fix: escape AppleScript target parameter in iMessage channel
- Add escape_applescript() function to prevent injection attacks - Add is_valid_imessage_target() validation for phone/email patterns - Update send() method to escape both message AND target parameters - Add 40 comprehensive tests covering injection edge cases - Addresses CWE-78 (OS Command Injection) vulnerability Fixes #29
This commit is contained in:
argenis de la rosa
@@ -36,7 +36,6 @@ mod skills;
|
||||
mod tools;
|
||||
mod tunnel;
|
||||
|
||||
|
||||
use config::Config;
|
||||
|
||||
/// `ZeroClaw` - Zero overhead. Zero compromise. 100% Rust.
|
||||
|
||||
Reference in New Issue
Block a user