Validate empty source paths to prevent project root inclusion (#1595)

yonaskolb · claude · yonaskolb · commit 0e2202642a86 · 2026-03-05T17:02:15.000+11:00
Empty/null source entries (e.g. bare `-` in YAML) resolve to the project
root, causing extreme memory usage. Add validation to reject them with a
clear error message.

Co-Authored-By: Claude Opus 4.6 &lt;noreply@anthropic.com&gt;
diff --git a/Sources/ProjectSpec/SpecValidation.swift b/Sources/ProjectSpec/SpecValidation.swift
@@ -178,6 +178,10 @@ extension Project {
             }
 
             for source in target.sources {
+                if source.path.isEmpty {
+                    errors.append(.emptySourcePath(target: target.name))
+                    continue
+                }
                 let sourcePath = basePath + source.path
                 if !source.optional && !sourcePath.exists {
                     errors.append(.invalidTargetSource(target: target.name, source: sourcePath.string))
diff --git a/Sources/ProjectSpec/SpecValidationError.swift b/Sources/ProjectSpec/SpecValidationError.swift
@@ -42,6 +42,7 @@ public struct SpecValidationError: Error, CustomStringConvertible {
         case multipleDefaultTestPlans
         case duplicateDependencies(target: String, dependencyReference: String)
         case invalidPluginPackageReference(plugin: String, package: String)
+        case emptySourcePath(target: String)
 
         public var description: String {
             switch self {
@@ -109,6 +110,8 @@ public struct SpecValidationError: Error, CustomStringConvertible {
                  return "Target \(target.quoted) has the dependency \(dependencyReference.quoted) multiple times"
             case let .invalidPluginPackageReference(plugin, package):
                 return "Plugin \(plugin) has invalid package reference \(package)"
+            case let .emptySourcePath(target):
+                return "Target \(target.quoted) has an empty source path entry"
             }
         }
     }
diff --git a/Tests/ProjectSpecTests/ProjectSpecTests.swift b/Tests/ProjectSpecTests/ProjectSpecTests.swift
@@ -320,6 +320,17 @@ class ProjectSpecTests: XCTestCase {
                 try expectValidationError(project, .invalidTargetSchemeConfigVariant(target: "target1", configVariant: "invalidVariant", configType: .debug))
             }
 
+            $0.it("fails with empty source path") {
+                var project = baseProject
+                project.targets = [Target(
+                    name: "target1",
+                    type: .application,
+                    platform: .iOS,
+                    sources: ["", "validSource"]
+                )]
+                try expectValidationError(project, .emptySourcePath(target: "target1"))
+            }
+
             $0.it("fails with invalid aggregate target") {
                 var project = baseProject
                 project.aggregateTargets = [AggregateTarget(

Original file line number	Diff line number	Diff line change
`@@ -42,6 +42,7 @@ public struct SpecValidationError: Error, CustomStringConvertible {`
`42`	`42`	`case multipleDefaultTestPlans`
`43`	`43`	`case duplicateDependencies(target: String, dependencyReference: String)`
`44`	`44`	`case invalidPluginPackageReference(plugin: String, package: String)`
	`45`	`+ case emptySourcePath(target: String)`
`45`	`46`
`46`	`47`	`public var description: String {`
`47`	`48`	`switch self {`
`@@ -109,6 +110,8 @@ public struct SpecValidationError: Error, CustomStringConvertible {`
`109`	`110`	`return "Target \(target.quoted) has the dependency \(dependencyReference.quoted) multiple times"`
`110`	`111`	`case let .invalidPluginPackageReference(plugin, package):`
`111`	`112`	`return "Plugin \(plugin) has invalid package reference \(package)"`
	`113`	`+ case let .emptySourcePath(target):`
	`114`	`+ return "Target \(target.quoted) has an empty source path entry"`
`112`	`115`	`}`
`113`	`116`	`}`
`114`	`117`	`}`