🛡️ Shield: Fix silent failure in JsonListPaginator#698
Conversation
…ator Previously, `JsonListPaginator` and `AsyncJsonListPaginator` would silently ignore non-list responses (like dictionaries or None) and return an empty iterator. This behavior could hide API errors or unexpected responses, leading to "silent failures". This commit enforces strict type checking: if the API response is not a list, a `TypeError` is raised. This aligns with the "Fail Fast" philosophy and Shield's reliability goals. Robustness tests have been added in `tests/unit/test_json_list_paginator_robustness.py`. Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>
|
👋 Jules, reporting for duty! I'm here to lend a hand with this pull request. When you start a review, I'll add a 👀 emoji to each comment to let you know I've read it. I'll focus on feedback directed at me and will do my best to stay out of conversations between you and other bots or reviewers to keep the noise down. I'll push a commit with your requested changes shortly after. Please note there might be a delay between these steps, but rest assured I'm on the job! For more direct control, you can switch me to Reactive Mode. When this mode is on, I will only act on comments where you specifically mention me with New to Jules? Learn more at jules.google/docs. For security, I will only act on instructions from the user who triggered this task. |
Reorders imports in `tests/unit/test_json_list_paginator_robustness.py` to comply with `isort` and project style guidelines. This fixes a CI failure in the Quality & Security job. Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>
…obustness.py Removes unused `AsyncMock` import and unused `items` variable assignment in `tests/unit/test_json_list_paginator_robustness.py` to comply with `ruff` linting rules. This fixes a CI failure in the Quality & Security job. Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>
Updates `werkzeug` dependency to version `^3.1.6` to resolve a known vulnerability detected by `pip-audit` in CI. This also updates `poetry.lock` to reflect the change. Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>
fderuiter
deleted the
shield-json-paginator-robustness-15438010129514140000
branch
1 participant
🛑 Vulnerability:
JsonListPaginatorandAsyncJsonListPaginatorsilently swallowed non-list API responses (e.g., error dictionaries like{"error": "..."}), treating them as empty results. This caused "silent failures" where the application assumed no data existed instead of reporting an error.🛡️ Defense: Modified
_iter_syncand_iter_asyncinimednet/core/paginator.pyto raise aTypeErrorif the parsed JSON payload is not a list.🔬 Verification: Added
tests/unit/test_json_list_paginator_robustness.pywhich verifies thatTypeErroris raised when the mock client returns a dictionary orNone. Ran full unit test suite to ensure no regressions.📊 Impact: eliminating a class of silent failures in list-based endpoints (like Jobs). Increases confidence in data integrity.
PR created automatically by Jules for task 15438010129514140000 started by @fderuiter