search

graphql-python / graphene

GraphQL framework for Python
http://graphene-python.org/
MIT License
8.1k stars 827 forks source link

Do not raise AttributeError when parsing non-string UUIDs #1582

Closed phihag closed 2 weeks ago

phihag commented 2 weeks ago

When a user sends a dictionary or other object as a UUID variable like {[123]}, previously graphene crashed with an AttributeError, like this:

(…)
  File "…/lib/python3.12/site-packages/graphql/utils/is_valid_value.py", line 78, in is_valid_value
    parse_result = type.parse_value(value)
                   ^^^^^^^^^^^^^^^^^^^^^^^
  File "…/lib/python3.12/site-packages/graphene/types/uuid.py", line 33, in parse_value
    return _UUID(value)
           ^^^^^^^^^^^^
  File "/usr/lib/python3.12/uuid.py", line 175, in __init__
    hex = hex.replace('urn:', '').replace('uuid:', '')
          ^^^^^^^^^^^
AttributeError: 'dict' object has no attribute 'replace'

But an AttributeError makes it seem like this is the server's fault, when it's obviously the client's.

Report a proper GraphQLError.

erikwrede commented 2 weeks ago

Good catch! I adjusted your PR to keep allowing tuple-representations of UUIDs as well, and kept the error message consistent. Thanks for the Contribution 😊

codecov[bot] commented 2 weeks ago

Codecov Report

Attention: Patch coverage is 85.71429% with 1 line in your changes missing coverage. Please review.

Project coverage is 96.00%. Comparing base (f2e6814) to head (e354759). Report is 8 commits behind head on master.

Files with missing lines Patch % Lines
graphene/types/uuid.py 85.71% 1 Missing :warning:
Additional details and impacted files ```diff @@ Coverage Diff @@ ## master #1582 +/- ## ========================================== - Coverage 96.04% 96.00% -0.04% ========================================== Files 51 51 Lines 1720 1728 +8 ========================================== + Hits 1652 1659 +7 - Misses 68 69 +1 ``` | [Flag](https://app.codecov.io/gh/graphql-python/graphene/pull/1582/flags?src=pr&el=flags&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=graphql-python) | Coverage Δ | | |---|---|---| | [](https://app.codecov.io/gh/graphql-python/graphene/pull/1582/flags?src=pr&el=flag&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=graphql-python) | `?` | | Flags with carried forward coverage won't be shown. [Click here](https://docs.codecov.io/docs/carryforward-flags?utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=graphql-python#carryforward-flags-in-the-pull-request-comment) to find out more.

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.