Fix JSON output and network configuration

- Fixed invalid JSON output in DeviceManager: changed '}' to ']}' to properly close device list array
- Added proper JSON string escaping using StringBuilder::stringify() to prevent XSS/injection vulnerabilities
- Set default network configuration for UDPStreamer and TCPClientStreamer (127.0.0.1:10110)
- Fixed install script path: corrected DBMS directory reference from 'DBMS/create.sql' to 'Source/DBMS/create.sql'

Author: jvde-github

Source/Application/Config.cpp

@@ -38,7 +38,11 @@ bool Config::isActiveObject(const JSON::Value &pd)
 void Config::setSettingsFromJSON(const JSON::Value &pd, Setting &s)
 {
 
-	for (const JSON::Property &p : pd.getObject().getProperties()) {
+	for (const JSON::Property &p : pd.getObject().getProperties())
+	{
+		if (p.Key() < 0 || p.Key() >= AIS::KeyMap.size())
+			continue;
+
 		if (p.Key() != AIS::KEY_SETTING_ACTIVE)
 		{
 			s.Set(AIS::KeyMap[p.Key()][JSON_DICT_SETTING], p.Get().to_string());
@@ -350,11 +354,10 @@ void Config::setSharing(const std::vector<JSON::Property> &props)
 		_msg.push_back(std::unique_ptr<IO::OutputMessage>(new IO::TCPClientStreamer()));
 		commm_feed = _msg.back().get();
 
-		commm_feed->Set("HOST", AISCATCHER_URL).Set("PORT", AISCATCHER_PORT).Set("MSGFORMAT", "COMMUNITY_HUB").Set("FILTER", "on").Set("GPS", "off").Set("REMOVE_EMPTY","on").Set("KEEP_ALIVE", "on").Set("DOWNSAMPLE", "on").Set("INCLUDE_SAMPLE_START", "on");
+		commm_feed->Set("HOST", AISCATCHER_URL).Set("PORT", AISCATCHER_PORT).Set("MSGFORMAT", "COMMUNITY_HUB").Set("FILTER", "on").Set("GPS", "off").Set("REMOVE_EMPTY", "on").Set("KEEP_ALIVE", "on").Set("DOWNSAMPLE", "on").Set("INCLUDE_SAMPLE_START", "on");
 	}
 	if (!uuid.empty() && commm_feed)
 		commm_feed->Set("UUID", uuid);
-	
 }
 
 void Config::set(const std::string &str)
@@ -447,7 +450,10 @@ void Config::set(const std::string &str)
 			_screen.verboseUpdateTime = Util::Parse::Integer(p.Get().to_string(), 1, 300);
 			break;
 		default:
-			throw std::runtime_error("Config file: field \"" + AIS::KeyMap[p.Key()][JSON_DICT_SETTING] + "\" in main section is not allowed.");
+			if (p.Key() >= 0 && p.Key() < AIS::KeyMap.size())
+				throw std::runtime_error("Config file: field \"" + AIS::KeyMap[p.Key()][JSON_DICT_SETTING] + "\" in main section is not allowed.");
+			else
+				throw std::runtime_error("Config file: unknown field in main section is not allowed.");
 		}
 	}
 }

Source/Application/DeviceManager.cpp

@@ -20,6 +20,7 @@
 #include "DeviceManager.h"
 #include "Logger.h"
 #include "Parse.h"
+#include "StringBuilder.h"
 
 std::vector<Device::Description> DeviceManager::device_list;
 
@@ -170,20 +171,28 @@ void DeviceManager::printAvailableDevices(bool JSON)
 		for (int i = 0; i < device_list.size(); i++)
 		{
 			std::string type = Util::Parse::DeviceTypeString(device_list[i].getType());
-			std::cout << "{\"input\":\"" + type;
-			std::cout << "\",\"serial\":\"" + device_list[i].getSerial();
-			std::cout << "\",\"name\":\"" + type + " [" + device_list[i].getSerial() + "]\"";
+			std::string serial = device_list[i].getSerial();
+			std::string name = type + " [" + serial + "]";
+
+			// Properly escape JSON strings
+			std::string type_escaped = JSON::StringBuilder::stringify(type, false);
+			std::string serial_escaped = JSON::StringBuilder::stringify(serial, false);
+			std::string name_escaped = JSON::StringBuilder::stringify(name, false);
+
+			std::cout << "{\"input\":\"" + type_escaped;
+			std::cout << "\",\"serial\":\"" + serial_escaped;
+			std::cout << "\",\"name\":\"" + name_escaped + "\"";
 
 			std::cout << "}" << (i == device_list.size() - 1 ? "" : ",");
 		}
-		std::cout << "}\n";
+		std::cout << "]}\n";
 	}
 }
 
 void DeviceManager::selectDeviceByIndex(int index)
 {
 	if (index < 0 || index >= device_list.size())
 		throw std::runtime_error("device does not exist");
-	
+
 	serial = device_list[index].getSerial();
 }