Function validate_fixup_target 

pub fn validate_fixup_target(
    path: &Path,
    repo_root: &Path,
    allow_links: bool,
) -> Result<(), FixupError>

Validates that a fixup target path is safe to apply patches to.

This function ensures that:

• The path is not absolute
• The path does not contain parent directory (..) components
• The path is not a symlink (unless allow_links is true)
• The path is not a hardlink (unless allow_links is true)
• After symlink resolution, the path resolves within the repository root

This function delegates validation to SandboxRoot to keep path policy consistent across fixup parsing and application.

Arguments

• path - The target path to validate (relative to repo root)
• repo_root - The repository root directory
• allow_links - Whether to allow symlinks and hardlinks (default: false)

Returns

Returns Ok(()) if the path is valid, or a FixupError describing why it’s invalid.

Examples

use std::path::Path;
use xchecker_engine::fixup::validate_fixup_target;

let repo_root = Path::new("/home/user/project");
let target = Path::new("src/main.rs");

// Valid path
assert!(validate_fixup_target(target, repo_root, false).is_ok());

// Invalid: absolute path
let absolute = Path::new("/etc/passwd");
assert!(validate_fixup_target(absolute, repo_root, false).is_err());

// Invalid: parent directory escape
let escape = Path::new("../../../etc/passwd");
assert!(validate_fixup_target(escape, repo_root, false).is_err());