docs: address review findings on YAML depth validation
- Add safety note on Strict() decoder not expanding aliases recursively, since alias resolution uses the pre-validated AST (finding #1) - Document that ast.Node map keys rely on pointer identity, which holds because all goccy/go-yaml AST types are pointer receivers (finding #2) - Clarify AnchorNode comment: effective depth budget is reduced for anchor+alias pairs, not literally halved (finding #3) - Improve test depth trace comment for accuracy (finding #4) - Add HTML comment in CONVENTIONS.md referencing #91 for the two-step process deviation (finding #5)
This commit is contained in:
claw
@@ -463,9 +463,10 @@ func TestYAMLDeeplyNestedRejection(t *testing.T) {
|
||||
// - Document root parsed at depth 0
|
||||
// - Root MappingNode children (MappingValueNodes) visited at depth 1
|
||||
// - "nested" MappingValueNode: key at depth 2, value at depth 2
|
||||
// - Each levelN mapping adds +1 depth (MappingNode → MappingValueNode → value)
|
||||
// - After 25 levels: effective depth reaches ~27, well past MaxYAMLDepth (20)
|
||||
// The test uses 25 levels to provide a comfortable margin above the limit.
|
||||
// - Each levelN adds depth via MappingValueNode traversal (key + value)
|
||||
// - Exact depth per level depends on AST structure (MappingNode wrapping),
|
||||
// but 25 levels reliably exceeds MaxYAMLDepth (20) with comfortable margin.
|
||||
// The test uses 25 levels rather than exactly 21 to avoid brittleness.
|
||||
var sb strings.Builder
|
||||
sb.WriteString("name: test\nidentity: test\nnested:\n")
|
||||
indent := " "
|
||||
|
||||
Reference in New Issue
Block a user