From c025022872ac953962c16631e669aefcb71982c4 Mon Sep 17 00:00:00 2001
From: Hewei603 <weii20021121@gmail.com>
Date: Sat, 14 Feb 2026 17:24:22 +0800
Subject: [PATCH] Update main.py:fix: sanitize ticker input to prevent path
 traversal

fix: sanitize ticker input to prevent path traversal
---
 cli/main.py | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/cli/main.py b/cli/main.py
index 2237032e..9073bb91 100644
--- a/cli/main.py
+++ b/cli/main.py
@@ -29,7 +29,14 @@ from cli.models import AnalystType
 from cli.utils import *
 from cli.announcements import fetch_announcements, display_announcements
 from cli.stats_handler import StatsCallbackHandler
+import re
 
+def safe_ticker(ticker: str) -> str:
+    """Sanitize ticker symbol to prevent path traversal attacks."""
+    if not re.match(r'^[A-Za-z0-9.\-]+$', ticker):
+        raise ValueError(f"Invalid ticker symbol: {ticker}")
+    return ticker
+    
 console = Console()
 
 app = typer.Typer(
@@ -899,6 +906,7 @@ def format_tool_args(args, max_length=80) -> str:
 def run_analysis():
     # First get all user selections
     selections = get_user_selections()
+    selections["ticker"] = safe_ticker(selections["ticker"])
 
     # Create config with selected research depth
     config = DEFAULT_CONFIG.copy()