From 0d50b374bdd883c406c50b11532088a3deac55f8 Mon Sep 17 00:00:00 2001
From: NotAShelf <raf@notashelf.dev>
Date: Sat, 15 Nov 2025 20:49:26 +0300
Subject: [PATCH] eh: add input validate to multicall dispatcher

Signed-off-by: NotAShelf <raf@notashelf.dev>
Change-Id: I6e7dc21c716b16ef1f9827eed4cdad396a6a6964
---
 eh/src/main.rs | 6 ++++++
 eh/src/util.rs | 2 +-
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/eh/src/main.rs b/eh/src/main.rs
index 6369154..13c29f4 100644
--- a/eh/src/main.rs
+++ b/eh/src/main.rs
@@ -36,6 +36,12 @@ fn dispatch_multicall(
   args: std::env::Args,
 ) -> Option<Result<i32>> {
   let rest: Vec<String> = args.collect();
+  
+  // Validate arguments before processing
+  if let Err(e) = util::validate_nix_args(&rest) {
+    return Some(Err(e));
+  }
+  
   let hash_extractor = util::RegexHashExtractor;
   let fixer = util::DefaultNixFileFixer;
   let classifier = util::DefaultNixErrorClassifier;
diff --git a/eh/src/util.rs b/eh/src/util.rs
index 9896e18..f452296 100644
--- a/eh/src/util.rs
+++ b/eh/src/util.rs
@@ -174,7 +174,7 @@ fn pre_evaluate(_subcommand: &str, args: &[String]) -> Result<bool> {
   Ok(false)
 }
 
-fn validate_nix_args(args: &[String]) -> Result<()> {
+pub fn validate_nix_args(args: &[String]) -> Result<()> {
   const DANGEROUS_PATTERNS: &[&str] = &[
     ";", "&&", "||", "|", "`", "$(", "${", ">", "<", ">>", "<<", "2>", "2>>",
   ];