bug: naive colon finder corrupts quoted keys containing colons

[nathanjmcdougall]

Problem

In \src/document.rs, \ind_key_colon\ uses \content.find(':')\ to locate the key-value separator. This misidentifies colons inside quoted YAML keys.

Example

Given:
\\yaml
"http://example.com": 8080
\\

When \�pply_complex_replace\ runs on this key (e.g. replacing \8080\ with {port: 9090}), it finds the colon after \http\ instead of the actual separator colon, producing corrupted YAML.

Trigger conditions

1. Document must contain a key with a colon in it (quoted or tagged)
2. A complex-value replace (mapping or sequence) must target that key's value
3. Simple scalar replaces go through yamlpatch directly and are unaffected

Proposed fix

Use an AST-based approach to locate the key-value separator position. Since yamlpath cannot be modified, this logic needs to live in this package — e.g. a quote-aware colon finder that skips colons within single/double quotes.

Alternatively, use the byte span from the Feature's context metadata to determine where the key ends and the value begins.

Severity

Medium — low probability (quoted keys with colons are uncommon) but silent data corruption when triggered.

References

• \src/document.rs\ line ~440: \n find_key_colon\
• \doc/todo/naive-colon-finding.md\
• CWE-20 (Improper Input Validation)