fix: Improve shadowsocks userinfo decoding with format validation and error handling`

podkop/files/usr/lib/helpers.sh

@@ -40,6 +40,14 @@ is_base64() {
     return 1
 }
 
+# Checks if the given string looks like a Shadowsocks userinfo
+is_shadowsocks_userinfo_format() {
+    local str="$1"
+    local regex='^[^:]+:[^:]+(:[^:]+)?$'
+
+    [[ "$str" =~ $regex ]]
+}
+
 # Checks if the given file exists
 file_exists() {
     local filepath="$1"

podkop/files/usr/lib/sing_box_config_facade.sh

@@ -131,8 +131,12 @@ sing_box_cf_add_proxy_outbound() {
         local userinfo tag host port method password udp_over_tcp
 
         userinfo=$(url_get_userinfo "$url")
-        if is_base64 "$userinfo"; then
+        if ! is_shadowsocks_userinfo_format "$userinfo"; then
             userinfo=$(base64_decode "$userinfo")
+            if [ $? -ne 0 ]; then
+                log "Cannot decode shadowsocks userinfo or it does not match the expected format. Aborted." "fatal"
+                exit 1
+            fi
         fi
 
         tag=$(get_outbound_tag_by_section "$section")