fix(deps): replace gopkg.in/yaml.v3 with github.com/goccy/go-yaml
CI / test (pull_request) Successful in 18s
CI / review (anthropic--claude-4.6-sonnet, sonnet, SONNET_REVIEW_TOKEN) (pull_request) Successful in 46s
CI / review (gpt-5, gpt, GPT_REVIEW_TOKEN) (pull_request) Successful in 1m38s
CI / review (gpt-5, security, ., rodin/security-patterns, SECURITY_REVIEW.md, SECURITY_REVIEW_TOKEN) (pull_request) Successful in 1m49s
CI / test (pull_request) Successful in 18s
CI / review (anthropic--claude-4.6-sonnet, sonnet, SONNET_REVIEW_TOKEN) (pull_request) Successful in 46s
CI / review (gpt-5, gpt, GPT_REVIEW_TOKEN) (pull_request) Successful in 1m38s
CI / review (gpt-5, security, ., rodin/security-patterns, SECURITY_REVIEW.md, SECURITY_REVIEW_TOKEN) (pull_request) Successful in 1m49s
Fixes #87. PR #58 incorrectly added gopkg.in/yaml.v3 (abandoned library) instead of github.com/goccy/go-yaml as required by issue #57. Changes: - Replace gopkg.in/yaml.v3 with github.com/goccy/go-yaml v1.19.2 - Update review/persona.go to use goccy/go-yaml API: - parser.ParseBytes for AST-based depth/node count checking - yaml.Strict() decoder option instead of KnownFields(true) - ast.Node types instead of yaml.Node for tree walking - Update review/persona_test.go to use ast types for cycle tests - Remove gopkg.in/yaml.v3 from go.mod and go.sum All existing YAML tests pass with the new library.
This commit is contained in:
claw
+61
-28
@@ -10,7 +10,9 @@ import (
|
||||
"strings"
|
||||
"unicode/utf8"
|
||||
|
||||
"gopkg.in/yaml.v3"
|
||||
"github.com/goccy/go-yaml"
|
||||
"github.com/goccy/go-yaml/ast"
|
||||
"github.com/goccy/go-yaml/parser"
|
||||
)
|
||||
|
||||
//go:embed personas/*.yaml
|
||||
@@ -142,7 +144,7 @@ func parsePersona(data []byte, source string) (*Persona, error) {
|
||||
err = unmarshalYAMLWithDepthLimit(data, &p, MaxYAMLDepth)
|
||||
} else {
|
||||
// Use json.Decoder with DisallowUnknownFields for consistency with
|
||||
// YAML's KnownFields(true) - both reject unknown fields to catch typos.
|
||||
// YAML's Strict() - both reject unknown fields to catch typos.
|
||||
dec := json.NewDecoder(bytes.NewReader(data))
|
||||
dec.DisallowUnknownFields()
|
||||
err = dec.Decode(&p)
|
||||
@@ -161,39 +163,43 @@ func parsePersona(data []byte, source string) (*Persona, error) {
|
||||
// nested structures and catches typos in field names.
|
||||
// Multi-document YAML files are rejected to prevent silent data loss.
|
||||
func unmarshalYAMLWithDepthLimit(data []byte, out any, maxDepth int) error {
|
||||
// First pass: decode into a yaml.Node to check depth limits and node counts.
|
||||
// This prevents stack exhaustion before we attempt to decode into structs.
|
||||
var node yaml.Node
|
||||
dec := yaml.NewDecoder(bytes.NewReader(data))
|
||||
if err := dec.Decode(&node); err != nil {
|
||||
// First pass: parse into AST to check depth limits, node counts, and
|
||||
// multi-document rejection. This prevents stack exhaustion before we
|
||||
// attempt to decode into structs.
|
||||
file, err := parser.ParseBytes(data, 0)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
// Reject multi-document YAML files - silently ignoring additional documents
|
||||
// could lead to confusing behavior where users think their changes take effect.
|
||||
var extra yaml.Node
|
||||
if dec.Decode(&extra) == nil {
|
||||
if len(file.Docs) > 1 {
|
||||
return fmt.Errorf("multi-document YAML is not supported; only single-document files are allowed")
|
||||
}
|
||||
|
||||
if len(file.Docs) == 0 {
|
||||
return fmt.Errorf("empty YAML document")
|
||||
}
|
||||
|
||||
nodeCount := 0
|
||||
if err := checkYAMLDepth(&node, 0, maxDepth, MaxYAMLNodes, make(map[*yaml.Node]struct{}), &nodeCount); err != nil {
|
||||
if err := checkYAMLDepth(file.Docs[0].Body, 0, maxDepth, MaxYAMLNodes, make(map[ast.Node]struct{}), &nodeCount); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
// Second pass: decode with strict field checking enabled.
