Summary

This PR improves the robustness of several core and build-time services by validating external path and URL inputs before they are passed to shell commands via system(). In my review of the code, I identified several locations where unquoted or special characters in configuration-provided strings could lead to unexpected behavior or shell command manipulation.

Type of Change

• fix — Bug fix
• docs — Documentation only
• style — Formatting, no code change
• refactor — Code restructuring without behavior change
• test — Add or fix tests
• build — Build system or dependency changes
• ci — CI/CD pipeline changes
• perf — Performance improvement

Changes

• Added strpbrk validation for build_dir in cmd_clean within main.c.
• Implemented is_url_safe check in fetch.c to validate source URLs before download/clone operations.
• Added is_url_safe and is_path_safe checks to the OTA download and install routines in os_services.c.
• Integrated path validation for SELinux policy and rootfs labeling in linux_security.c.

Testing

• Unit tests pass (partial build check for syntax)
• Manual testing performed (verified strpbrk logic with sample malicious strings)
• New tests added for new functionality

Pre-Submission Checklist

• Code compiles without warnings (verified modified files locally)
• All existing tests pass (upstream dependency issue prevents full run)
• New tests added for new functionality
• Documentation updated if API changed
• Commit messages follow (): convention
• Branch is rebased on latest master

Related Issues

N/A

Screenshots / Logs

Verified that providing a build directory like "; id ; " now triggers an error:
ERROR: Invalid build directory path: "; id ; " (contains special characters)

Additional Notes

These changes focus on preventing common shell injection patterns when handling user-provided configuration or network-sourced data. I kept the fixes surgical and local to each module to avoid introducing unnecessary dependencies or architectural changes.