Null bytes embedded in command strings can be used to slip past
parsers that treat them as terminators while shells still see the
trailing payload. The existing analyzer already blocks `\n` / `\r`
multi-line input but lets `\0` through; add a matching dangerous
classification beside it.
This PR intentionally takes only the null-byte slice from #706. The
broader `command.contains("eval")` / `command.contains("exec ")`
guard from the same PR is *not* applied because it false-positives on
routine commands such as `cargo run -- eval` (the offline eval
harness) or any binary whose name contains `eval` (`evaluator.py`,
`primeval`). A regression test pins that behavior.
Tests:
- `test_null_byte_is_blocked` — `ls\0 -la` and `echo hello\0world`
classified as Dangerous.
- `test_eval_substring_is_not_misclassified` — `cargo run --bin
deepseek -- eval` and `python evaluator.py` are *not* Dangerous.
Integrates #706.
Co-authored-by: 浩淼的mac <haomiaodemac@haomiaodemacdeMacBook-Air.local>
Hunter Bown
1122bb0333