fix(client): return Detail on non-JSON 2xx for api_tokens and honeytoken-with-context#184
Merged
benjaminrigaud-gg merged 1 commit intoJun 23, 2026
Conversation
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## master #184 +/- ##
==========================================
+ Coverage 95.75% 95.81% +0.06%
==========================================
Files 5 5
Lines 1483 1483
==========================================
+ Hits 1420 1421 +1
+ Misses 63 62 -1
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Harness. 🚀 New features to boost your workflow:
|
Merged
8 tasks
…ken-with-context api_tokens() and create_honeytoken_with_context() guarded JSON parsing with a bare resp.ok, so a 2xx response with a non-JSON body (e.g. an HTML page served when the instance URL is wrong) crashed callers with a raw JSONDecodeError instead of returning a Detail. Gate JSON parsing on the response status and content type via the existing is_ok()/is_create_ok() helpers, matching every other endpoint, so a non-JSON body falls through to load_detail() and a Detail is returned. Fix the api_tokens success test to use the 200 the endpoint actually returns.
benjaminrigaud-gg
force-pushed
the
benjaminrigaud/end-590-harden-api-tokens-non-json
branch
from
2695fd9 to
d1486fc
Compare
GG-HH
approved these changes
Jun 23, 2026
clement-tourriere
approved these changes
Jun 23, 2026
benjaminrigaud-gg
deleted the
benjaminrigaud/end-590-harden-api-tokens-non-json
branch
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
api_tokens()andcreate_honeytoken_with_context()calledresp.json()behind a bareresp.ok, so a 2xx response with a non-JSON body — e.g. the dashboard SPA's HTML, returned when the instance URL is wrong — crashed callers with a rawrequests.exceptions.JSONDecodeErrorinstead of returning aDetail.This is the root cause behind the ggshield
api-statuscrash fixed defensively in GitGuardian/ggshield#1312.Fix
Gate JSON parsing on both the response status and content type via the existing
is_ok()/is_create_ok()helpers — exactly what every other endpoint already does. A non-JSON body now falls through toload_detail()and aDetailis returned.api_tokens()→is_ok(resp)(200 + JSON)create_honeytoken_with_context()→is_create_ok(resp)(201 + JSON), matchingcreate_honeytoken()The existing
test_api_tokenssuccess case mocked a201; corrected to the200the endpoint actually returns (required byis_ok).Test plan
2xxbody returns aDetail(not a raisedJSONDecodeError) for bothapi_tokens()andcreate_honeytoken_with_context()