bug: validateXargs skips validateFlagValue — AllowedValues not enforced

## Summary

In `validateXargs`, when a flag has `TakesValue`, the code advances `idx` to skip the value but never calls `validateFlagValue` on it. This means `AllowedValues` constraints on xargs flags are not enforced.

## Location

`validator/validator.go:112-133`

```go
if flagObj != nil && flagObj.TakesValue {
    idx++
    if idx >= len(args) {
        return &ValidationError{Message: fmt.Sprintf("Flag '%s' requires a value.", flagName)}
    }
    // value at args[idx] is consumed but never validated
}
```

Compare with `validateArgs` (line 195-205) which calls `validateFlagValue`.

## Impact

Currently no xargs flags have `AllowedValues` defined, so this is a latent bug. It would become exploitable if value-restricted flags are added to the xargs manifest.

## Suggested Fix

Add `validateFlagValue` call after consuming the value.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

bug: validateXargs skips validateFlagValue — AllowedValues not enforced #71

Summary

Location

Impact

Suggested Fix

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

bug: validateXargs skips validateFlagValue — AllowedValues not enforced #71

Description

Summary

Location

Impact

Suggested Fix

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions