From 7eead7d48aebf3458131f306beca3876516ab058 Mon Sep 17 00:00:00 2001
From: unknown <49066403+bodane@users.noreply.github.com>
Date: Sun, 1 Feb 2026 00:40:58 +1100
Subject: [PATCH] security: expand character filtering and improve junction
 detection

- Add backtick and percent sign to blocked characters
- Use fsutil reparsepoint query for reliable symlink/junction detection
- Keep attribute check as fallback defense layer

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
---
 setup.bat | 22 ++++++++++++++++++----
 1 file changed, 18 insertions(+), 4 deletions(-)

diff --git a/setup.bat b/setup.bat
index e5551e3..0957006 100644
--- a/setup.bat
+++ b/setup.bat
@@ -41,10 +41,16 @@ if !errorlevel! neq 0 (
     goto :error
 )
 
-REM Validate paths don't contain suspicious characters
-echo !LOCALAPPDATA! | findstr /r "[<>|&^]" >nul
+REM Validate paths don't contain suspicious characters that could enable injection
+REM Blocks: < > | & ^ ` %% (shell metacharacters)
+echo !LOCALAPPDATA! | findstr /r "[<>|&^`]" >nul
 if !errorlevel! equ 0 (
-    echo ERROR: LOCALAPPDATA contains invalid characters
+    echo ERROR: LOCALAPPDATA contains invalid shell characters
+    goto :error
+)
+echo !LOCALAPPDATA! | findstr /c:"%%" >nul
+if !errorlevel! equ 0 (
+    echo ERROR: LOCALAPPDATA contains percent signs
     goto :error
 )
 
@@ -68,7 +74,15 @@ if not exist "!CORE_PATH!\core.exe" (
     goto :error
 )
 
-REM Check if it's a symlink/junction (basic check via attributes)
+REM Check if it's a symlink/junction using fsutil (more reliable than attributes)
+fsutil reparsepoint query "!CORE_PATH!" >nul 2>&1
+if !errorlevel! equ 0 (
+    echo ERROR: Install directory is a reparse point (symlink or junction^)
+    echo This may indicate a symlink attack. Aborting.
+    goto :error
+)
+
+REM Fallback: also check attributes for symlink indicator
 for %%F in ("!CORE_PATH!") do (
     set "ATTRS=%%~aF"
 )