Skip to content

fix(bundler): raise BundlerError, not raw ValueError, on a malformed catalog URL#3433

Merged
mnriem merged 1 commit into
github:mainfrom
Quratulain-bilal:fix/bundler-adapter-malformed-url
Jul 10, 2026
Merged

fix(bundler): raise BundlerError, not raw ValueError, on a malformed catalog URL#3433
mnriem merged 1 commit into
github:mainfrom
Quratulain-bilal:fix/bundler-adapter-malformed-url

Conversation

@Quratulain-bilal

@Quratulain-bilal Quratulain-bilal commented Jul 9, 2026

Copy link
Copy Markdown
Contributor

fixes #3432

_validate_remote_url read parsed.hostname, which raises ValueError on a malformed authority (e.g. an unclosed ipv6 bracket https://[::1). the function's contract is to raise BundlerError for any bad url - every other reject path does - so the raw ValueError leaked to the caller and crashed the fetch instead of failing cleanly.

bundler sibling of #3369, which fixed the cli extension/preset/workflow add paths but not this validator (reached via bundle catalog add, #3367).

fix: wrap the parse + hostname access and convert ValueError to BundlerError, then reuse the parsed hostname for the existing host check.

added a regression test (test_validate_remote_url_rejects_malformed_url_cleanly) covering an unclosed ipv6 bracket and a non-ip bracket host. i confirmed it fails on the pre-fix code by stashing the source and re-running; the adapters suite passes with the fix.

…catalog URL

adapters._validate_remote_url reads parsed.hostname, which raises ValueError
on a malformed authority (e.g. an unclosed ipv6 bracket https://[::1). the
function's contract is to raise BundlerError for any bad url - every other
reject path does - so the raw ValueError leaked to the caller and crashed the
fetch instead of failing cleanly. wrap the parse and convert to BundlerError.

bundler sibling of github#3369, which fixed the cli extension/preset/workflow add
paths but not this validator. added a regression test that fails pre-fix.

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Fixes bundler catalog URL validation to consistently raise BundlerError (not a raw ValueError) when urlparse(...).hostname fails on malformed authorities (e.g., unclosed IPv6 brackets), aligning with the validator’s documented contract and ensuring callers fail cleanly.

Changes:

  • Wrapped urlparse() + parsed.hostname access in _validate_remote_url() to convert ValueError into a BundlerError.
  • Reused the parsed hostname for the existing localhost + host-presence checks.
  • Added a regression test covering malformed bracketed hosts (unclosed IPv6 bracket and non-IP bracket host).
Show a summary per file
File Description
src/specify_cli/bundler/services/adapters.py Converts malformed-URL ValueError into BundlerError and reuses hostname for subsequent validation.
tests/unit/test_bundler_adapters.py Adds regression coverage ensuring malformed URLs raise BundlerError instead of leaking ValueError.

Review details

Tip

Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

  • Files reviewed: 2/2 changed files
  • Comments generated: 0
  • Review effort level: Low

@mnriem mnriem merged commit 1736f07 into github:main Jul 10, 2026
12 checks passed
@mnriem

mnriem commented Jul 10, 2026

Copy link
Copy Markdown
Collaborator

Thank you!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

bundler catalog validator leaks raw ValueError on a malformed URL

3 participants