|
||||
// KnownFields(true) rejects unknown keys, catching typos like "focuss" or "identiy".
|
||||
// We must re-decode from the original data because yaml.Node.Decode() doesn't
|
||||
// support the KnownFields option.
|
||||
strictDec := yaml.NewDecoder(bytes.NewReader(data))
|
||||
strictDec.KnownFields(true)
|
||||
return strictDec.Decode(out)
|
||||
// Strict() rejects unknown keys, catching typos like "focuss" or "identiy".
|
||||
dec := yaml.NewDecoder(bytes.NewReader(data), yaml.Strict())
|
||||
return dec.Decode(out)
|
||||
}
|
||||
|
||||
// checkYAMLDepth recursively checks that YAML nodes don't exceed the depth limit
|
||||
// or the total node count limit. It also detects alias cycles to prevent infinite
|
||||
// recursion from crafted YAML with self-referential aliases.
|
||||
func checkYAMLDepth(node *yaml.Node, depth, maxDepth, maxNodes int, seen map[*yaml.Node]struct{}, nodeCount *int) error {
|
||||
// checkYAMLDepth recursively checks that YAML AST nodes don't exceed the depth
|
||||
// limit or the total node count limit. It also detects alias cycles to prevent
|
||||
// infinite recursion from crafted YAML with self-referential aliases.
|
||||
func checkYAMLDepth(node ast.Node, depth, maxDepth, maxNodes int, seen map[ast.Node]struct{}, nodeCount *int) error {
|
||||
if node == nil {
|
||||
return nil
|
||||
}
|
||||
|
||||
if depth > maxDepth {
|
||||
return fmt.Errorf("YAML nesting depth exceeds maximum (%d)", maxDepth)
|
||||
}
|
||||
@@ -210,16 +216,43 @@ func checkYAMLDepth(node *yaml.Node, depth, maxDepth, maxNodes int, seen map[*ya
|
||||
}
|
||||
seen[node] = struct{}{}
|
||||
|
||||
// Handle alias nodes: follow the alias to its anchor target.
|
||||
// Increment depth when following aliases since they expand the effective structure.
|
||||
if node.Kind == yaml.AliasNode && node.Alias != nil {
|
||||
return checkYAMLDepth(node.Alias, depth+1, maxDepth, maxNodes, seen, nodeCount)
|
||||
}
|
||||
|
||||
for _, child := range node.Content {
|
||||
if err := checkYAMLDepth(child, depth+1, maxDepth, maxNodes, seen, nodeCount); err != nil {
|
||||
// Walk children based on node type.
|
||||
switch n := node.(type) {
|
||||
case *ast.MappingNode:
|
||||
for _, value := range n.Values {
|
||||
if err := checkYAMLDepth(value, depth+1, maxDepth, maxNodes, seen, nodeCount); err != nil {
|
||||
return err
|
||||
}
|
||||
}
|
||||
case *ast.MappingValueNode:
|
||||
if err := checkYAMLDepth(n.Key, depth+1, maxDepth, maxNodes, seen, nodeCount); err != nil {
|
||||
return err
|
||||
}
|
||||
if err := checkYAMLDepth(n.Value, depth+1, maxDepth, maxNodes, seen, nodeCount); err != nil {
|
||||
return err
|
||||
}
|
||||
case *ast.SequenceNode:
|
||||
for _, value := range n.Values {
|
||||
if err := checkYAMLDepth(value, depth+1, maxDepth, maxNodes, seen, nodeCount); err != nil {
|
||||
return err
|
||||
}
|
||||
}
|
||||
case *ast.AliasNode:
|
||||
// Follow alias to its target, incrementing depth since aliases expand
|
||||
// the effective structure.
|
||||
if err := checkYAMLDepth(n.Value, depth+1, maxDepth, maxNodes, seen, nodeCount); err != nil {
|
||||
return err
|
||||
}
|
||||
case *ast.AnchorNode:
|
||||
if err := checkYAMLDepth(n.Value, depth+1, maxDepth, maxNodes, seen, nodeCount); err != nil {
|
||||
return err
|
||||
}
|
||||
case *ast.TagNode:
|
||||
if err := checkYAMLDepth(n.Value, depth+1, maxDepth, maxNodes, seen, nodeCount); err != nil {
|
||||
return err
|
||||
}
|
||||
// Scalar types (StringNode, IntegerNode, FloatNode, BoolNode, NullNode,
|
||||
// InfinityNode, NanNode, LiteralNode, MergeKeyNode) are leaf nodes.
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user