Skip to content

Commit f3ac9b9

Browse files
bradjin8cursoragent
bradjin8
and
cursoragent
committed
validate-path: reject non-object JSON before body.get
Avoid AttributeError on truthy JSON scalars/arrays (same class as PR #16). Return valid:false + workspaceCount:0 to match validation error shape. Co-authored-by: Cursor <cursoragent@cursor.com>
1 parent 2aa40b7 commit f3ac9b9

2 files changed

Lines changed: 17 additions & 0 deletions

File tree

api/config_api.py

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -53,6 +53,10 @@ def validate_path():
5353
"""Same path rules as POST /api/set-workspace: realpath, markers (issue #15)."""
5454
try:
5555
body = request.get_json(silent=True) or {}
56+
if not isinstance(body, dict):
57+
return jsonify(
58+
{"valid": False, "error": "invalid JSON body", "workspaceCount": 0}
59+
)
5660
raw = body.get("path", "")
5761
try:
5862
canonical = validate_workspace_path(raw)

tests/test_workspace_path_validation.py

Lines changed: 13 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -225,6 +225,19 @@ def test_validate_path_invalid_returns_error(self):
225225
self.assertFalse(data["valid"])
226226
self.assertIn("error", data)
227227

228+
def test_validate_path_non_dict_json_returns_structured_error(self):
229+
# Mirror set_workspace: truthy non-dict JSON must not reach body.get.
230+
resp = self.client.post(
231+
"/api/validate-path",
232+
data='"not an object"',
233+
content_type="application/json",
234+
)
235+
self.assertEqual(resp.status_code, 200)
236+
data = resp.get_json()
237+
self.assertFalse(data["valid"])
238+
self.assertEqual(data["error"], "invalid JSON body")
239+
self.assertEqual(data["workspaceCount"], 0)
240+
228241

229242
if __name__ == "__main__":
230243
unittest.main()

0 commit comments

Comments
 (0)