chore: housekeeping and refactoring (bump to 4.7.1)

- Remove unused parameters, dead files, and inaccurate doc.go files - Extract shared helpers, eliminate duplication - Rename cheatpath.Cheatpath to cheatpath.Path - Optimize filesystem walks (WalkDir, skip .git) - Move sheet name validation to sheet.Validate - Move integration tests to test/integration/ - Consolidate internal/mock into mocks/ - Move fuzz.sh to test/ - Inline loadSheets helper into command callers - Extract config.New into its own file - Fix stale references in HACKING.md and CLAUDE.md - Restore plan9 build target - Remove redundant and low-value tests - Clean up project documentation Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-07 03:03:32 +01:00 · 2026-02-15 15:09:30 -05:00
parent d4a8a79628
commit 5ad1a3c39f
68 changed files with 605 additions and 1578 deletions
--- a/internal/cheatpath/cheatpath.go
+++ b/internal/cheatpath/cheatpath.go
@@ -2,27 +2,10 @@
 // management.
 package cheatpath

-import "fmt"
-
-// Cheatpath encapsulates cheatsheet path information
-type Cheatpath struct {
+// Path encapsulates cheatsheet path information
+type Path struct {
 	Name     string   `yaml:"name"`
 	Path     string   `yaml:"path"`
 	ReadOnly bool     `yaml:"readonly"`
 	Tags     []string `yaml:"tags"`
 }
-
-// Validate ensures that the Cheatpath is valid
-func (c Cheatpath) Validate() error {
-	// Check that name is not empty
-	if c.Name == "" {
-		return fmt.Errorf("cheatpath name cannot be empty")
-	}
-
-	// Check that path is not empty
-	if c.Path == "" {
-		return fmt.Errorf("cheatpath path cannot be empty")
-	}
-
-	return nil
-}
--- a/internal/cheatpath/cheatpath_test.go
+++ b/internal/cheatpath/cheatpath_test.go
@@ -8,13 +8,13 @@ import (
 func TestCheatpathValidate(t *testing.T) {
 	tests := []struct {
 		name      string
-		cheatpath Cheatpath
+		cheatpath Path
 		wantErr   bool
 		errMsg    string
 	}{
 		{
 			name: "valid cheatpath",
-			cheatpath: Cheatpath{
+			cheatpath: Path{
 				Name:     "personal",
 				Path:     "/home/user/.config/cheat/personal",
 				ReadOnly: false,
@@ -24,7 +24,7 @@ func TestCheatpathValidate(t *testing.T) {
 		},
 		{
 			name: "empty name",
-			cheatpath: Cheatpath{
+			cheatpath: Path{
 				Name:     "",
 				Path:     "/home/user/.config/cheat/personal",
 				ReadOnly: false,
@@ -35,7 +35,7 @@ func TestCheatpathValidate(t *testing.T) {
 		},
 		{
 			name: "empty path",
-			cheatpath: Cheatpath{
+			cheatpath: Path{
 				Name:     "personal",
 				Path:     "",
 				ReadOnly: false,
@@ -46,7 +46,7 @@ func TestCheatpathValidate(t *testing.T) {
 		},
 		{
 			name: "both empty",
-			cheatpath: Cheatpath{
+			cheatpath: Path{
 				Name:     "",
 				Path:     "",
 				ReadOnly: true,
@@ -57,7 +57,7 @@ func TestCheatpathValidate(t *testing.T) {
 		},
 		{
 			name: "minimal valid",
-			cheatpath: Cheatpath{
+			cheatpath: Path{
 				Name: "x",
 				Path: "/",
 			},
@@ -65,7 +65,7 @@ func TestCheatpathValidate(t *testing.T) {
 		},
 		{
 			name: "with readonly and tags",
-			cheatpath: Cheatpath{
+			cheatpath: Path{
 				Name:     "community",
 				Path:     "/usr/share/cheat",
 				ReadOnly: true,
@@ -88,26 +88,3 @@ func TestCheatpathValidate(t *testing.T) {
 		})
 	}
 }
-
-func TestCheatpathStruct(t *testing.T) {
-	// Test that the struct fields work as expected
-	cp := Cheatpath{
-		Name:     "test",
-		Path:     "/test/path",
-		ReadOnly: true,
-		Tags:     []string{"tag1", "tag2"},
-	}
-
-	if cp.Name != "test" {
-		t.Errorf("expected Name to be 'test', got %q", cp.Name)
-	}
-	if cp.Path != "/test/path" {
-		t.Errorf("expected Path to be '/test/path', got %q", cp.Path)
-	}
-	if !cp.ReadOnly {
-		t.Error("expected ReadOnly to be true")
-	}
-	if len(cp.Tags) != 2 || cp.Tags[0] != "tag1" || cp.Tags[1] != "tag2" {
-		t.Errorf("expected Tags to be [tag1 tag2], got %v", cp.Tags)
-	}
-}
--- a/internal/cheatpath/doc.go
+++ b/internal/cheatpath/doc.go
@@ -1,64 +0,0 @@
-// Package cheatpath manages collections of cheat sheets organized in filesystem directories.
-//
-// A Cheatpath represents a directory containing cheat sheets, with associated
-// metadata such as tags and read-only status. Multiple cheatpaths can be
-// configured to organize sheets from different sources (personal, community, work, etc.).
-//
-// # Cheatpath Structure
-//
-// Each cheatpath has:
-//   - Name: A friendly identifier (e.g., "personal", "community")
-//   - Path: The filesystem path to the directory
-//   - Tags: Tags automatically applied to all sheets in this path
-//   - ReadOnly: Whether sheets in this path can be modified
-//
-// Example configuration:
-//
-//	cheatpaths:
-//	  - name: personal
-//	    path: ~/cheat
-//	    tags: []
-//	    readonly: false
-//	  - name: community
-//	    path: ~/cheat/community
-//	    tags: [community]
-//	    readonly: true
-//
-// # Directory-Scoped Cheatpaths
-//
-// The package supports directory-scoped cheatpaths via `.cheat` directories.
-// When running cheat, the tool walks upward from the current working directory
-// to the filesystem root, stopping at the first `.cheat` directory found. That
-// directory is temporarily added to the available cheatpaths.
-//
-// # Precedence and Overrides
-//
-// When multiple cheatpaths contain a sheet with the same name, the sheet
-// from the most "local" cheatpath takes precedence. This allows users to
-// override community sheets with personal versions.
-//
-// Key Functions
-//
-//   - Filter: Filters cheatpaths by name
-//   - Validate: Ensures cheatpath configuration is valid
-//   - Writeable: Returns the first writeable cheatpath
-//
-// Example Usage
-//
-//	// Filter cheatpaths to only "personal"
-//	filtered, err := cheatpath.Filter(paths, "personal")
-//	if err != nil {
-//	    log.Fatal(err)
-//	}
-//
-//	// Find a writeable cheatpath
-//	writeable, err := cheatpath.Writeable(paths)
-//	if err != nil {
-//	    log.Fatal(err)
-//	}
-//
-//	// Validate cheatpath configuration
-//	if err := cheatpath.Validate(paths); err != nil {
-//	    log.Fatal(err)
-//	}
-package cheatpath
--- a/internal/cheatpath/filter.go
+++ b/internal/cheatpath/filter.go
@@ -5,15 +5,15 @@ import (
 )

