Move VPN config filename validation to startup scripts

qbittorrent/config.yaml

@@ -128,7 +128,7 @@ schema:
   keyfile: str
   localdisks: str?
   networkdisks: str?
-  openvpn_config: match(^[A-Za-z0-9._-]+\.(conf|ovpn)$)?
+  openvpn_config: str?
   openvpn_enabled: bool?
   openvpn_password: str?
   openvpn_username: str?
@@ -136,7 +136,7 @@ schema:
   run_duration: str?
   silent: bool?
   ssl: bool
-  wireguard_config: match(^[A-Za-z0-9._-]+\.conf$)?
+  wireguard_config: str?
   wireguard_enabled: bool?
   whitelist: str?
 slug: qbittorrent

qbittorrent/rootfs/etc/cont-init.d/93-openvpn.sh

@@ -48,6 +48,10 @@ chmod 600 "${OPENVPN_STATE_DIR}/credentials.conf"
 if bashio::config.has_value "openvpn_config"; then
     openvpn_config="$(bashio::config 'openvpn_config')"
     openvpn_config="${openvpn_config##*/}"
+    if [[ ! "${openvpn_config}" =~ ^[A-Za-z0-9._-]+\.(conf|ovpn)$ ]]; then
+        bashio::log.fatal "Invalid openvpn_config filename '${openvpn_config}'. Allowed characters: letters, numbers, dot, underscore, dash. Extension must be .conf or .ovpn."
+        bashio::addon.stop
+    fi
 fi
 if [[ -z "${openvpn_config}" ]]; then
     bashio::log.info 'openvpn_config option left empty. Attempting automatic selection.'

qbittorrent/rootfs/etc/cont-init.d/94-wireguard.sh

@@ -29,6 +29,10 @@ bashio::log.info "------------------------------"
 if bashio::config.has_value "wireguard_config"; then
     wireguard_config="$(bashio::config 'wireguard_config')"
     wireguard_config="${wireguard_config##*/}"
+    if [[ ! "${wireguard_config}" =~ ^[A-Za-z0-9._-]+\.conf$ ]]; then
+        bashio::log.fatal "Invalid wireguard_config filename '${wireguard_config}'. Allowed characters: letters, numbers, dot, underscore, dash. Extension must be .conf."
+        bashio::addon.stop
+    fi
 fi
 if [[ -z "${wireguard_config}" ]]; then
     bashio::log.info 'wireguard_config option left empty. Attempting automatic selection.'