implement improved input validation

Author: SeaBlooms

jupiterone/client.py

@@ -168,8 +168,8 @@ def _validate_query_string(self, query: str, param_name: str = "query") -> None:
 
         # Basic J1QL validation
         query_upper = query.upper().strip()
-        if not query_upper.startswith(('FIND', 'MATCH', 'RETURN')):
-            raise JupiterOneClientError(f"{param_name} must be a valid J1QL query starting with FIND, MATCH, or RETURN")
+        if not query_upper.startswith('FIND'):
+            raise JupiterOneClientError(f"{param_name} must be a valid J1QL query starting with FIND (case-insensitive)")
 
     def _validate_properties(self, properties: Dict[str, Any], param_name: str = "properties") -> None:
         """Validate entity/relationship properties"""
@@ -216,6 +216,11 @@ def token(self, value: Optional[str]) -> None:
     # pylint: disable=R1710
     def _execute_query(self, query: str, variables: Optional[Dict[str, Any]] = None) -> Dict[str, Any]:
         """Executes query against graphql endpoint"""
+        # Validate credentials before making API calls
+        if not self.account:
+            raise JupiterOneClientError("Account is required. Please set the account property.")
+        if not self.token:
+            raise JupiterOneClientError("Token is required. Please set the token property.")
 
         data: Dict[str, Any] = {"query": query}
         if variables:
@@ -483,6 +488,11 @@ def query_with_deferred_response(self, query: str, cursor: Optional[str] = None)
 
     def _execute_syncapi_request(self, endpoint: str, payload: Optional[Dict[str, Any]] = None) -> Dict[str, Any]:
         """Executes POST request to SyncAPI endpoints"""
+        # Validate credentials before making API calls
+        if not self.account:
+            raise JupiterOneClientError("Account is required. Please set the account property.")
+        if not self.token:
+            raise JupiterOneClientError("Token is required. Please set the token property.")
 
         # initiate requests session and implement retry logic of 5 request retries with 1 second between retries
         response = self.session.post(
@@ -589,6 +599,34 @@ def create_entity(self, **kwargs: Any) -> Dict[str, Any]:
             timestamp (int): Specify createdOn timestamp
             properties (dict): Dictionary of key/value entity properties
         """
+        # Validate required parameters
+        entity_key = kwargs.get("entity_key")
+        entity_type = kwargs.get("entity_type")
+        entity_class = kwargs.get("entity_class")
+        
+        if not entity_key:
+            raise JupiterOneClientError("entity_key is required")
+        if not isinstance(entity_key, str) or not entity_key.strip():
+            raise JupiterOneClientError("entity_key must be a non-empty string")
+        
+        if not entity_type:
+            raise JupiterOneClientError("entity_type is required")
+        if not isinstance(entity_type, str) or not entity_type.strip():
+            raise JupiterOneClientError("entity_type must be a non-empty string")
+        
+        if not entity_class:
+            raise JupiterOneClientError("entity_class is required")
+        if not isinstance(entity_class, str) or not entity_class.strip():
+            raise JupiterOneClientError("entity_class must be a non-empty string")
+        
+        # Validate properties if provided
+        if "properties" in kwargs and kwargs["properties"] is not None:
+            self._validate_properties(kwargs["properties"])
+        
+        # Validate timestamp if provided
+        if "timestamp" in kwargs and kwargs["timestamp"] is not None:
+            if not isinstance(kwargs["timestamp"], int) or kwargs["timestamp"] <= 0:
+                raise JupiterOneClientError("timestamp must be a positive integer")
         variables = {
             "entityKey": kwargs.pop("entity_key"),
             "entityType": kwargs.pop("entity_type"),
@@ -614,6 +652,19 @@ def delete_entity(self, entity_id: Optional[str] = None, timestamp: Optional[int
             timestamp (int, optional): Timestamp for the deletion. Defaults to None.
             hard_delete (bool): Whether to perform a hard delete. Defaults to True.
         """
+        # Validate required parameters
+        if not entity_id:
+            raise JupiterOneClientError("entity_id is required")
+        self._validate_entity_id(entity_id)
+        
+        # Validate timestamp if provided
+        if timestamp is not None:
+            if not isinstance(timestamp, int) or timestamp <= 0:
+                raise JupiterOneClientError("timestamp must be a positive integer")
+        
+        # Validate hard_delete
+        if not isinstance(hard_delete, bool):
+            raise JupiterOneClientError("hard_delete must be a boolean")
         variables: Dict[str, Any] = {"entityId": entity_id, "hardDelete": hard_delete}
         if timestamp:
             variables["timestamp"] = timestamp
@@ -628,6 +679,14 @@ def update_entity(self, entity_id: Optional[str] = None, properties: Optional[Di
             entity_id (str): The _id of the entity to update
             properties (dict): Dictionary of key/value entity properties
         """
+        # Validate required parameters
+        if not entity_id:
+            raise JupiterOneClientError("entity_id is required")
+        self._validate_entity_id(entity_id)
+        
+        if not properties:
+            raise JupiterOneClientError("properties is required")
+        self._validate_properties(properties)
         variables = {"entityId": entity_id, "properties": properties}
         response = self._execute_query(UPDATE_ENTITY, variables=variables)
         return response["data"]["updateEntity"]
@@ -643,6 +702,39 @@ def create_relationship(self, **kwargs: Any) -> Dict[str, Any]:
             from_entity_id (str): Entity ID of the source vertex
             to_entity_id (str): Entity ID of the destination vertex
         """
+        # Validate required parameters
+        relationship_key = kwargs.get("relationship_key")
+        relationship_type = kwargs.get("relationship_type")
+        relationship_class = kwargs.get("relationship_class")
+        from_entity_id = kwargs.get("from_entity_id")
+        to_entity_id = kwargs.get("to_entity_id")
+        
+        if not relationship_key:
+            raise JupiterOneClientError("relationship_key is required")
+        if not isinstance(relationship_key, str) or not relationship_key.strip():
+            raise JupiterOneClientError("relationship_key must be a non-empty string")
+        
+        if not relationship_type:
+            raise JupiterOneClientError("relationship_type is required")
+        if not isinstance(relationship_type, str) or not relationship_type.strip():
+            raise JupiterOneClientError("relationship_type must be a non-empty string")
+        
+        if not relationship_class:
+            raise JupiterOneClientError("relationship_class is required")
+        if not isinstance(relationship_class, str) or not relationship_class.strip():
+            raise JupiterOneClientError("relationship_class must be a non-empty string")
+        
+        if not from_entity_id:
+            raise JupiterOneClientError("from_entity_id is required")
+        self._validate_entity_id(from_entity_id, "from_entity_id")
+        
+        if not to_entity_id:
+            raise JupiterOneClientError("to_entity_id is required")
+        self._validate_entity_id(to_entity_id, "to_entity_id")
+        
+        # Validate properties if provided
+        if "properties" in kwargs and kwargs["properties"] is not None:
+            self._validate_properties(kwargs["properties"])
         variables = {
             "relationshipKey": kwargs.pop("relationship_key"),
             "relationshipType": kwargs.pop("relationship_type"),

