✨ DecodeOptions.strict_depth option to throw when input is beyond depth

[techouse]

Description

This PR adds DecodeOptions.strict_depth to enforce throwing when input depth is beyond the depth option.

Defaults to false.

Throws RangeError.

If depth has been set by the user to 0, we do not throw, but fallback to the previous behaviour.

Type of change

• New feature (non-breaking change which adds functionality)

How Has This Been Tested?

Added additional tests

Checklist:

• My code follows the style guidelines of this project
• I have performed a self-review of my own code
• I have commented my code, particularly in hard-to-understand areas
• I have made corresponding changes to the documentation
• My changes generate no new warnings
• I have added tests that prove my fix is effective or that my feature works
• New and existing unit tests pass locally with my changes
• Any dependent changes have been merged and published in downstream modules

---

Ref ljharb/qs#511

Summary by CodeRabbit

• New Features

  • Enhanced error handling in the decoding process to enforce stricter input depth validation.
  • Introduced a new strict_depth option allowing users to configure depth limits during decoding.

• Bug Fixes

  • Improved robustness by raising IndexError when depth exceeds limits with strict_depth enabled.

• Tests

  • Added tests to validate the behavior of the decode function with the new strict_depth parameter, ensuring expected error handling for nested inputs.

[coderabbitai]

Walkthrough

The recent updates to the qs.decode function introduce enhanced error handling for nested input parsing. A new strict_depth parameter allows developers to enforce stricter depth limits, raising an IndexError when exceeded. This addition is supported by the DecodeOptions class, improving input validation and robustness. Comprehensive tests ensure the new functionality behaves as expected under various conditions, solidifying the overall integrity of the decoding process.

Changes

Files	Change Summary
src/qs_codec/models/decode_options.py src/qs_codec/decode.py	Introduced strict_depth parameter in DecodeOptions for controlling depth limits. Updated _parse_keys logic to raise IndexError when depth is exceeded.
tests/unit/decode_test.py	Added TestStrictDepthOption class with multiple tests for strict_depth, verifying IndexError handling and successful decoding within allowed limits.

Sequence Diagram(s)

sequenceDiagram
    participant User
    participant DecodeOptions
    participant Decode
    participant Parser

    User->>DecodeOptions: Set strict_depth = True
    User->>Decode: Call decode(input, options)
    Decode->>Parser: Parse the input with options
    alt Depth exceeds limit
        Parser-->>Decode: Raise IndexError
        Decode-->>User: Return error message
    else Depth within limit
        Parser-->>Decode: Return decoded data
        Decode-->>User: Provide decoded output
    end

Loading

Poem

In the fields of code I hop,
With strict depth limits, we won't stop!
An IndexError, oh what a sight,
Keeps our parsing shiny and bright.
So let’s decode, with care and cheer,
For robust inputs, we hold dear! 🐇✨

---

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

Share

• X
• Mastodon
• Reddit
• LinkedIn

Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai generate interesting stats about this repository and render them as a table.
  • @coderabbitai show all the console.log statements in this repository.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (invoked as PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Additionally, you can add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[codacy-production]

Coverage summary from Codacy

See diff coverage on Codacy

Coverage variation	Diff coverage
✅ +0.02% (target: -1.00%)	✅ 100.00%

Coverage variation details

	Coverable lines	Covered lines	Coverage
Common ancestor commit (e92b1ff)	709	686	96.76%
Head commit (055a9f8)	713 (+4)	690 (+4)	96.77% (+0.02%)

Coverage variation is the difference between the coverage for the head and common ancestor commits of the pull request branch: <coverage of head commit> - <coverage of common ancestor commit>

Diff coverage details

	Coverable lines	Covered lines	Diff coverage
Pull request (#8)	4	4	100.00%

Diff coverage is the percentage of lines that are covered by tests out of the coverable lines that the pull request added or modified: <covered lines added or modified>/<coverable lines added or modified> * 100%

See your quality gate settings    Change summary preferences

_{Codacy stopped sending the deprecated coverage status on June 5th, 2024. Learn more}

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 96.77%. Comparing base (e92b1ff) to head (055a9f8).

