fix(update-apps): sanitize service detection and fail on invalid names

Reject multi-line or shebang-leaked service names from /usr/bin/update,
verify ct/<service>.sh exists before updating, and report ERROR instead of
silently marking failed containers as OK.

tools/pve/update-apps.sh

@@ -145,11 +145,35 @@ function header_info {
 EOF
 }
 
+function sanitize_service_name() {
+  local name="${1//$'\r'/}"
+  name="${name//$'\n'/}"
+  [[ -z "$name" ]] && return 1
+  [[ "$name" == *'#!'* ]] && return 1
+  [[ ! "$name" =~ ^[a-zA-Z0-9._-]+$ ]] && return 1
+  return 0
+}
+
+function validate_service_script() {
+  local name="$1"
+  sanitize_service_name "$name" || return 1
+  curl -fsSL --max-time 10 -o /dev/null \
+    "https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/ct/${name}.sh" 2>/dev/null
+}
+
 function detect_service() {
-  pushd $(mktemp -d) >/dev/null
-  pct pull "$1" /usr/bin/update update 2>/dev/null
-  service=$(cat update | sed 's|.*/ct/||g' | sed 's|\.sh).*||g')
-  popd >/dev/null
+  local container="$1"
+  local tmpdir update_file
+  service=""
+  tmpdir=$(mktemp -d)
+  update_file="$tmpdir/update"
+  pct pull "$container" /usr/bin/update "$update_file" 2>/dev/null || true
+  if [[ ! -s "$update_file" ]]; then
+    rm -rf "$tmpdir"
+    return 1
+  fi
+  service=$(grep -oE '/ct/[a-zA-Z0-9._-]+\.sh' "$update_file" 2>/dev/null | head -n1 | sed 's|.*/ct/||; s|\.sh$||')
+  rm -rf "$tmpdir"
 }
 
 function dry_run_container() {
@@ -447,24 +471,33 @@ for container in $CHOICE; do
   #1) Detect service using the service name in the update command
   detect_service $container
 
-  #1.1) If update script not detected, return
-  if [ -z "${service}" ]; then
-    echo -e "${YW}[WARN]${CL} Update script not found. Skipping to next container"
-    log_result "$container" "(unknown)" "SKIPPED" "No update script found in container"
-    log_write "Container $container: SKIPPED — no update script found"
+  #1.1) If update script not detected or service name is invalid, skip
+  if [ -z "${service}" ] || ! sanitize_service_name "${service}"; then
+    echo -e "${RD}[ERROR]${CL} Could not detect a valid service name for container $container"
+    log_result "$container" "(unknown)" "ERROR" "Invalid or missing service name in /usr/bin/update"
+    log_write "Container $container: ERROR — invalid or missing service name"
     continue
-  else
-    echo -e "${BL}[INFO]${CL} Detected service: ${GN}${service}${CL}"
-    log_write "Container $container: detected service '$service'"
   fi
 
+  if ! validate_service_script "${service}"; then
+    echo -e "${RD}[ERROR]${CL} Service '${service}' does not resolve to ct/${service}.sh"
+    log_result "$container" "${service}" "ERROR" "No matching ct/${service}.sh script found"
+    log_write "Container $container: ERROR — ct/${service}.sh not found"
+    continue
+  fi
+
+  echo -e "${BL}[INFO]${CL} Detected service: ${GN}${service}${CL}"
+  log_write "Container $container: detected service '${service}'"
+
   #2) Extract service build/update resource requirements from config/installation file
-  script=$(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/ct/${service}.sh)
+  script=$(curl -fsSL "https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/ct/${service}.sh")
 
   #2.1) Check if the script downloaded successfully
-  if [ $? -ne 0 ]; then
-    echo -e "${RD}[ERROR]${CL} Issue while downloading install script."
-    echo -e "${YW}[WARN]${CL} Unable to assess build resource requirements. Proceeding with current resources."
+  if [ $? -ne 0 ] || [ -z "${script}" ]; then
+    echo -e "${RD}[ERROR]${CL} Failed to download ct/${service}.sh"
+    log_result "$container" "${service}" "ERROR" "Failed to download ct/${service}.sh"
+    log_write "Container $container (${service}): ERROR — failed to download install script"
+    continue
   fi
 
   config=$(pct config "$container")