From 4e2f3d5de4d22b316358dbc1dce553db6c189e93 Mon Sep 17 00:00:00 2001
From: yggverse <yggverse@project>
Date: Tue, 7 Apr 2026 16:36:15 +0300
Subject: [PATCH] prevent unexpected item ID handle as used the {ID} exec
 context

---
 src/main.rs | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/src/main.rs b/src/main.rs
index a7a7bbe..f956a3d 100644
--- a/src/main.rs
+++ b/src/main.rs
@@ -8,6 +8,7 @@ use clap::Parser;
 use config::Config;
 use database::Database;
 use log::*;
+use regex::Regex;
 use rustypipe::client::RustyPipe;
 use std::{env::var, process::Command, thread, time::Duration};
 
@@ -34,6 +35,7 @@ async fn main() {
     let sleep = config.sleep.map(Duration::from_secs);
     let mut database = Database::new(&config.database).unwrap();
     let rp = RustyPipe::new();
+    let channel_item_id_regex = Regex::new(r"^[A-z0-9_-]{11}$").unwrap();
 
     loop {
         if let Some(ref before) = config.before {
@@ -52,6 +54,12 @@ async fn main() {
                         channel.items_limit
                     );
                     for (i, item) in items.into_iter().enumerate() {
+                        if !channel_item_id_regex.is_match(&item.id) {
+                            panic!(
+                                "received unexpected item ID `{}`; unsafe to continue in the exec context",
+                                &item.id
+                            )
+                        }
                         if channel.items_limit.is_some_and(|l| i >= l) {
                             debug!("items limit for channel `{c}` reached at {i}; break.");
                             break;