From 9131b0004e7c640cc028179e1d049a4c62210d94 Mon Sep 17 00:00:00 2001
From: James O'Doherty <james@theodohertyfamily.com>
Date: Fri, 22 May 2026 10:46:02 -0400
Subject: Security hardening: prevent shell injection and null-byte crashes,
 implement 8-bit clean argument fuzzing and portable E2E binary discovery

---
 tests/e2e/test_helpers.go | 45 +++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 45 insertions(+)
 create mode 100644 tests/e2e/test_helpers.go

(limited to 'tests/e2e/test_helpers.go')

diff --git a/tests/e2e/test_helpers.go b/tests/e2e/test_helpers.go
new file mode 100644
index 0000000..34aae3f
--- /dev/null
+++ b/tests/e2e/test_helpers.go
@@ -0,0 +1,45 @@
+package e2e
+
+import (
+	"os"
+	"os/exec"
+	"path/filepath"
+	"runtime"
+)
+
+// GetBinaryPath resolves the path to the wg-wrap binary.
+// It checks the current directory, then the project root, then the system PATH.
+func GetBinaryPath() string {
+	binaryName := "wg-wrap"
+	if runtime.GOOS == "windows" {
+		binaryName += ".exe"
+	}
+
+	// 1. Check current working directory
+	if _, err := os.Stat(binaryName); err == nil {
+		abs, _ := filepath.Abs(binaryName)
+		return abs
+	}
+
+	// 2. Check common project root relative paths
+	// Since go test can be run from root or package dir, we try both.
+	candidates := []string{
+		filepath.Join("..", "..", binaryName), // from tests/e2e
+		filepath.Join("..", binaryName),       // from tests/
+		binaryName,                           // from root
+	}
+	for _, c := range candidates {
+		if _, err := os.Stat(c); err == nil {
+			abs, _ := filepath.Abs(c)
+			return abs
+		}
+	}
+
+	// 3. Check system PATH
+	path, err := exec.LookPath(binaryName)
+	if err == nil {
+		return path
+	}
+
+	return binaryName 
+}
-- 
cgit v1.2.3