tests/test_client_init.py

@@ -45,12 +45,12 @@ def test_client_init_missing_token(self):
 
     def test_client_init_empty_account(self):
         """Test client initialization with empty account"""
-        with pytest.raises(JupiterOneClientError, match="account is required"):
+        with pytest.raises(JupiterOneClientError, match="Account cannot be empty"):
             JupiterOneClient(account="", token="test-token")
 
     def test_client_init_empty_token(self):
         """Test client initialization with empty token"""
-        with pytest.raises(JupiterOneClientError, match="token is required"):
+        with pytest.raises(JupiterOneClientError, match="Token cannot be empty"):
             JupiterOneClient(account="test-account", token="")
 
     def test_client_init_none_account(self):

tests/test_create_entity.py

@@ -37,7 +37,7 @@ def request_callback(request):
         content_type='application/json',
     )
 
-    j1 = JupiterOneClient(account='testAccount', token='testToken')
+    j1 = JupiterOneClient(account='testAccount', token='testToken1234567890')
     response = j1.create_entity(
         entity_key='host1',
         entity_type='test_host',

tests/test_create_relationship.py

@@ -41,13 +41,13 @@ def request_callback(request):
         content_type='application/json',
     )
 
-    j1 = JupiterOneClient(account='testAccount', token='testToken')
+    j1 = JupiterOneClient(account='testAccount', token='testToken1234567890')
     response = j1.create_relationship(
         relationship_key='relationship1',
         relationship_type='test_relationship',
         relationship_class='TestRelationship',
-        from_entity_id='2',
-        to_entity_id='1'
+        from_entity_id='entity-id-12345',
+        to_entity_id='entity-id-67890'
     )
 
     assert type(response) == dict

tests/test_delete_entity.py

@@ -32,7 +32,7 @@ def request_callback(request):
         content_type='application/json',
     )
 
-    j1 = JupiterOneClient(account='testAccount', token='testToken')
+    j1 = JupiterOneClient(account='testAccount', token='testToken1234567890')
     response = j1.delete_entity('1')
 
     assert type(response) == dict
@@ -68,7 +68,7 @@ def request_callback(request):
         content_type='application/json',
     )
 
-    j1 = JupiterOneClient(account='testAccount', token='testToken')
+    j1 = JupiterOneClient(account='testAccount', token='testToken1234567890')
     response = j1.delete_entity('2', timestamp=1640995200000)
 
     assert type(response) == dict
@@ -103,7 +103,7 @@ def request_callback(request):
         content_type='application/json',
     )
 
-    j1 = JupiterOneClient(account='testAccount', token='testToken')
+    j1 = JupiterOneClient(account='testAccount', token='testToken1234567890')
     response = j1.delete_entity('3', hard_delete=False)
 
     assert type(response) == dict
@@ -138,7 +138,7 @@ def request_callback(request):
         content_type='application/json',
     )
 
-    j1 = JupiterOneClient(account='testAccount', token='testToken')
+    j1 = JupiterOneClient(account='testAccount', token='testToken1234567890')
     response = j1.delete_entity('4', timestamp=1640995200000, hard_delete=True)
 
     assert type(response) == dict

tests/test_delete_relationship.py

@@ -41,7 +41,7 @@ def request_callback(request):
         content_type='application/json',
     )
 
-    j1 = JupiterOneClient(account='testAccount', token='testToken')
+    j1 = JupiterOneClient(account='testAccount', token='testToken1234567890')
     response = j1.delete_relationship('1')
 
     assert type(response) == dict

tests/test_query.py

@@ -83,7 +83,7 @@ def test_execute_query():
         content_type='application/json',
     )
 
-    j1 = JupiterOneClient(account='testAccount', token='testToken')
+    j1 = JupiterOneClient(account='testAccount', token='testToken1234567890')
     query = "find Host with _id='1'"
     variables = {
         'query': query,
@@ -110,7 +110,7 @@ def test_limit_skip_query_v1():
         content_type='application/json',
     )
 
-    j1 = JupiterOneClient(account='testAccount', token='testToken')
+    j1 = JupiterOneClient(account='testAccount', token='testToken1234567890')
     query = "find Host with _id='1'"
     response = j1.query_v1(
         query=query,
@@ -139,7 +139,7 @@ def test_cursor_query_v1():
         content_type='application/json',
     )
 
-    j1 = JupiterOneClient(account='testAccount', token='testToken')
+    j1 = JupiterOneClient(account='testAccount', token='testToken1234567890')
     query = "find Host with _id='1'"
 
     response = j1.query_v1(
@@ -186,7 +186,7 @@ def request_callback(request):
         content_type='application/json',
     )
 
-    j1 = JupiterOneClient(account='testAccount', token='testToken')
+    j1 = JupiterOneClient(account='testAccount', token='testToken1234567890')
     query = "find Host with _id='1' return tree"
     response = j1.query_v1(
         query=query,
@@ -236,7 +236,7 @@ def request_callback(request):
         content_type='application/json',
     )
 
-    j1 = JupiterOneClient(account='testAccount', token='testToken')
+    j1 = JupiterOneClient(account='testAccount', token='testToken1234567890')
     query = "find Host with _id='1' return tree"
     response = j1.query_v1(query)
 
@@ -268,7 +268,7 @@ def test_retry_on_limit_skip_query():
         content_type='application/json',
     )
 
-    j1 = JupiterOneClient(account='testAccount', token='testToken')
+    j1 = JupiterOneClient(account='testAccount', token='testToken1234567890')
     query = "find Host with _id='1'"
     response = j1.query_v1(
         query=query,
@@ -302,7 +302,7 @@ def test_retry_on_cursor_query():
         content_type='application/json',
     )
 
-    j1 = JupiterOneClient(account='testAccount', token='testToken')
+    j1 = JupiterOneClient(account='testAccount', token='testToken1234567890')
     query = "find Host with _id='1'"
     response = j1.query_v1(
         query=query
@@ -322,7 +322,7 @@ def test_avoid_retry_on_limit_skip_query():
         content_type='application/json',
     )
 
-    j1 = JupiterOneClient(account='testAccount', token='testToken')
+    j1 = JupiterOneClient(account='testAccount', token='testToken1234567890')
     query = "find Host with _id='1'"
     with pytest.raises(JupiterOneApiError):
         j1.query_v1(
@@ -340,7 +340,7 @@ def test_avoid_retry_on_cursor_query():
         content_type='application/json',
     )
 
-    j1 = JupiterOneClient(account='testAccount', token='testToken')
+    j1 = JupiterOneClient(account='testAccount', token='testToken1234567890')
     query = "find Host with _id='1'"
     with pytest.raises(JupiterOneApiError):
         j1.query_v1(
@@ -356,7 +356,7 @@ def test_warn_limit_and_skip_deprecated():
         content_type='application/json',
     )
 
-    j1 = JupiterOneClient(account='testAccount', token='testToken')
+    j1 = JupiterOneClient(account='testAccount', token='testToken1234567890')
     query = "find Host with _id='1'"
 
     with pytest.warns(DeprecationWarning):

tests/test_update_entity.py

@@ -34,7 +34,7 @@ def request_callback(request):
         content_type='application/json',
     )
 
-    j1 = JupiterOneClient(account='testAccount', token='testToken')
+    j1 = JupiterOneClient(account='testAccount', token='testToken1234567890')
     response = j1.update_entity('1', properties={'testKey': 'testValue'})
 
     assert type(response) == dict