fix: Add array index overflow protection (fixes #19) (#70)

Prevent integer overflow when converting CEL's 0-based array indexing
to PostgreSQL's 1-based indexing.

Changes:
- Add overflow detection for math.MaxInt64 in visitCallListIndex()
- Add validation for negative array indices
- Return clear error messages for both cases
- Add comprehensive test coverage

This fixes CWE-190 (Integer Overflow) with severity Critical.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-authored-by: Claude <noreply@anthropic.com>

Author: richardwooding

cel2sql.go

@@ -6,6 +6,7 @@ import (
 	"errors"
 	"fmt"
 	"log/slog"
+	"math"
 	"regexp"
 	"strconv"
 	"strings"
@@ -1027,7 +1028,14 @@ func (con *converter) visitCallListIndex(expr *exprpb.Expr) error {
 	index := args[1]
 	// PostgreSQL arrays are 1-indexed, CEL is 0-indexed, so add 1
 	if constExpr := index.GetConstExpr(); constExpr != nil {
-		con.str.WriteString(strconv.FormatInt(constExpr.GetInt64Value()+1, 10))
+		idx := constExpr.GetInt64Value()
+		if idx == math.MaxInt64 {
+			return errors.New("array index overflow: cannot convert math.MaxInt64 to 1-based indexing")
+		}
+		if idx < 0 {
+			return fmt.Errorf("invalid negative array index: %d", idx)
+		}
+		con.str.WriteString(strconv.FormatInt(idx+1, 10))
 	} else {
 		if err := con.visit(index); err != nil {
 			return err

cel2sql_test.go

@@ -222,6 +222,18 @@ func TestConvert(t *testing.T) {
 			want:    "string_list[1] = 'a'", // PostgreSQL arrays are 1-indexed
 			wantErr: false,
 		},
+		{
+			name:    "array_index_overflow",
+			args:    args{source: `string_list[9223372036854775807]`}, // math.MaxInt64
+			want:    "",
+			wantErr: true,
+		},
+		{
+			name:    "array_index_negative",
+			args:    args{source: `string_list[-1]`},
+			want:    "",
+			wantErr: true,
+		},
 		{
 			name:    "map",
 			args:    args{source: `{"one": 1, "two": 2, "three": 3}["one"] == 1`},