From df82914005bd5b8d162a5abf3436239f21679193 Mon Sep 17 00:00:00 2001
From: wh1te909 <7434746+wh1te909@users.noreply.github.com>
Date: Mon, 8 Jul 2024 19:00:44 +0000
Subject: [PATCH] make sure server scripts start with shebang

---
 api/tacticalrmm/core/views.py | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/api/tacticalrmm/core/views.py b/api/tacticalrmm/core/views.py
index 4baa0051..0ca5d9c5 100644
--- a/api/tacticalrmm/core/views.py
+++ b/api/tacticalrmm/core/views.py
@@ -495,8 +495,12 @@ class TestRunServerScript(APIView):
                 "This feature is disabled. It can be enabled in Global Settings."
             )
 
+        code: str = request.data["code"]
+        if not code.startswith("#!"):
+            return notify_error("Missing shebang!")
+
         stdout, stderr, execution_time, retcode = run_server_script(
-            body=request.data["code"],
+            body=code,
             args=request.data["args"],
             env_vars=request.data["env_vars"],
             timeout=request.data["timeout"],
@@ -506,7 +510,7 @@ class TestRunServerScript(APIView):
         AuditLog.audit_test_script_run(
             username=request.user.username,
             agent=None,
-            script_body=request.data["code"],
+            script_body=code,
             debug_info={"ip": request._client_ip},
         )