bug(dashboard): command injection on Linux + cross-platform crash in ecc_dashboard.py

[konghun]

Two confirmed bugs in ecc_dashboard.py (merged via #1377). Both affect the open_terminal() method and the __init__ window-state call.

---

Bug 1 — Shell command injection via unsanitized path (Linux) · Security

File: ecc_dashboard.py:799

def open_terminal(self):
    path = self.path_entry.get()          # ← user-editable text field, no sanitisation
    ...
    else:  # Linux
        subprocess.Popen(['x-terminal-emulator', '-e', f'cd {path}'])

x-terminal-emulator -e <cmd> passes <cmd> to a shell. If path contains shell metacharacters — e.g. a project path with a space, a backtick, or a semicolon — the terminal will execute them. For example:

path = "/home/user/proj; rm -rf ~"
→ x-terminal-emulator -e "cd /home/user/proj; rm -rf ~"

The user controls the entry field directly (Browse button + manual editing), so this is a real injection surface even in a local app.

Fix: Pass the cd command as a properly quoted list argument, or use shlex.quote:

import shlex
subprocess.Popen(['x-terminal-emulator', '-e', f'cd {shlex.quote(path)}'])

Or, better, use the terminal's -–working-directory flag where available instead of a shell -e argument.

---

Bug 2 — self.state('zoomed') raises TclError on macOS and Linux · Correctness

File: ecc_dashboard.py:260

self.state('zoomed')   # ← Windows-only Tk state

'zoomed' is a valid window state on Windows. On macOS and most Linux desktop environments it raises:

_tkinter.TclError: bad argument "zoomed": must be normal, iconic, or withdrawn

This crashes the dashboard on startup on non-Windows systems.

Fix:

try:
    self.state('zoomed')          # Windows
except tk.TclError:
    self.attributes('-zoomed', True)  # Linux (most WMs)

macOS maximise requires self.attributes('-fullscreen', True) or can be skipped — the window is still usable at its default size.

---

Related open PRs worth merging alongside a fix

PR	Summary
#1420	Replaces 8 bare except: with except Exception — directly related to this file
#1419	Reduces unnecessary disk writes in gateguard-fact-force.js
#1411	Stable session fallback for GateGuard in API/proxy setups

[affaan-m]

Fix path is now PR #1440. It hardens by moving the terminal/maximize helpers into a Tk-free runtime module, keeping Linux terminal paths as argv data instead of shell text, and falling back safely when is unsupported outside Windows. Local validation passed with
=== Testing ecc_dashboard.py ===

✓ build_terminal_launch keeps Linux path separate from shell command text
✓ build_terminal_launch uses cwd + CREATE_NEW_CONSOLE style launch on Windows
✓ maximize_window falls back to Linux zoom attribute when zoomed state is unsupported

Results: Passed: 3, Failed: 0 and .

[affaan-m]

Fix path is now PR #1440.

What it changes:

• moves the terminal/maximize helpers into a Tk-free runtime module so they can be tested without _tkinter
• keeps Linux terminal paths as argv data instead of interpolating them into shell command text
• falls back safely when state('zoomed') is unsupported outside Windows

Local validation passed:

• node tests/scripts/ecc-dashboard.test.js
• python3 -m py_compile ecc_dashboard.py scripts/lib/ecc_dashboard_runtime.py

[affaan-m]

Fixed on main by #1440.

That patch removed the unsafe terminal invocation path in the dashboard and fixed the cross-platform crash behavior that was breaking Linux and Windows users.

PR: #1440