Skip to content

fix: add OverlayName::try_new with release-mode path separator validation#261

Merged
tylerbutler merged 3 commits intomainfrom
fix/238-overlay-name-release-validation
Apr 11, 2026
Merged

fix: add OverlayName::try_new with release-mode path separator validation#261
tylerbutler merged 3 commits intomainfrom
fix/238-overlay-name-release-validation

Conversation

@tylerbutler
Copy link
Copy Markdown
Owner

@tylerbutler tylerbutler commented Apr 11, 2026

Summary

  • Adds OverlayName::try_new() constructor that returns anyhow::Result and validates against both / and \ path separators, ensuring validation is not stripped in release builds
  • Migrates user-input boundary call sites in src/sources.rs (list_overlays_for_repo) to use try_new
  • Updates debug_assert! in new() to also check for backslash \
  • Replaces the #[should_panic] test (which only worked in debug mode) with proper Result-based tests for both separator types

Test plan

  • try_new rejects forward slashes — new test try_new_rejects_forward_slash
  • try_new rejects backslashes — new test try_new_rejects_backslash
  • try_new accepts valid names — new test try_new_accepts_valid_name
  • All 1080 existing tests pass

Closes #238

@tylerbutler @nori-agent
fix: add OverlayName::try_new with release-mode path separator valida…
f29aae3 
…tion

OverlayName::new used debug_assert! for validation, which is stripped in
release builds. This adds a try_new constructor that returns anyhow::Result
and validates against both forward slashes and backslashes.

User-input boundary call sites in sources.rs are migrated to try_new, while
trusted call sites (file stems, already-normalized names) keep using new.

The debug_assert in new() is also updated to check for backslashes.

Closes #238
🤖 Generated with [Nori](https://noriagentic.com)

Co-Authored-By: Nori <contact@tilework.tech>
@github-actions
Copy link
Copy Markdown
Contributor

github-actions bot commented Apr 11, 2026
edited
Loading

Changelog Preview

This PR adds the following changelog entries:

v0.12.1 - 2026-04-11

Command: library

Fixed

Validate overlay names reject path separators in release builds

OverlayName previously only checked for forward slashes via debug_assert, meaning invalid names with path separators (including backslashes) could slip through in release builds. Added OverlayName::try_new which returns an error for names containing / or \, and updated all user-input paths to use it.

@codecov
Copy link
Copy Markdown

codecov bot commented Apr 11, 2026
edited
Loading

Codecov Report

❌ Patch coverage is 93.87755% with 3 lines in your changes missing coverage. Please review.

Files with missing lines Patch % Lines
src/overlay_name.rs 92.85% 2 Missing ⚠️
src/resolve.rs 0.00% 1 Missing ⚠️

📢 Thoughts on this report? Let us know!

tylerbutler and others added 2 commits April 11, 2026 16:05
@tylerbutler @nori-agent
merge: resolve conflicts with main after module extraction refactor
ab71bf5 
Kept module-based structure from main (resolve.rs, create.rs, remove.rs,
status.rs, git_exclude.rs) and removed duplicate inline definitions from
lib.rs. Added missing unwrap_or_default() in resolve.rs for
get_fuzzy_suggestions_multi_source.
🤖 Generated with [Nori](https://noriagentic.com)

Co-Authored-By: Nori <contact@tilework.tech>
@tylerbutler @nori-agent
docs: add changelog for OverlayName path separator validation fix
c3b24b3 
🤖 Generated with [Nori](https://noriagentic.com)

Co-Authored-By: Nori <contact@tilework.tech>
@tylerbutler tylerbutler merged commit 9ca5bac into main Apr 11, 2026
17 checks passed
@tylerbutler tylerbutler deleted the fix/238-overlay-name-release-validation branch April 11, 2026 23:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

bug: OverlayName path-separator validation is stripped in release builds

1 participant

@tylerbutler