From 029ba680143fcbb9e2d9a5103ce78017b025356a Mon Sep 17 00:00:00 2001 From: Mike Farah Date: Sat, 20 Dec 2025 19:15:36 +1100 Subject: [PATCH] Bump gosec version --- pkg/yqlib/encoder_toml.go | 4 ++++ pkg/yqlib/toml_test.go | 23 +++++++++++++++++++++++ scripts/devtools.sh | 2 +- 3 files changed, 28 insertions(+), 1 deletion(-) diff --git a/pkg/yqlib/encoder_toml.go b/pkg/yqlib/encoder_toml.go index 8d04b050..6b3d1f2d 100644 --- a/pkg/yqlib/encoder_toml.go +++ b/pkg/yqlib/encoder_toml.go @@ -122,6 +122,10 @@ func (te *tomlEncoder) encodeRootMapping(w io.Writer, node *CandidateNode) error // encodeTopLevelEntry encodes a key/value at the root, dispatching to attribute, table, or array-of-tables func (te *tomlEncoder) encodeTopLevelEntry(w io.Writer, path []string, node *CandidateNode) error { + if len(path) == 0 { + return fmt.Errorf("cannot encode TOML entry with empty path") + } + switch node.Kind { case ScalarNode: // key = value diff --git a/pkg/yqlib/toml_test.go b/pkg/yqlib/toml_test.go index a7b98767..e3501036 100644 --- a/pkg/yqlib/toml_test.go +++ b/pkg/yqlib/toml_test.go @@ -2,6 +2,7 @@ package yqlib import ( "bufio" + "bytes" "fmt" "strings" "testing" @@ -797,6 +798,28 @@ func TestTomlColorisationNumberBug(t *testing.T) { } } +// Tests that the encoder handles empty path slices gracefully +func TestTomlEmptyPathPanic(t *testing.T) { + encoder := NewTomlEncoder() + tomlEncoder := encoder.(*tomlEncoder) + + var buf bytes.Buffer + + // Create a simple scalar node + scalarNode := &CandidateNode{ + Kind: ScalarNode, + Tag: "!!str", + Value: "test", + } + + // Test with empty path - this should not panic + err := tomlEncoder.encodeTopLevelEntry(&buf, []string{}, scalarNode) + if err == nil { + t.Error("Expected error when encoding with empty path, got nil") + } + +} + // TestTomlStringEscapeColourization tests that string colourization correctly // handles escape sequences, particularly escaped quotes at the end of strings func TestTomlStringEscapeColourization(t *testing.T) { diff --git a/scripts/devtools.sh b/scripts/devtools.sh index 7dac5be4..f157ec8e 100755 --- a/scripts/devtools.sh +++ b/scripts/devtools.sh @@ -2,4 +2,4 @@ set -ex go mod download golang.org/x/tools@latest curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b $(go env GOPATH)/bin v2.1.5 -curl -sSfL https://raw.githubusercontent.com/securego/gosec/master/install.sh | sh -s v2.22.5 \ No newline at end of file +curl -sSfL https://raw.githubusercontent.com/securego/gosec/master/install.sh | sh -s v2.22.11 \ No newline at end of file