 // Filter filters all cheatpaths that are not named `name`
-func Filter(paths []Cheatpath, name string) ([]Cheatpath, error) {
+func Filter(paths []Path, name string) ([]Path, error) {

 	// if a path of the given name exists, return it
 	for _, path := range paths {
 		if path.Name == name {
-			return []Cheatpath{path}, nil
+			return []Path{path}, nil
 		}
 	}

 	// otherwise, return an error
-	return []Cheatpath{}, fmt.Errorf("cheatpath does not exist: %s", name)
+	return []Path{}, fmt.Errorf("cheatpath does not exist: %s", name)
 }
--- a/internal/cheatpath/filter_test.go
+++ b/internal/cheatpath/filter_test.go
@@ -9,10 +9,10 @@ import (
 func TestFilterSuccess(t *testing.T) {

 	// init cheatpaths
-	paths := []Cheatpath{
-		Cheatpath{Name: "foo"},
-		Cheatpath{Name: "bar"},
-		Cheatpath{Name: "baz"},
+	paths := []Path{
+		Path{Name: "foo"},
+		Path{Name: "bar"},
+		Path{Name: "baz"},
 	}

 	// filter the paths
@@ -39,10 +39,10 @@ func TestFilterSuccess(t *testing.T) {
 func TestFilterFailure(t *testing.T) {

