Add input sanitization for semicolon in text evaluation

- Validate primary key value is not empty/nil after semicolon splitting
- Strip whitespace from primary key value after splitting
- Skip empty parts from trailing/consecutive semicolons
- Add test fixtures and test cases for edge cases

Co-authored-by: northrup <[email protected]>

Author: Copilot

lib/entitlements/data/groups/calculated/text.rb

@@ -316,8 +316,13 @@ def parsed_predicate(val)
             return { key: v } unless v.include?(";")
 
             parts = v.split(/\s*;\s*/)
-            op_hash = { key: parts.shift }
-            parts.each do |part|
+            primary_value = parts.shift
+            if primary_value.nil? || primary_value.strip.empty?
+              raise ArgumentError, "Rule Error: Empty value with semicolon predicate in #{filename}!"
+            end
+
+            op_hash = { key: primary_value.strip }
+            parts.reject { |part| part.strip.empty? }.each do |part|
               if part =~ /\A(\w+)\s*=\s*(\S+)\s*\z/
                 predicate_keyword, predicate_value = Regexp.last_match(1), Regexp.last_match(2)
                 unless SEMICOLON_PREDICATES.include?(predicate_keyword)

spec/unit/entitlements/data/groups/calculated/text_spec.rb

@@ -589,5 +589,38 @@
         expect(result).to eq(answer)
       end
     end
+
+    context "with a leading semicolon in the value" do
+      let(:filename) { fixture("ldap-config/text/leading-semicolon.txt") }
+
+      it "raises an error about empty value" do
+        expect do
+          subject.send(:parsed_data)
+        end.to raise_error(ArgumentError, /Rule Error: Empty value with semicolon predicate in .+leading-semicolon.txt!/)
+      end
+    end
+
+    context "with only a semicolon as the value" do
+      let(:filename) { fixture("ldap-config/text/only-semicolon.txt") }
+
+      it "raises an error about empty value" do
+        expect do
+          subject.send(:parsed_data)
+        end.to raise_error(ArgumentError, /Rule Error: Empty value with semicolon predicate in .+only-semicolon.txt!/)
+      end
+    end
+
+    context "with a trailing semicolon in the value" do
+      let(:filename) { fixture("ldap-config/text/trailing-semicolon.txt") }
+
+      it "parses correctly ignoring trailing semicolon" do
+        result = subject.send(:parsed_data)
+        answer = {
+          "description" => {"=" => [{ key: "Trailing semicolon test" }], "!=" => [], "&=" => []},
+          "username" => {"=" => [{ key: "blackmanx" }], "!=" => [], "&=" => []}
+        }
+        expect(result).to eq(answer)
+      end
+    end
   end
 end

spec/unit/fixtures/ldap-config/text/leading-semicolon.txt

@@ -0,0 +1,2 @@
+description = Leading semicolon test
+username = ;expiration = 2025-01-01

spec/unit/fixtures/ldap-config/text/only-semicolon.txt

@@ -0,0 +1,2 @@
+description = Only semicolon test
+username = ;

spec/unit/fixtures/ldap-config/text/trailing-semicolon.txt

@@ -0,0 +1,2 @@
+description = Trailing semicolon test
+username = blackmanx;