From 11dc3ba40e56e5e46e71eda49459073ef783b69c Mon Sep 17 00:00:00 2001
From: orbisai0security <mediratta01.pally@gmail.com>
Date: Tue, 12 May 2026 04:01:50 +0000
Subject: [PATCH] fix: V-004 security vulnerability

Automated security fix generated by Orbis Security AI
---
 .../src/port/Espressif/esp_crt_bundle/gen_crt_bundle.py      | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/wolfcrypt/src/port/Espressif/esp_crt_bundle/gen_crt_bundle.py b/wolfcrypt/src/port/Espressif/esp_crt_bundle/gen_crt_bundle.py
index 8372a2e4cd9..7bc52eec33f 100644
--- a/wolfcrypt/src/port/Espressif/esp_crt_bundle/gen_crt_bundle.py
+++ b/wolfcrypt/src/port/Espressif/esp_crt_bundle/gen_crt_bundle.py
@@ -333,9 +333,14 @@ def main():
 
     bundle = CertificateBundle()
 
+    _SHELL_META = re.compile(r'[;&|`$<>()\n\r]')
     for path in args.input:
+        if _SHELL_META.search(path):
+            raise InputError('Unsafe characters in input path: %s' % path)
         if os.path.isfile(path):
             if os.path.basename(path) == 'cacrt_all.pem' and args.filter:
+                if _SHELL_META.search(args.filter):
+                    raise InputError('Unsafe characters in filter path: %s' % args.filter)
                 bundle.add_with_filter(path, args.filter)
             else:
                 bundle.add_from_file(path)