Additional details and impacted files

@@            Coverage Diff             @@
##             main       #8      +/-   ##
==========================================
+ Coverage   96.75%   96.77%   +0.01%     
==========================================
  Files          16       16              
  Lines         709      713       +4     
==========================================
+ Hits          686      690       +4     
  Misses         23       23              

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[coderabbitai]

Actionable comments posted: 0

Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

Commits

Files that changed from the base of the PR and between e92b1ff and 055a9f8.

Files selected for processing (5)

• README.rst (1 hunks)
• docs/README.rst (1 hunks)
• src/qs_codec/decode.py (1 hunks)
• src/qs_codec/models/decode_options.py (1 hunks)
• tests/unit/decode_test.py (1 hunks)

Additional comments not posted (13)

src/qs_codec/models/decode_options.py (1)

80-81: LGTM! The strict_depth attribute is well-documented.

The addition of the strict_depth attribute is clear and enhances the class functionality by providing an option for stricter input depth handling.

src/qs_codec/decode.py (1)

197-198: LGTM! Verify the usage of strict_depth.

The addition of the strict_depth check in _parse_keys enhances error handling by enforcing depth limits. Ensure that this change is appropriately integrated and tested across the codebase.

To verify the integration, check for tests or usages that involve strict_depth.

Verification successful

---

strict_depth is well-integrated and tested.

The strict_depth option is thoroughly tested in tests/unit/decode_test.py, covering various scenarios to ensure its correct functionality. This confirms that the feature is appropriately integrated across the codebase.

Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Verify the usage of `strict_depth` in tests or other parts of the codebase.

# Test: Search for `strict_depth` usage in the repository. Expect: Occurrences in test files or relevant code sections.
rg --type py 'strict_depth'

Length of output: 2229

docs/README.rst (1)

71-88: LGTM! The documentation for strict_depth is comprehensive and clear.

The documentation effectively explains the new strict_depth feature and provides useful examples for users. This addition enhances the usability and understanding of the decoding options.

tests/unit/decode_test.py (9)

648-650: Correctly tests IndexError for nested objects with strict depth.

The test verifies that an IndexError is raised when the input exceeds the specified depth with strict_depth enabled.

---

652-654: Correctly tests IndexError for nested lists with strict depth.

This test ensures that the decode function raises an IndexError for deeply nested lists when strict_depth is set to True.

---

656-658: Correctly tests IndexError for mixed nested structures with strict depth.

The test checks that an IndexError is raised for a combination of nested dictionaries and lists when strict_depth is enabled.

---

660-662: Correctly tests IndexError for various value types with strict depth.

This test ensures that different types of values in nested structures trigger an IndexError when strict_depth is True.

---

664-666: Correctly handles depth of 0 with strict depth true.

The test confirms that no exception is thrown when the depth is set to 0 and strict_depth is True, maintaining compatibility.

---

668-669: Correctly decodes within depth limit with strict depth.

This test verifies successful decoding when the input depth is within the specified limit with strict_depth enabled.

---

671-674: Correctly handles exceeding depth with strict depth false.

The test confirms that no exception is raised when the depth exceeds the limit if strict_depth is False, and the input is decoded as expected.

---

676-677: Correctly decodes within depth limit with strict depth false.

This test ensures that decoding succeeds when the depth is within the limit and strict_depth is False.

---

679-680: Correctly handles exact depth limit with strict depth true.

The test verifies that no exception is thrown when the input depth is exactly at the limit with strict_depth enabled.

README.rst (1)

96-113: Clear explanation of strict_depth feature.

The documentation clearly explains the purpose and usage of the strict_depth option, including how it enhances security by enforcing depth limits.