Skip to content

Should we validate all GitHub API responses? #498

New issue
New issue
Open
Open
Should we validate all GitHub API responses?#498
@lukpueh

Description

@lukpueh
lukpueh
opened on Sep 15, 2025

In #497 we use the response of one GitHub API request as input to a subsequent request without vetting. I don't think there's a realistic exploit scenario in this case. But there might be similar cases, where the lack of validation would be more problematic.

Would it make sense to e.g. use Pydantic for all GitHub API responses? It seems to be used for some already.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions