fix(expressions): make from_json strict — reject any arguments

doquanghuy · claude · doquanghuy · commit b8bbc8a041cb · 2026-06-17T09:05:12.000+07:00
Address review (#2961): from_json('x') and from_json() previously fell through to a silent passthrough of the unparsed value. Reject any parenthesized form with a clear error so mis-wired templates fail loudly. Rename test to ...parses_object (JSON under test is an object) and add coverage for the strict no-arguments behavior. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
diff --git a/src/specify_cli/workflows/expressions.py b/src/specify_cli/workflows/expressions.py
@@ -158,6 +158,17 @@ def _evaluate_simple_expression(expr: str, namespace: dict[str, Any]) -> Any:
         value = _evaluate_simple_expression(parts[0].strip(), namespace)
         filter_expr = parts[1].strip()
 
+        # `from_json` is strict and takes no arguments. Reject any
+        # parenthesized form (`from_json()` or `from_json('x')`) so a
+        # mis-wired template fails loudly instead of silently returning the
+        # unparsed value.
+        if filter_expr.startswith("from_json("):
+            raise ValueError(
+                "from_json: filter takes no arguments (use '| from_json')"
+            )
+        if filter_expr == "from_json":
+            return _filter_from_json(value)
+
         # Parse filter name and argument
         filter_match = re.match(r"(\w+)\((.+)\)", filter_expr)
         if filter_match:
@@ -175,8 +186,6 @@ def _evaluate_simple_expression(expr: str, namespace: dict[str, Any]) -> Any:
         filter_name = filter_expr.strip()
         if filter_name == "default":
             return _filter_default(value)
-        if filter_name == "from_json":
-            return _filter_from_json(value)
         return value
 
     # Boolean operators — parse 'or' first (lower precedence) so that
diff --git a/tests/test_workflows.py b/tests/test_workflows.py
@@ -286,7 +286,7 @@ def test_filter_contains(self):
         ctx = StepContext(inputs={"text": "hello world"})
         assert evaluate_expression("{{ inputs.text | contains('world') }}", ctx) is True
 
-    def test_filter_from_json_parses_list(self):
+    def test_filter_from_json_parses_object(self):
         from specify_cli.workflows.expressions import evaluate_expression
         from specify_cli.workflows.base import StepContext
 
@@ -314,6 +314,21 @@ def test_filter_from_json_non_string_raises(self):
         with pytest.raises(ValueError, match="expected a JSON string"):
             evaluate_expression("{{ steps.emit.output.exit_code | from_json }}", ctx)
 
+    def test_filter_from_json_rejects_arguments(self):
+        # `from_json` is strict and takes no arguments. Both the empty-parens
+        # and accidental-arg forms must raise rather than silently return the
+        # unparsed value, so a mis-wired template is caught immediately.
+        import pytest
+        from specify_cli.workflows.expressions import evaluate_expression
+        from specify_cli.workflows.base import StepContext
+
+        ctx = StepContext(steps={"emit": {"output": {"stdout": '{"a": 1}'}}})
+        for bad in ("from_json()", "from_json('x')"):
+            with pytest.raises(ValueError, match="from_json: filter takes no arguments"):
+                evaluate_expression(
+                    "{{ steps.emit.output.stdout | " + bad + " }}", ctx
+                )
+
     def test_condition_evaluation(self):
         from specify_cli.workflows.expressions import evaluate_condition
         from specify_cli.workflows.base import StepContext