 	// init cheatpaths
-	paths := []Cheatpath{
-		Cheatpath{Name: "foo"},
-		Cheatpath{Name: "bar"},
-		Cheatpath{Name: "baz"},
+	paths := []Path{
+		Path{Name: "foo"},
+		Path{Name: "bar"},
+		Path{Name: "baz"},
 	}

 	// filter the paths
--- a/internal/cheatpath/validate.go
+++ b/internal/cheatpath/validate.go
@@ -2,39 +2,15 @@ package cheatpath

 import (
 	"fmt"
-	"path/filepath"
-	"strings"
 )

-// ValidateSheetName ensures that a cheatsheet name does not contain
-// directory traversal sequences or other potentially dangerous patterns.
-func ValidateSheetName(name string) error {
-	// Reject empty names
-	if name == "" {
-		return fmt.Errorf("cheatsheet name cannot be empty")
+// Validate ensures that the Path is valid
+func (c Path) Validate() error {
+	if c.Name == "" {
+		return fmt.Errorf("cheatpath name cannot be empty")
 	}
-
-	// Reject names containing directory traversal
-	if strings.Contains(name, "..") {
-		return fmt.Errorf("cheatsheet name cannot contain '..'")
+	if c.Path == "" {
+		return fmt.Errorf("cheatpath path cannot be empty")
 	}
-
-	// Reject absolute paths
-	if filepath.IsAbs(name) {
-		return fmt.Errorf("cheatsheet name cannot be an absolute path")
-	}
-
-	// Reject names that start with ~ (home directory expansion)
-	if strings.HasPrefix(name, "~") {
-		return fmt.Errorf("cheatsheet name cannot start with '~'")
-	}
-
-	// Reject hidden files (files that start with a dot)
-	// We don't display hidden files, so we shouldn't create them
-	filename := filepath.Base(name)
-	if strings.HasPrefix(filename, ".") {
-		return fmt.Errorf("cheatsheet name cannot start with '.' (hidden files are not supported)")
-	}
-
 	return nil
 }
--- a/internal/cheatpath/validate_fuzz_test.go
+++ b/internal/cheatpath/validate_fuzz_test.go
@@ -1,169 +0,0 @@
-package cheatpath
-
-import (
-	"strings"
-	"testing"
-	"unicode/utf8"
-)
-
-// FuzzValidateSheetName tests the ValidateSheetName function with fuzzing
-// to ensure it properly prevents path traversal and other security issues
-func FuzzValidateSheetName(f *testing.F) {
-	// Add seed corpus with various valid and malicious inputs
-	// Valid names
-	f.Add("docker")
-	f.Add("docker/compose")
-	f.Add("lang/go/slice")
-	f.Add("my-cheat_sheet")
-	f.Add("file.txt")
-	f.Add("a")
-	f.Add("123")
-
-	// Path traversal attempts
-	f.Add("..")
-	f.Add("../etc/passwd")
-	f.Add("foo/../bar")
-	f.Add("foo/../../etc/passwd")
-	f.Add("..\\windows\\system32")
-	f.Add("foo\\..\\..\\windows")
-
-	// Encoded traversal attempts
-	f.Add("%2e%2e")
-	f.Add("%2e%2e%2f")
-	f.Add("..%2f")
-	f.Add("%2e.")
-	f.Add(".%2e")
-	f.Add("\x2e\x2e")
-	f.Add("\\x2e\\x2e")
-
-	// Unicode and special characters
-	f.Add("€test")
-	f.Add("test€")
-	f.Add("中文")
-	f.Add("🎉emoji")
-	f.Add("\x00null")
-	f.Add("test\x00null")
-	f.Add("\nnewline")
-	f.Add("test\ttab")
-
-	// Absolute paths
-	f.Add("/etc/passwd")
-	f.Add("C:\\Windows\\System32")
-	f.Add("\\\\server\\share")
-	f.Add("//server/share")
-
-	// Home directory
-	f.Add("~")
-	f.Add("~/config")
-	f.Add("~user/file")
-
-	// Hidden files
-	f.Add(".hidden")
-	f.Add("dir/.hidden")
-	f.Add(".git/config")
-
-	// Edge cases
-	f.Add("")
-	f.Add(" ")
-	f.Add("  ")
-	f.Add("\t")
-	f.Add(".")
-	f.Add("./")
-	f.Add("./file")
-	f.Add(".../")
-	f.Add("...")
-	f.Add("....")
-
-	// Very long names
-	f.Add(strings.Repeat("a", 255))
-	f.Add(strings.Repeat("a/", 100) + "file")
-	f.Add(strings.Repeat("../", 50) + "etc/passwd")
-
-	f.Fuzz(func(t *testing.T, input string) {
-		// The function should never panic
-		func() {
-			defer func() {
-				if r := recover(); r != nil {
-					t.Errorf("ValidateSheetName panicked with input %q: %v", input, r)
-				}
-			}()
-
-			err := ValidateSheetName(input)
-
-			// Security invariants that must always hold
-			if err == nil {
-				// If validation passed, verify security properties
-
-				// Should not contain ".." for path traversal
-				if strings.Contains(input, "..") {
-					t.Errorf("validation passed but input contains '..': %q", input)
-				}
-
-				// Should not be empty
-				if input == "" {
-					t.Error("validation passed for empty input")
-				}
-
-				// Should not start with ~ (home directory)
-				if strings.HasPrefix(input, "~") {
-					t.Errorf("validation passed but input starts with '~': %q", input)
-				}
-
-				// Base filename should not start with .
