Skip to content

fix(cli): exit cleanly on malformed IPv6 URLs in extension/preset/workflow add#3369

Merged
mnriem merged 2 commits into
github:mainfrom
marcelsafin:fix/3368-malformed-ipv6-url-tracebacks
Jul 7, 2026
Merged

fix(cli): exit cleanly on malformed IPv6 URLs in extension/preset/workflow add#3369
mnriem merged 2 commits into
github:mainfrom
marcelsafin:fix/3368-malformed-ipv6-url-tracebacks

Conversation

@marcelsafin

Copy link
Copy Markdown
Contributor

Description

Fixes #3368

specify extension add --from, specify preset add --from, and specify workflow add <url> crashed with a raw ValueError: Invalid IPv6 URL traceback when given a malformed IPv6 URL (unclosed bracket, e.g. https://[::1/ext.zip).

Root cause: each site calls a bare urlparse(...) on the user-supplied URL before its HTTPS/host validation runs, so the ValueError escapes the handler and the friendly validation error is never reached.

Fix: wrap the parse at each of the three sites in try/except ValueError and emit the same clean [red]Error:[/red] Invalid URL: ... + typer.Exit(1) style the surrounding validation uses (with Rich markup escaping of the user input, matching each file's conventions).

Same crash class as the IPv6 half of #3366/#3367, which covered the bundler catalog-config path; these are the remaining direct CLI entry points where argv reaches an unguarded urlparse.

Testing

  • Tested locally with uv run specify --help
  • Ran existing tests with uv sync && uv run pytest — 3825 passed, 87 skipped
  • Tested with a sample project (if applicable)

One regression test per command (tests/test_extensions.py, tests/test_presets.py, tests/test_workflows.py), each asserting exit code 1, no non-SystemExit exception, and the clean error message. All three fail on main with ValueError('Invalid IPv6 URL').

AI Disclosure

  • I did not use AI assistance for this contribution
  • I did use AI assistance (describe below)

Bug found, patch and tests written with GitHub Copilot CLI; reproduction and full test suite run and verified locally by me.

…kflow add

extension add --from, preset add --from, and workflow add <url> parsed
the user-supplied URL with a bare urlparse before their HTTPS/host
validation, so an unclosed IPv6 bracket escaped as a raw ValueError
traceback. Wrap each parse and emit the surrounding validation's clean
error style + typer.Exit(1) instead.

Fixes github#3368

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Copilot AI review requested due to automatic review settings July 6, 2026 16:35
@marcelsafin marcelsafin requested a review from mnriem as a code owner July 6, 2026 16:35

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR fixes a CLI crash path where malformed IPv6 URLs (e.g., missing a closing ]) caused urllib.parse.urlparse(...) to raise a raw ValueError, bypassing existing validation and producing a traceback. It adds try/except ValueError guards at the three direct CLI entry points that accept URLs and introduces regression tests to ensure a clean error + exit code 1.

Changes:

  • Guard urlparse(...) in extension add --from, preset add --from, and workflow add <url> to exit cleanly on ValueError.
  • Print a consistent “Invalid URL: …” error message (with Rich markup escaping) and exit with typer.Exit(1).
  • Add one regression test per command to assert clean failure behavior for malformed IPv6 URLs.

Reviewed changes

Copilot reviewed 6 out of 6 changed files in this pull request and generated 1 comment.

Show a summary per file
File Description
src/specify_cli/extensions/_commands.py Wraps urlparse(from_url) in try/except ValueError to avoid raw tracebacks on malformed IPv6 input.
src/specify_cli/presets/_commands.py Wraps initial urlparse(from_url) in try/except ValueError and prints a clean “Invalid URL” error.
src/specify_cli/workflows/_commands.py Wraps urlparse(source) in try/except ValueError for the direct URL-install branch.
tests/test_extensions.py Adds a regression test asserting extension add --from exits cleanly on malformed IPv6 URLs.
tests/test_presets.py Adds a regression test asserting preset add --from exits cleanly on malformed IPv6 URLs and does not attempt network access.
tests/test_workflows.py Adds a regression test asserting workflow add <url> exits cleanly on malformed IPv6 URLs.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread src/specify_cli/presets/_commands.py
…ect handler

Parse the redirect target once in _StripAuthOnRedirect.redirect_request
before the validator and stdlib handler run, converting ValueError into
URLError which every download path already catches. Also escape from_url
in the preset install message so IPv6 brackets don't break Rich markup.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Review details

  • Files reviewed: 8/8 changed files
  • Comments generated: 0 new
  • Review effort level: Low

@mnriem mnriem merged commit 882e1e9 into github:main Jul 7, 2026
12 checks passed
@mnriem

mnriem commented Jul 7, 2026

Copy link
Copy Markdown
Collaborator

Thank you!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Bug: extension add --from, preset add --from, workflow add <url> crash with raw ValueError traceback on malformed IPv6 URLs

3 participants