fix: raise proper error when UUID parsing fails (#1582)

phihag · erikwrede · web-flow · commit 4a274b8424f3 · 2024-11-09T21:42:51.000+01:00
* Do not raise AttributeError when parsing non-string UUIDs

When a user sends a dictionary or other object as a UUID variable like `{[123]}`, previously graphene crashed with an `AttributeError`, like this:

```
(…)
  File "…/lib/python3.12/site-packages/graphql/utils/is_valid_value.py", line 78, in is_valid_value
    parse_result = type.parse_value(value)
                   ^^^^^^^^^^^^^^^^^^^^^^^
  File "…/lib/python3.12/site-packages/graphene/types/uuid.py", line 33, in parse_value
    return _UUID(value)
           ^^^^^^^^^^^^
  File "/usr/lib/python3.12/uuid.py", line 175, in __init__
    hex = hex.replace('urn:', '').replace('uuid:', '')
          ^^^^^^^^^^^
AttributeError: 'dict' object has no attribute 'replace'
```

But an `AttributeError` makes it seem like this is the server's fault, when it's obviously the client's.

Report a proper GraphQLError.

* fix: adjust exception message structure

---------

Co-authored-by: Erik Wrede &lt;erikwrede@users.noreply.github.com&gt;
diff --git a/graphene/types/tests/test_uuid.py b/graphene/types/tests/test_uuid.py
@@ -36,6 +36,21 @@ def test_uuidstring_query_variable():
     assert result.data == {"uuid": uuid_value}
 
 
+def test_uuidstring_invalid_argument():
+    uuid_value = {"not": "a string"}
+
+    result = schema.execute(
+        """query Test($uuid: UUID){ uuid(input: $uuid) }""",
+        variables={"uuid": uuid_value},
+    )
+    assert result.errors
+    assert len(result.errors) == 1
+    assert (
+        result.errors[0].message
+        == "Variable '$uuid' got invalid value {'not': 'a string'}; UUID cannot represent value: {'not': 'a string'}"
+    )
+
+
 def test_uuidstring_optional_uuid_input():
     """
     Test that we can provide a null value to an optional input
diff --git a/graphene/types/uuid.py b/graphene/types/uuid.py
@@ -1,5 +1,6 @@
 from uuid import UUID as _UUID
 
+from graphql.error import GraphQLError
 from graphql.language.ast import StringValueNode
 from graphql import Undefined
 
@@ -28,4 +29,9 @@ def parse_literal(node, _variables=None):
 
     @staticmethod
     def parse_value(value):
-        return _UUID(value)
+        if isinstance(value, _UUID):
+            return value
+        try:
+            return _UUID(value)
+        except (ValueError, AttributeError):
+            raise GraphQLError(f"UUID cannot represent value: {repr(value)}")
