fix: validate library name in parse_plot_path

MarkusNeusinger · claude · MarkusNeusinger · commit b6b9cea56eed · 2026-01-21T23:51:59.000+01:00
Address Copilot review feedback: reject paths with invalid library names.

Co-Authored-By: Claude Opus 4.5 &lt;noreply@anthropic.com&gt;
diff --git a/automation/scripts/workflow_utils.py b/automation/scripts/workflow_utils.py
@@ -200,9 +200,13 @@ def parse_plot_path(file_path: str) -> dict[str, str] | None:
     # Match: plots/{spec-id}/implementations/{library}.py
     match = re.match(r"plots/([^/]+)/implementations/([^/]+)\.py$", file_path)
     if match:
+        library = match.group(2)
+        # Validate library name
+        if library.lower() not in [lib.lower() for lib in SUPPORTED_LIBRARIES]:
+            return None
         return {
             "spec_id": match.group(1),
-            "library": match.group(2),
+            "library": library,
         }
 
     return None
diff --git a/tests/unit/automation/scripts/test_workflow_utils.py b/tests/unit/automation/scripts/test_workflow_utils.py
@@ -159,6 +159,11 @@ def test_invalid_path(self):
         assert parse_plot_path("") is None
         assert parse_plot_path(None) is None
 
+    def test_invalid_library(self):
+        # Valid path format but invalid library name
+        assert parse_plot_path("plots/scatter-basic/implementations/invalid-lib.py") is None
+        assert parse_plot_path("plots/scatter-basic/implementations/pandas.py") is None
+
 
 class TestIsValidLibrary:
     """Tests for is_valid_library function."""
