fix: remove dependency github.com/go-andiamo/splitter

[cb80]

Summary by CodeRabbit

• Refactor

  • Replaced external parsing dependency with an in-house certificate header parser for more direct control.

• Bug Fixes

  • Empty certificate headers are now treated as empty (no entries) rather than a single empty entry.
  • Malformed quoted headers now produce a clear error when a quote is left unclosed, improving detection and reporting.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: b66a34cd-5ecb-43b1-a888-0f89d1a0e54c

📥 Commits

Reviewing files that changed from the base of the PR and between 5c8b2c7 and 6fdbdf5.

📒 Files selected for processing (2)

• internal/extauthz/check.go
• internal/extauthz/check_test.go

✅ Files skipped from review due to trivial changes (1)

• internal/extauthz/check_test.go

🚧 Files skipped from review as they are similar to previous changes (1)

• internal/extauthz/check.go

---

📝 Walkthrough

Walkthrough

Replaced external splitter with manual CSV-style parsing in internal/extauthz/check.go. The parser now returns an empty slice for empty input and returns an error on unclosed double quotes; related tests in internal/extauthz/check_test.go updated to expect the empty-slice behavior.

Changes

Cohort / File(s)	Summary
CSV Header Parsing Refactor internal/extauthz/check.go	Removed use of external splitter; implemented character-by-character parsing that splits on commas only when outside double quotes, preserves commas inside quotes, returns []string{} for empty input, and returns an error "unclosed quote in header" if a quote is not closed.
Tests Updated for Empty Input internal/extauthz/check_test.go	Updated TestSplitCertHeader to expect an empty slice ([]string{}) for empty input instead of a slice containing an empty string.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Poem

🐰 I nibbled at commas, chased quotes in the night,
Tucked stray characters safely out of sight—
Empty fields now quiet, malformed ones cry,
A tidy little parser hops by. 🥕✨

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Description check	⚠️ Warning	The pull request description is empty; no description was provided by the author despite the template requiring sections like 'What this PR does' and 'Release note'.	Add a pull request description following the template, including what the PR does, any special notes for reviewers, and release notes (or 'NONE' if not applicable).

✅ Passed checks (2 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly summarizes the main change: removing the github.com/go-andiamo/splitter dependency by replacing it with manual parsing logic.
Docstring Coverage	✅ Passed	Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch splitter

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (1)

internal/extauthz/check.go (1)

277-279: Change empty XFCC header handling from one empty entry to no entries.

Returning []string{""} causes the certificate validation loop to iterate once with an empty certificate, resulting in an UNAUTHENTICATED failure. Returning []string{} skips unnecessary validation and avoids the auth side effect while remaining explicit about empty input.

Note: The test case "zero values" in TestSplitCertHeader currently expects []string{""} and will need to be updated to expect []string{}.

🔧 Proposed change

 	if certHeader == "" {
-		return []string{""}, nil
+		return []string{}, nil
 	}

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@internal/extauthz/check.go` around lines 277 - 279, The current handling in
internal/extauthz/check.go returns []string{""} when certHeader == "" which
forces one empty cert into validation; change this to return an empty slice
([]string{}) so no entries are validated. Update the corresponding test
expectation in TestSplitCertHeader (the "zero values" case) to expect []string{}
instead of []string{""}. Ensure the change is made where certHeader is checked
(the certHeader == "" branch) so callers of the SplitCertHeader behavior no
longer receive a single empty entry.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@internal/extauthz/check.go`:
- Around line 290-293: The quote-toggle unconditionally flips inQuote on every
'"' which fails for escaped quotes like \" — update the '"' case in the parser
(the branch that currently does inQuote = !inQuote and current.WriteByte(ch)) to
first detect if the quote is escaped and only toggle when it is not escaped;
implement this by checking the previous character (or maintain an escaped
boolean) so that a backslash that is itself not escaped prevents toggling. Apply
the same fix to the other similar quote-handling block (the code around the
current.WriteByte(ch) at the later location) so both places ignore escaped
quotes when deciding to flip inQuote.

---

Nitpick comments:
In `@internal/extauthz/check.go`:
- Around line 277-279: The current handling in internal/extauthz/check.go
returns []string{""} when certHeader == "" which forces one empty cert into
validation; change this to return an empty slice ([]string{}) so no entries are
validated. Update the corresponding test expectation in TestSplitCertHeader (the
"zero values" case) to expect []string{} instead of []string{""}. Ensure the
change is made where certHeader is checked (the certHeader == "" branch) so
callers of the SplitCertHeader behavior no longer receive a single empty entry.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: d0dd68bc-289e-4b9e-bda6-271eea882d2a

📥 Commits

Reviewing files that changed from the base of the PR and between abb7a2a and 5c8b2c7.

📒 Files selected for processing (1)

• internal/extauthz/check.go

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Quote-state toggling is incorrect for escaped quotes inside quoted values.

Line 290 flips inQuote on every ". Inputs containing escaped quotes (e.g., \") will be parsed incorrectly and can trigger false unclosed quote errors or wrong splits.

🔧 Proposed change

-	for i := 0; i < len(certHeader); i++ {
+	for i := 0; i < len(certHeader); i++ {
 		ch := certHeader[i]
+		if inQuote && ch == '\\' && i+1 < len(certHeader) {
+			current.WriteByte(ch)
+			i++
+			current.WriteByte(certHeader[i])
+			continue
+		}

 		switch ch {
 		case '"':
 			// Toggle quote state
 			inQuote = !inQuote
 			current.WriteByte(ch)

Also applies to: 311-314

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@internal/extauthz/check.go` around lines 290 - 293, The quote-toggle
unconditionally flips inQuote on every '"' which fails for escaped quotes like
\" — update the '"' case in the parser (the branch that currently does inQuote =
!inQuote and current.WriteByte(ch)) to first detect if the quote is escaped and
only toggle when it is not escaped; implement this by checking the previous
character (or maintain an escaped boolean) so that a backslash that is itself
not escaped prevents toggling. Apply the same fix to the other similar
quote-handling block (the code around the current.WriteByte(ch) at the later
location) so both places ignore escaped quotes when deciding to flip inQuote.