chore(compile): tighten link_resolver._resolve_path input guards#991
Open
mvanhorn wants to merge 1 commit intomicrosoft:mainfrom
Open
chore(compile): tighten link_resolver._resolve_path input guards#991mvanhorn wants to merge 1 commit intomicrosoft:mainfrom
mvanhorn wants to merge 1 commit intomicrosoft:mainfrom
Conversation
Adds an early-return guard for empty / whitespace-only input. Previously
`_resolve_path("")` and `_resolve_path(" ")` returned the base directory
via `Path(base_dir) / ""`, which is semantically wrong (an empty link
should resolve to nothing) even though existing callers' `.exists()` check
masked the bug.
Adds a TestResolvePathInputGuards class that locks in the behaviour for:
- empty string
- whitespace-only (spaces, tab, newline)
- embedded NUL byte (must not crash; containment is the caller's job)
- POSIX backslash traversal (literal segment, stays under base_dir)
- file:// URI on POSIX (treated relative, joined under base_dir)
- non-existent relative target (happy path)
Closes microsoft#841
mvanhorn
requested review from
danielmeppiel and
sergio-sisternes-epam
as code owners
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Closes #841.
Summary
Adds an early-return guard for empty / whitespace-only input in `_resolve_path` (Minor 1 + Minor 2 from the issue). Previously `_resolve_path("")` and `_resolve_path(" ")` returned the base directory via `Path(base_dir) / ""`, which is semantically wrong even though the existing `.exists()` checks in the call sites masked the bug.
```python
if not path or not path.strip():
return None
```
Tests (Minor 3)
Adds `TestResolvePathInputGuards` to `tests/unit/compilation/test_link_resolver.py` covering each case the issue called out:
Verification
`pytest tests/unit/compilation/test_link_resolver.py` -> 23 / 23 pass (17 existing + 6 new).