// Copyright 2025 Patial Tech (Ankit Patial).
//
// This file is part of code.patial.tech/go/appcore, which is MIT licensed.
// See http://opensource.org/licenses/MIT

package open

import (
	"errors"
	"os/exec"
	"strings"
)

// validateAppName validates application names on Linux with strict security checks
func validateAppName(appName string) error {
	if appName == "" {
		return errors.New("application name cannot be empty")
	}

	// Check for dangerous characters that could be used for command injection
	dangerous := []string{";", "|", "&", "$", "`", "\n", "\r", "$(", "&&", "||", ">", "<", "*"}
	for _, char := range dangerous {
		if strings.Contains(appName, char) {
			return errors.New("application name contains invalid characters")
		}
	}

	// Verify the application exists in PATH (additional security check)
	if _, err := exec.LookPath(appName); err != nil {
		return errors.New("application not found in system PATH")
	}

	return nil
}