chore: Add input validation for GraphQL query parameters #147
Description
🔍 Problem Statement
The GraphQL query method currently lacks comprehensive input validation for critical parameters. Without proper validation mechanisms, the method is vulnerable to accepting malicious, malformed, or incomplete GraphQL queries that could be transmitted to the GitHub API, resulting in potential security risks, API failures, or unexpected behaviour.
📋 Overview
Input validation is a fundamental security practice that prevents malformed data from reaching downstream systems. The GraphQL query execution method must validate:
- Query Parameter: Should be a non-empty string containing valid GraphQL syntax
- Variables Parameter: Should be a valid dictionary structure with appropriate key-value pairs
Currently, these parameters are passed directly to the GitHub API without validation, which violates defensive programming principles and creates potential attack vectors for:
- Injection attacks through malformed GraphQL syntax
- Type errors from incorrect variable structures
- Unnecessary API calls with invalid requests
- Poor error handling and debugging visibility
🎯 Expected Outcome
Implement comprehensive input validation that:
- ✅ Validates that
queryis a non-empty string with content - ✅ Validates that
variablesis a valid dictionary structure (when provided) - ✅ Provides clear, descriptive error messages for validation failures
- ✅ Follows existing validation patterns established in other methods within the class
- ✅ Prevents invalid requests from reaching the GitHub API
- ✅ Improves code robustness and maintainability
🔗 Resources & References
- GitHub API GraphQL Documentation: https://docs.github.com/en/graphql
- Python Input Validation Best Practices
- Existing validation patterns within the class implementation