fix(cli): use safe UTF-8 slicing for session IDs in lock command #35
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Greptile OverviewGreptile SummaryReplaced unsafe byte-based string slicing with character-aware slicing to prevent panics on multi-byte UTF-8 characters in session IDs.
Confidence Score: 5/5
|
| Filename | Overview |
|---|---|
| src/cortex-cli/src/lock_cmd.rs | Replaced unsafe byte-based slicing with character-aware helper function, added comprehensive UTF-8 tests |
Sequence Diagram
sequenceDiagram
participant User
participant LockCmd as Lock Command
participant SafePrefix as safe_char_prefix()
participant LockFile as Lock File Storage
Note over User,LockFile: Session ID Display/Matching Flow
User->>LockCmd: list command
LockCmd->>LockFile: load_lock_file()
LockFile-->>LockCmd: locked_sessions[]
loop For each locked session
LockCmd->>SafePrefix: safe_char_prefix(session_id, 8)
SafePrefix->>SafePrefix: char_indices().nth(8)
SafePrefix->>SafePrefix: slice at byte boundary
SafePrefix-->>LockCmd: safe 8-char prefix
LockCmd->>User: display short_id
end
User->>LockCmd: check/is_locked(session_id)
LockCmd->>LockFile: load_lock_file()
LockFile-->>LockCmd: locked_sessions[]
loop For each entry
LockCmd->>SafePrefix: safe_char_prefix(entry.session_id, 8)
SafePrefix-->>LockCmd: safe 8-char prefix
LockCmd->>LockCmd: starts_with() check
end
LockCmd-->>User: lock status result
![greptile-apps[bot]](https://avatars.githubusercontent.com/in/867647?s=60&v=4){kind=small}
echobt
added a commit
that referenced
this pull request
Feb 4, 2026
This PR consolidates the following UTF-8 safety fixes: - #31: Use safe UTF-8 slicing in import command base64 extraction - #32: Use safe UTF-8 slicing for session IDs in notifications - #33: Use char-aware string truncation for UTF-8 safety in resume - #35: Use safe UTF-8 slicing for session IDs in lock command - #37: Validate UTF-8 boundaries in mention parsing All changes ensure safe string operations that respect UTF-8 boundaries: - Replaced direct byte slicing with char-aware methods - Added floor_char_boundary checks before slicing - Prevents panics from slicing multi-byte characters
Contributor
Author
|
Consolidated into #70 - fix: consolidated UTF-8 safety improvements for string slicing |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
Fixes #5276 - Lock command session ID slicing panics on multi-byte UTF-8.
Problem
Session ID handling uses byte-based string slicing at 4 locations.
Solution
Replaced with safe slicing using .get() or char-aware methods.
Added a helper function
safe_char_prefixthat extracts string prefixes by character count rather than byte count, preventing panics on multi-byte UTF-8 characters.Changes
safe_char_prefixhelper function for UTF-8 safe slicingis_session_locked,run_list, andrun_checkfunctions