fix: guard against slice panic on single-char quoted strings in parseTypeFromString

markphelps · markphelps · commit d67210d60a2e · 2026-03-04T15:23:59.000-06:00
Fuzz testing found that a bare quote character (e.g. `"`) matched the
forward reference check but caused s[1:0] slice panic. Add len &gt;= 2
guard before slicing.
diff --git a/pkg/schema/python/parser.go b/pkg/schema/python/parser.go
@@ -686,8 +686,9 @@ func parseTypeFromString(s string) (schema.TypeAnnotation, bool) {
 	}
 
 	// Forward reference: quoted string like "MyType" or 'MyType'
-	if (strings.HasPrefix(s, "\"") && strings.HasSuffix(s, "\"")) ||
-		(strings.HasPrefix(s, "'") && strings.HasSuffix(s, "'")) {
+	if len(s) >= 2 &&
+		((strings.HasPrefix(s, "\"") && strings.HasSuffix(s, "\"")) ||
+			(strings.HasPrefix(s, "'") && strings.HasSuffix(s, "'"))) {
 		inner := s[1 : len(s)-1]
 		return parseTypeFromString(inner)
 	}

Original file line number	Diff line number	Diff line change
`@@ -686,8 +686,9 @@ func parseTypeFromString(s string) (schema.TypeAnnotation, bool) {`
`686`	`686`	`}`
`687`	`687`
`688`	`688`	`// Forward reference: quoted string like "MyType" or 'MyType'`
`689`		`- if (strings.HasPrefix(s, "\"") && strings.HasSuffix(s, "\"")) \|\|`
`690`		`- (strings.HasPrefix(s, "'") && strings.HasSuffix(s, "'")) {`
	`689`	`+ if len(s) >= 2 &&`
	`690`	`+ ((strings.HasPrefix(s, "\"") && strings.HasSuffix(s, "\"")) \|\|`
	`691`	`+ (strings.HasPrefix(s, "'") && strings.HasSuffix(s, "'"))) {`
`691`	`692`	`inner := s[1 : len(s)-1]`
`692`	`693`	`return parseTypeFromString(inner)`
`693`	`694`	`}`