Security hardening: prevent shell injection and null-byte crashes, implement 8-bit clean argument fuzzing and portable E2E binary discovery

author: James O'Doherty <james@theodohertyfamily.com> 2026-05-22 10:46:02 -0400
committer: James O'Doherty <james@theodohertyfamily.com> 2026-05-22 10:46:02 -0400
commit: 9131b0004e7c640cc028179e1d049a4c62210d94 (patch)
tree: 7efb5612b61240105851cb5d8ac8f05263644db4 /internal/cli
parent: 401683a6b11e5a7810c949147a12f2c4bbfba48a (diff)
1 files changed, 9 insertions, 0 deletions
diff --git a/internal/cli/cli.go b/internal/cli/cli.go
index b315fba..eba7f68 100644
--- a/internal/cli/cli.go
+++ b/internal/cli/cli.go
@@ -18,6 +18,15 @@ func NewApp(args []string) *App {
 }
 
 func (a *App) Run() error {
+	// 1. Validate arguments for null bytes to prevent exec failures in the C launcher
+	for i, arg := range a.Args {
+		for j := 0; j < len(arg); j++ {
+			if arg[j] == 0 {
+				return fmt.Errorf("argument %d contains null byte at position %d", i, j)
+			}
+		}
+	}
+
 	// Handle the internal diagnostic commands first
 	if len(a.Args) > 1 {
 		switch a.Args[1] {
author	James O'Doherty <james@theodohertyfamily.com>	2026-05-22 10:46:02 -0400
committer	James O'Doherty <james@theodohertyfamily.com>	2026-05-22 10:46:02 -0400
commit	9131b0004e7c640cc028179e1d049a4c62210d94 (patch)
tree	7efb5612b61240105851cb5d8ac8f05263644db4 /internal/cli
parent	401683a6b11e5a7810c949147a12f2c4bbfba48a (diff)