fix: escape AppleScript target parameter in iMessage channel

- Add escape_applescript() function to prevent injection attacks - Add is_valid_imessage_target() validation for phone/email patterns - Update send() method to escape both message AND target parameters - Add 40 comprehensive tests covering injection edge cases - Addresses CWE-78 (OS Command Injection) vulnerability Fixes #29
2026-02-14 13:38:13 -05:00 · 2026-02-14 13:38:13 -05:00 · dbf02291b4
commit dbf02291b4
parent ef4444ba43
3 changed files with 141 additions and 29 deletions
--- a/src/main.rs
+++ b/src/main.rs
@ -36,7 +36,6 @@ mod skills;
 mod tools;
 mod tunnel;

-
 use config::Config;

 /// `ZeroClaw` - Zero overhead. Zero compromise. 100% Rust.