fix: Add input validation and bounds checking to parsing methods (#990)

* fix: Resolved boundary condition issues in string processing

Addressed null and length checks during string splitting across multiple model classes to prevent potential null pointer exceptions and array out-of-bounds errors

* fix: Throw exceptions instead of silently returning when package manager output formats are invalid

Modified the _pacman, _opkg, and _apk parsing methods to throw exceptions when input formats are invalid, rather than silently returning, to prevent potential error handling issues.

lib/core/utils/ssh_config.dart

@@ -149,10 +149,12 @@ abstract final class SSHConfig {
 
   /// Extract jump host from ProxyJump or ProxyCommand
   static String? _extractJumpHost(String value) {
+    if (value.isEmpty) return null;
     // For ProxyJump, the format is usually: user@host:port
     // For ProxyCommand, it's more complex and might need custom parsing
     if (value.contains('@')) {
-      return value.split(' ').first;
+      final parts = value.split(' ');
+      return parts.isNotEmpty ? parts[0] : null;
     }
     return null;
   }

lib/data/model/pkg/upgrade_info.dart

@@ -62,6 +62,7 @@ class UpgradePkgInfo {
 
   void _parsePacman(String raw) {
     final parts = raw.split(' ');
+    if (parts.length < 4) throw Exception('Invalid pacman output format');
     package = parts[0];
     nowVersion = parts[1];
     newVersion = parts[3];
@@ -70,6 +71,7 @@ class UpgradePkgInfo {
 
   void _parseOpkg(String raw) {
     final parts = raw.split(' - ');
+    if (parts.length < 3) throw Exception('Invalid opkg output format');
     package = parts[0];
     nowVersion = parts[1];
     newVersion = parts[2];
@@ -80,6 +82,7 @@ class UpgradePkgInfo {
   void _parseApk(String raw) {
     final parts = raw.split(' ');
     final len = parts.length;
+    if (len < 2) throw Exception('Invalid apk output format');
     newVersion = parts[len - 1];
     nowVersion = parts[0];
     newVersion = newVersion.substring(0, newVersion.length - 1);

lib/data/model/server/cpu.dart

@@ -166,6 +166,7 @@ class SingleCpuCore extends TimeSeqIface<SingleCpuCore> {
       final id = item.split(' ').firstOrNull;
       if (id == null) continue;
       final matches = item.replaceFirst(id, '').trim().split(' ');
+      if (matches.length < 7) continue;
       cpus.add(
         SingleCpuCore(
           id,

lib/data/model/server/proc.dart

@@ -97,8 +97,8 @@ class Proc {
   }
 
   String get binary {
-    final parts = command.split(' ');
+    final parts = command.trim().split(' ').where((e) => e.isNotEmpty).toList();
-    return parts[0];
+    return parts.isNotEmpty ? parts[0] : '';
   }
 }
 

lib/data/provider/container.dart

@@ -280,7 +280,7 @@ enum ContainerCmdType {
     return switch (this) {
       ContainerCmdType.version => '$prefix version $_jsonFmt',
       ContainerCmdType.ps => switch (type) {
-        /// TODO: Rollback to json format when permformance recovers.
+        /// TODO: Rollback to json format when performance recovers.
         /// Use [_jsonFmt] in Docker will cause the operation to slow down.
         ContainerType.docker =>
           '$prefix ps -a --format "table {{printf \\"'