Address review feedback for config validation

Copilot review asked to avoid duplicating the CR/LF/NUL pattern between name validation and value validation, and to add regression coverage for all newly guarded write paths.

Reuse a single compiled unsafe-character pattern for both config values and section/option names. Extend the regression test to cover add_section(), set(), add_value(), and rename_section() destination names in addition to set_value().

Validation:
- uv run --with gitdb --with mypy --with pytest --with pytest-cov --with ddt --with pytest-mock --with pytest-instafail --with pytest-sugar --with pre-commit mypy --python-version=3.14
- uv run --with gitdb --with pytest --with pytest-cov --with ddt --with pytest-mock --with pytest-instafail --with pytest-sugar python -m pytest test/test_config.py::TestBase::test_set_value_rejects_unsafe_section_and_option_names --no-cov
- uv run --with gitdb --with pytest --with pytest-cov --with ddt --with pytest-mock --with pytest-instafail --with pytest-sugar python -m pytest test/test_config.py --no-cov
- uv run --with ruff ruff check git/config.py test/test_config.py

Author: codex

git/config.py

@@ -72,8 +72,8 @@
 See: https://git-scm.com/docs/git-config#_conditional_includes
 """
 
-UNSAFE_CONFIG_NAME_RE = re.compile(r"[\r\n\x00]")
-"""Characters that cannot be safely written in section or option names."""
+UNSAFE_CONFIG_CHARS_RE = re.compile(r"[\r\n\x00]")
+"""Characters that cannot be safely written in config names or values."""
 
 
 class MetaParserBuilder(abc.ABCMeta):  # noqa: B024
@@ -888,12 +888,12 @@ def _value_to_string(self, value: Union[str, bytes, int, float, bool]) -> str:
 
     def _value_to_string_safe(self, value: Union[str, bytes, int, float, bool]) -> str:
         value_str = self._value_to_string(value)
-        if re.search(r"[\r\n\x00]", value_str):
+        if UNSAFE_CONFIG_CHARS_RE.search(value_str):
             raise ValueError("Git config values must not contain CR, LF, or NUL")
         return value_str
 
     def _assure_config_name_safe(self, name: "cp._SectionName", label: str) -> None:
-        if isinstance(name, str) and UNSAFE_CONFIG_NAME_RE.search(name):
+        if isinstance(name, str) and UNSAFE_CONFIG_CHARS_RE.search(name):
             raise ValueError("Git config %s names must not contain CR, LF, or NUL" % label)
 
     @needs_values

test/test_config.py

@@ -169,11 +169,24 @@ def test_set_value_rejects_unsafe_section_and_option_names(self, rw_dir):
         bad_keys = ("user]\n[core", "user]\r[core", "user]\x00[core")
 
         with GitConfigParser(config_path, read_only=False) as git_config:
+            git_config.add_section("user")
             for bad_key in bad_keys:
+                with pytest.raises(ValueError, match="CR, LF, or NUL"):
+                    git_config.add_section(bad_key)
+                with pytest.raises(ValueError, match="CR, LF, or NUL"):
+                    git_config.set(bad_key, "hooksPath", "/tmp/hooks")
+                with pytest.raises(ValueError, match="CR, LF, or NUL"):
+                    git_config.set("user", bad_key, "/tmp/hooks")
                 with pytest.raises(ValueError, match="CR, LF, or NUL"):
                     git_config.set_value(bad_key, "hooksPath", "/tmp/hooks")
                 with pytest.raises(ValueError, match="CR, LF, or NUL"):
                     git_config.set_value("user", bad_key, "/tmp/hooks")
+                with pytest.raises(ValueError, match="CR, LF, or NUL"):
+                    git_config.add_value(bad_key, "hooksPath", "/tmp/hooks")
+                with pytest.raises(ValueError, match="CR, LF, or NUL"):
+                    git_config.add_value("user", bad_key, "/tmp/hooks")
+                with pytest.raises(ValueError, match="CR, LF, or NUL"):
+                    git_config.rename_section("user", bad_key)
 
             git_config.set_value("user", "name", "safe")