chore: bump version to 4.5.0

Bug fixes: - Fix inverted pager detection logic (returned error instead of path) - Fix repo.Clone ignoring destination directory parameter - Fix sheet loading using append on pre-sized slices - Clean up partial files on copy failure - Trim whitespace from editor config Security: - Add path traversal protection for cheatsheet names Performance: - Move regex compilation outside search loop - Replace string concatenation with strings.Join in search Build: - Remove go:generate; embed config and usage as string literals - Parallelize release builds - Add fuzz testing infrastructure Testing: - Improve test coverage from 38.9% to 50.2% - Add fuzz tests for search, filter, tags, and validation Documentation: - Fix inaccurate code examples in HACKING.md - Add missing --conf and --all options to man page - Add ADRs for path traversal, env parsing, and search parallelization - Update CONTRIBUTING.md to reflect project policy Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-07 11:13:33 +01:00 · 2026-02-14 19:56:19 -05:00
parent 7908a678df
commit cc85a4bdb1
69 changed files with 4802 additions and 577 deletions
--- a/build/fuzz.sh
+++ b/build/fuzz.sh
@@ -0,0 +1,37 @@
+#!/bin/bash
+#
+# Run fuzz tests for cheat
+# Usage: ./scripts/fuzz.sh [duration]
+#
+# Note: Go's fuzzer will fail immediately if it finds a known failing input
+# in the corpus (testdata/fuzz/*). This is by design - it ensures you fix
+# known bugs before searching for new ones. To see failing inputs:
+#   ls internal/*/testdata/fuzz/*/
+#
+
+set -e
+
+DURATION="${1:-15s}"
+
+# Define fuzz tests: "TestName:Package:Description"
+TESTS=(
+    "FuzzParse:./internal/sheet:YAML frontmatter parsing"
+    "FuzzValidateSheetName:./internal/cheatpath:sheet name validation (path traversal protection)"
+    "FuzzSearchRegex:./internal/sheet:regex search operations"
+    "FuzzSearchCatastrophicBacktracking:./internal/sheet:catastrophic backtracking"
+    "FuzzTagged:./internal/sheet:tag matching with malicious input"
+    "FuzzFilter:./internal/sheets:tag filtering operations"
+    "FuzzTags:./internal/sheets:tag aggregation and sorting"
+)
+
+echo "Running fuzz tests ($DURATION each)..."
+echo
+
+for i in "${!TESTS[@]}"; do
+    IFS=':' read -r test_name package description <<< "${TESTS[$i]}"
+    echo "$((i+1)). Testing $description..."
+    go test -fuzz="^${test_name}$" -fuzztime="$DURATION" "$package"
+    echo
+done
+
+echo "All fuzz tests passed!"