Fix GraphQL operationName parsing when variable values contain ampers…#504
Fix GraphQL operationName parsing when variable values contain ampers…#504setheclark wants to merge 2 commits intoopenflocon:mainfrom
Conversation
Summary of ChangesHello @setheclark, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed! This pull request addresses a critical bug in GraphQL operation name extraction that occurred when query parameters contained percent-encoded ampersands. The changes ensure that URI query strings are parsed correctly by handling raw query data and decoding individual components, thereby preventing misinterpretation of parameter delimiters and improving the robustness of GraphQL request processing. Highlights
Changelog
Activity
Using Gemini Code AssistThe full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips. Invoking Gemini You can request assistance from Gemini at any point by creating a comment using either
Customization To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a Limitations & Feedback Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here. You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension. Footnotes
|
There was a problem hiding this comment.
Code Review
This pull request correctly fixes a bug in GraphQL operation name parsing where ampersands in variable values were misinterpreted. The switch to uri.rawQuery and manual decoding of query parameters is the right approach. The new implementation is also more robust against query parameters without values. I've added one suggestion to make the query parameter parsing slightly more efficient and idiomatic using buildMap. A new test case has been added to cover the fix, which is great.
| val queryParams = uri.rawQuery | ||
| ?.split("&") | ||
| ?.associate { | ||
| val (k, v) = it.split("=") | ||
| k to URLDecoder.decode(v, "UTF-8") | ||
| } ?: emptyMap() | ||
| ?.mapNotNull { param -> | ||
| val idx = param.indexOf("=") | ||
| if (idx == -1) null | ||
| else URLDecoder.decode(param.substring(0, idx), "UTF-8") to | ||
| URLDecoder.decode(param.substring(idx + 1), "UTF-8") | ||
| } | ||
| ?.toMap() ?: emptyMap() |
There was a problem hiding this comment.
While this implementation is correct, it can be made more efficient by using buildMap. The current approach creates a few intermediate lists (from split and mapNotNull), whereas buildMap would construct the map directly, which is more memory-efficient.
| val queryParams = uri.rawQuery | |
| ?.split("&") | |
| ?.associate { | |
| val (k, v) = it.split("=") | |
| k to URLDecoder.decode(v, "UTF-8") | |
| } ?: emptyMap() | |
| ?.mapNotNull { param -> | |
| val idx = param.indexOf("=") | |
| if (idx == -1) null | |
| else URLDecoder.decode(param.substring(0, idx), "UTF-8") to | |
| URLDecoder.decode(param.substring(idx + 1), "UTF-8") | |
| } | |
| ?.toMap() ?: emptyMap() | |
| val queryParams = uri.rawQuery?.let { rawQuery -> | |
| buildMap { | |
| for (param in rawQuery.split('&')) { | |
| val idx = param.indexOf('=') | |
| if (idx != -1) { | |
| val key = URLDecoder.decode(param.substring(0, idx), "UTF-8") | |
| val value = URLDecoder.decode(param.substring(idx + 1), "UTF-8") | |
| put(key, value) | |
| } | |
| } | |
| } | |
| } ?: emptyMap() |
Mapper.ktwas usinguri.query(Java'sURI.getQuery()) which percent-decodes the entire query string before splitting on&. This caused%26inside encoded JSON values to be decoded to a bare&, which was then misinterpreted as a parameter delimiter — breaking parsing and returningnullfor the operation name.uri.rawQueryand splitting on&first, then decoding each key and value individually. Also replaced destructuring (split("=")) withindexOf("=")to safely handle params with no value.