-				parts := strings.Split(input, "/")
-				if len(parts) > 0 {
-					lastPart := parts[len(parts)-1]
-					if strings.HasPrefix(lastPart, ".") && lastPart != "." {
-						t.Errorf("validation passed but filename starts with '.': %q", input)
-					}
-				}
-
-				// Additional check: result should be valid UTF-8
-				if !utf8.ValidString(input) {
-					// While the function doesn't explicitly check this,
-					// we want to ensure it handles invalid UTF-8 gracefully
-					t.Logf("validation passed for invalid UTF-8: %q", input)
-				}
-			}
-		}()
-	})
-}
-
-// FuzzValidateSheetNamePathTraversal specifically targets path traversal bypasses
-func FuzzValidateSheetNamePathTraversal(f *testing.F) {
-	// Seed corpus focusing on path traversal variations
-	f.Add("..", "/", "")
-	f.Add("", "..", "/")
-	f.Add("a", "b", "c")
-
-	f.Fuzz(func(t *testing.T, prefix string, middle string, suffix string) {
-		// Construct various path traversal attempts
-		inputs := []string{
-			prefix + ".." + suffix,
-			prefix + "/.." + suffix,
-			prefix + "\\.." + suffix,
-			prefix + middle + ".." + suffix,
-			prefix + "../" + middle + suffix,
-			prefix + "..%2f" + suffix,
-			prefix + "%2e%2e" + suffix,
-			prefix + "%2e%2e%2f" + suffix,
-		}
-
-		for _, input := range inputs {
-			func() {
-				defer func() {
-					if r := recover(); r != nil {
-						t.Errorf("ValidateSheetName panicked with constructed input %q: %v", input, r)
-					}
-				}()
-
-				err := ValidateSheetName(input)
-
-				// If the input contains literal "..", it must be rejected
-				if strings.Contains(input, "..") && err == nil {
-					t.Errorf("validation incorrectly passed for input containing '..': %q", input)
-				}
-			}()
-		}
-	})
-}
--- a/internal/cheatpath/validate_test.go
+++ b/internal/cheatpath/validate_test.go
@@ -1,113 +0,0 @@
-package cheatpath
-
-import (
-	"runtime"
-	"strings"
-	"testing"
-)
-
-func TestValidateSheetName(t *testing.T) {
-	tests := []struct {
-		name    string
-		input   string
-		wantErr bool
-		errMsg  string
-	}{
-		// Valid names
-		{
-			name:    "simple name",
-			input:   "docker",
-			wantErr: false,
-		},
-		{
-			name:    "name with slash",
-			input:   "docker/compose",
-			wantErr: false,
-		},
-		{
-			name:    "name with multiple slashes",
-			input:   "lang/go/slice",
-			wantErr: false,
-		},
-		{
-			name:    "name with dash and underscore",
-			input:   "my-cheat_sheet",
-			wantErr: false,
-		},
-		// Invalid names
-		{
-			name:    "empty name",
-			input:   "",
-			wantErr: true,
-			errMsg:  "empty",
-		},
-		{
-			name:    "parent directory traversal",
-			input:   "../etc/passwd",
-			wantErr: true,
-			errMsg:  "'..'",
-		},
-		{
-			name:    "complex traversal",
-			input:   "foo/../../etc/passwd",
-			wantErr: true,
-			errMsg:  "'..'",
-		},
-		{
-			name:    "absolute path unix",
-			input:   "/etc/passwd",
-			wantErr: runtime.GOOS != "windows", // /etc/passwd is not absolute on Windows
-			errMsg:  "absolute",
-		},
-		{
-			name:    "absolute path windows",
-			input:   `C:\evil`,
-			wantErr: runtime.GOOS == "windows", // C:\evil is not absolute on Unix
-			errMsg:  "absolute",
-		},
-		{
-			name:    "home directory",
-			input:   "~/secrets",
-			wantErr: true,
-			errMsg:  "'~'",
-		},
-		{
-			name:    "just dots",
-			input:   "..",
-			wantErr: true,
-			errMsg:  "'..'",
-		},
-		{
-			name:    "hidden file not allowed",
-			input:   ".hidden",
-			wantErr: true,
-			errMsg:  "cannot start with '.'",
-		},
-		{
-			name:    "current dir is ok",
-			input:   "./current",
-			wantErr: false,
-		},
-		{
-			name:    "nested hidden file not allowed",
-			input:   "config/.gitignore",
-			wantErr: true,
-			errMsg:  "cannot start with '.'",
-		},
-	}
-
-	for _, tt := range tests {
-		t.Run(tt.name, func(t *testing.T) {
-			err := ValidateSheetName(tt.input)
-			if (err != nil) != tt.wantErr {
-				t.Errorf("ValidateName(%q) error = %v, wantErr %v", tt.input, err, tt.wantErr)
-				return
-			}
-			if err != nil && tt.errMsg != "" {
-				if !strings.Contains(err.Error(), tt.errMsg) {
-					t.Errorf("ValidateName(%q) error = %v, want error containing %q", tt.input, err, tt.errMsg)
-				}
-			}
-		})
-	}
-}
--- a/internal/cheatpath/writeable.go
+++ b/internal/cheatpath/writeable.go
@@ -4,8 +4,8 @@ import (
 	"fmt"
 )

