fix: reject invalid json pointer escapes

[hiSandog]

Summary

• validate RFC 6901 escape sequences while decoding JSON Pointer segments
• report dangling '~' and unsupported '~x' escapes as pointer syntax errors
• add regression coverage for invalid escape handling

Validation

• env GOCACHE=/tmp/cli-gocache GOMODCACHE=/tmp/cli-gomodcache go test ./internal/binding
• git diff --check

Summary by CodeRabbit

Release Notes

• Bug Fixes
  • Improved JSON Pointer escape sequence validation with enhanced error messages that now identify invalid escape sequences and provide context for debugging.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: f85532a5-5de0-487f-85e7-f16605c9028d

📥 Commits

Reviewing files that changed from the base of the PR and between 7fb71c6 and 75775a0.

📒 Files selected for processing (2)

• internal/binding/json_pointer.go
• internal/binding/json_pointer_test.go

---

📝 Walkthrough

Walkthrough

The changes enhance RFC 6901 JSON Pointer segment decoding by introducing explicit validation of escape sequences (~0 for ~ and ~1 for /). A new helper function decodeJSONPointerSegment replaces sequential string replacements with dedicated decoding logic that reports structured errors for invalid escape sequences. Corresponding test cases verify rejection of malformed escapes.

Changes

Cohort / File(s)	Summary
JSON Pointer RFC 6901 Validation internal/binding/json_pointer.go	Added decodeJSONPointerSegment helper function to validate and decode escape sequences; enhanced ReadJSONPointer error handling to emit detailed error messages for invalid escapes (e.g., ~ not followed by 0 or 1, or trailing ~).
RFC 6901 Escape Error Tests internal/binding/json_pointer_test.go	Introduced TestReadJSONPointer_InvalidEscape test function to verify rejection of invalid escape sequences with exact error message validation.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Poem

🐰 A pointer's path now validated clean,
Each tilde and slash precisely seen,
RFC 6901 escapes ring true,
No malformed codes slip on through! ✨

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 20.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title 'fix: reject invalid json pointer escapes' directly and concisely summarizes the main change: validating RFC 6901 escape sequences in JSON Pointer handling.
Description check	✅ Passed	The description covers the key aspects of the change (validation, error reporting, test coverage) and includes validation steps, though it deviates from the template structure by using 'Validation' instead of 'Test Plan'.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Review rate limit: 7/8 reviews remaining, refill in 7 minutes and 30 seconds.}

_{Comment @coderabbitai help to get the list of available commands and usage tips.}