From 9131b0004e7c640cc028179e1d049a4c62210d94 Mon Sep 17 00:00:00 2001
From: James O'Doherty <james@theodohertyfamily.com>
Date: Fri, 22 May 2026 10:46:02 -0400
Subject: Security hardening: prevent shell injection and null-byte crashes,
 implement 8-bit clean argument fuzzing and portable E2E binary discovery

---
 internal/cli/cli.go | 9 +++++++++
 1 file changed, 9 insertions(+)

(limited to 'internal/cli/cli.go')

diff --git a/internal/cli/cli.go b/internal/cli/cli.go
index b315fba..eba7f68 100644
--- a/internal/cli/cli.go
+++ b/internal/cli/cli.go
@@ -18,6 +18,15 @@ func NewApp(args []string) *App {
 }
 
 func (a *App) Run() error {
+	// 1. Validate arguments for null bytes to prevent exec failures in the C launcher
+	for i, arg := range a.Args {
+		for j := 0; j < len(arg); j++ {
+			if arg[j] == 0 {
+				return fmt.Errorf("argument %d contains null byte at position %d", i, j)
+			}
+		}
+	}
+
 	// Handle the internal diagnostic commands first
 	if len(a.Args) > 1 {
 		switch a.Args[1] {
-- 
cgit v1.2.3