From 9ee0a184b3efd37aeca180a23db31f956d32b91e Mon Sep 17 00:00:00 2001
From: LordMathis <matus@namesny.com>
Date: Thu, 9 Oct 2025 22:18:53 +0200
Subject: [PATCH] Re-validate instance name in DeleteInstance for improved
 security

---
 pkg/manager/operations.go | 14 ++++++++------
 1 file changed, 8 insertions(+), 6 deletions(-)

diff --git a/pkg/manager/operations.go b/pkg/manager/operations.go
index 0d38a73..a8b5c3f 100644
--- a/pkg/manager/operations.go
+++ b/pkg/manager/operations.go
@@ -288,12 +288,13 @@ func (im *instanceManager) DeleteInstance(name string) error {
 
 		// Delete the instance's config file if persistence is enabled
 		// Re-validate instance name for security (defense in depth)
-		if _, err := validation.ValidateInstanceName(name); err != nil {
+		validatedName, err := validation.ValidateInstanceName(name)
+		if err != nil {
 			return fmt.Errorf("invalid instance name for file deletion: %w", err)
 		}
-		instancePath := filepath.Join(im.instancesConfig.InstancesDir, name+".json")
+		instancePath := filepath.Join(im.instancesConfig.InstancesDir, validatedName+".json")
 		if err := os.Remove(instancePath); err != nil && !os.IsNotExist(err) {
-			return fmt.Errorf("failed to delete config file for remote instance %s: %w", name, err)
+			return fmt.Errorf("failed to delete config file for remote instance %s: %w", validatedName, err)
 		}
 
 		return nil
@@ -311,12 +312,13 @@ func (im *instanceManager) DeleteInstance(name string) error {
 
 	// Delete the instance's config file if persistence is enabled
 	// Re-validate instance name for security (defense in depth)
-	if _, err := validation.ValidateInstanceName(inst.Name); err != nil {
+	validatedName, err := validation.ValidateInstanceName(inst.Name)
+	if err != nil {
 		return fmt.Errorf("invalid instance name for file deletion: %w", err)
 	}
-	instancePath := filepath.Join(im.instancesConfig.InstancesDir, inst.Name+".json")
+	instancePath := filepath.Join(im.instancesConfig.InstancesDir, validatedName+".json")
 	if err := os.Remove(instancePath); err != nil && !os.IsNotExist(err) {
-		return fmt.Errorf("failed to delete config file for instance %s: %w", inst.Name, err)
+		return fmt.Errorf("failed to delete config file for instance %s: %w", validatedName, err)
 	}
 
 	return nil