fix(lexer): prevent panic on unterminated string literal

[kanywst]

Closes #3004

The DSL lexer panics with a slice-out-of-range on an unterminated string that ends in a backslash (smallest input: "\), reachable via SchemaWrite. Clamp the final slice in lexString to the input length. Adds a lexer test over several unterminated-string inputs that panics before this change and passes after.

Summary by CodeRabbit

• Bug Fixes
  • Fixed a crash in the lexer when processing unterminated or malformed string inputs. The system now handles these edge cases gracefully without panicking.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 73f9f7fb-ac82-4954-bbbf-148873c21c85

📥 Commits

Reviewing files that changed from the base of the PR and between 33231b1 and a120958.

📒 Files selected for processing (2)

• pkg/dsl/lexer/lexer.go
• pkg/dsl/lexer/lexer_test.go

---

📝 Walkthrough

Walkthrough

The lexString function in the DSL lexer is patched to clamp the slice end to len(l.input) and skip the append when position is out of bounds, preventing a panic on unterminated strings ending with a backslash. A regression test covers four such edge-case inputs.

Changes

Lexer unterminated-string panic fix

Layer / File(s)	Summary
Bounds-clamped slicing fix and regression tests pkg/dsl/lexer/lexer.go, pkg/dsl/lexer/lexer_test.go	lexString now clamps the pre-escape fragment's slice end to len(l.input) and skips the append when position is out of range. A new Ginkgo test iterates over "\, ", "abc\, and "\\ inputs, runs the lexer to EOF, and asserts ShouldNot(Panic()) for each.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~5 minutes

Poem

🐇 A backslash hid at the string's last byte,
Slicing past bounds — oh, what a fright!
I clamped the end, checked position's place,
No panic shall run, no crash to face.
Unterminated strings? Handled with care,
The fuzzer found bugs — the rabbit was there! 🌟

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly and specifically describes the main fix: preventing panic on unterminated string literals in the lexer, which matches the primary change across the modified files.
Linked Issues check	✅ Passed	The PR fully addresses issue #3004 by fixing the slice-out-of-range panic in lexString and adding regression tests for multiple unterminated string cases, meeting all coding requirements.
Out of Scope Changes check	✅ Passed	Both modified files contain changes directly related to fixing the unterminated string panic issue: the lexer fix and corresponding regression tests are within scope.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

All contributors have signed the CLA ✍️ ✅
_{Posted by the CLA Assistant Lite bot.}

[kanywst]

I have read the CLA Document and I hereby sign the CLA