-// Writeable returns a writeable Cheatpath
-func Writeable(cheatpaths []Cheatpath) (Cheatpath, error) {
+// Writeable returns a writeable Path
+func Writeable(cheatpaths []Path) (Path, error) {

 	// iterate backwards over the cheatpaths
 	// NB: we're going backwards because we assume that the most "local"
@@ -18,5 +18,5 @@ func Writeable(cheatpaths []Cheatpath) (Cheatpath, error) {
 	}

 	// otherwise, return an error
-	return Cheatpath{}, fmt.Errorf("no writeable cheatpaths found")
+	return Path{}, fmt.Errorf("no writeable cheatpaths found")
 }
--- a/internal/cheatpath/writeable_test.go
+++ b/internal/cheatpath/writeable_test.go
@@ -9,10 +9,10 @@ import (
 func TestWriteableOK(t *testing.T) {

 	// initialize some cheatpaths
-	cheatpaths := []Cheatpath{
-		Cheatpath{Path: "/foo", ReadOnly: true},
-		Cheatpath{Path: "/bar", ReadOnly: false},
-		Cheatpath{Path: "/baz", ReadOnly: true},
+	cheatpaths := []Path{
+		Path{Path: "/foo", ReadOnly: true},
+		Path{Path: "/bar", ReadOnly: false},
+		Path{Path: "/baz", ReadOnly: true},
 	}

 	// get the writeable cheatpath
@@ -34,10 +34,10 @@ func TestWriteableOK(t *testing.T) {
 func TestWriteableNotOK(t *testing.T) {

 	// initialize some cheatpaths
-	cheatpaths := []Cheatpath{
-		Cheatpath{Path: "/foo", ReadOnly: true},
-		Cheatpath{Path: "/bar", ReadOnly: true},
-		Cheatpath{Path: "/baz", ReadOnly: true},
+	cheatpaths := []Path{
+		Path{Path: "/foo", ReadOnly: true},
+		Path{Path: "/bar", ReadOnly: true},
+		Path{Path: "/baz", ReadOnly: true},
 	}

 	// get the writeable cheatpath