Fix 29 audit findings across all severity tiers

Critical: fix unsquashfs arg order, quote Exec paths with spaces, fix compare_versions antisymmetry, chunk-based signature detection, bounded ELF header reads. High: handle NULL CVE severity, prevent pipe deadlock in inspector, fix glob_match edge case, fix backup archive path collisions, async crash detection with stderr capture. Medium: gate scan on auto-scan setting, fix window size persistence, fix announce() for Stack containers, claim lightbox gesture, use serde_json for CLI output, remove dead CSS @media blocks, add detail-tab persistence, remove invalid metainfo categories, byte-level fuse signature search. Low: tighten Wayland env var detection, ELF magic validation, timeout for update info extraction, quoted arg parsing, stop watcher timer on window destroy, GSettings choices/range constraints, remove unused CSS classes, define status-ok/status-attention CSS.
2026-02-27 22:08:53 +02:00
parent f87403794e
commit e9343da249
27 changed files with 1737 additions and 250 deletions
--- a/src/core/integrator.rs
+++ b/src/core/integrator.rs
@@ -94,7 +94,7 @@ pub fn integrate(record: &AppImageRecord) -> Result<IntegrationResult, Integrati
        "[Desktop Entry]\n\
         Type=Application\n\
         Name={name}\n\
-         Exec={exec} %U\n\
+         Exec=\"{exec}\" %U\n\
         Icon={icon}\n\
         Categories={categories}\n\
         Comment={comment}\n\
@@ -228,7 +228,7 @@ mod tests {

    #[test]
    fn test_integrate_creates_desktop_file() {
-        let dir = tempfile::tempdir().unwrap();
+        let _dir = tempfile::tempdir().unwrap();
        // Override the applications dir for testing by creating the record
        // with a specific path and testing the desktop content generation
        let record = AppImageRecord {