed_replacement "$mac_machine_id")
+    device_id_escaped=$(escape_sed_replacement "$device_id")
+    sqm_id_escaped=$(escape_sed_replacement "$sqm_id")
+
+    # 使用增强正则表达式和转义
+    sed -i "s|\"telemetry\.machineId\": *\"[^\"]*\"|\"telemetry.machineId\": \"${machine_id_escaped}\"|" "$STORAGE_FILE"
+    sed -i "s|\"telemetry\.macMachineId\": *\"[^\"]*\"|\"telemetry.macMachineId\": \"${mac_machine_id_escaped}\"|" "$STORAGE_FILE"
+    sed -i "s|\"telemetry\.devDeviceId\": *\"[^\"]*\"|\"telemetry.devDeviceId\": \"${device_id_escaped}\"|" "$STORAGE_FILE"
+    sed -i "s|\"telemetry\.sqmId\": *\"[^\"]*\"|\"telemetry.sqmId\": \"${sqm_id_escaped}\"|" "$STORAGE_FILE"
 
     # 设置文件权限和所有者
     chmod 444 "$STORAGE_FILE"  # 改为只读权限