sanitizeArg function

String sanitizeArg(String arg)

Sanitizes a command-line argument to prevent command injection vulnerabilities.

This function ensures that an argument only contains safe characters (alphanumeric, dash, underscore, dot, and slash). Arguments matching a predefined list of known safe commands are skipped from sanitization.

Throws an ArgumentError if an unsafe argument is detected and not skipped.

Returns the sanitized or skipped argument string.

Implementation

String sanitizeArg(String arg) {
  //⛔ ❌ Error during build commands: Invalid argument(s): Unsafe argument detected: flutter_native_splash:create
  final List<String> skipSanitization = [
    'flutter_native_splash:create',
    'flutter_launcher_icons:generate',
    'flutter_launcher_icons',
    'intl_utils:generate',
  ];
  if (skipSanitization.contains(arg)) {
    return arg;
  }
  final safe = RegExp(r'^[\w\-.\/]+$');
  if (!safe.hasMatch(arg)) {
    throw ArgumentError('Unsafe argument detected: $arg');
  }
  return arg;
}