Skip to content

refactor: Modernize SDK architecture, harden security, and enable O(1) routing#130

Merged
skupriienko merged 43 commits into
masterfrom
refine-client
Jun 4, 2026
Merged

refactor: Modernize SDK architecture, harden security, and enable O(1) routing#130
skupriienko merged 43 commits into
masterfrom
refine-client

Conversation

@skupriienko
Copy link
Copy Markdown
Collaborator

@skupriienko skupriienko commented May 26, 2026
edited
Loading

Links:

Jira

Actions:

  • Core SDK & Routing Architecture:

    • O(1) Registry Routing: Implemented an immutable ROUTE_MAP registry, eliminating dynamic __getattr__ overhead and enabling efficient, static endpoint resolution.
    • TemplateContentBuilder: Added a fluent builder for Content API payloads with built-in schema validation (Fail-Fast pattern).
    • Pagination Stability: Fixed infinite loop edge-cases in .stream() generators by ensuring empty data blocks trigger termination.

  • Security & Developer Experience (DX):

    • Path Traversal Mitigation (CWE-22): Hardened Endpoint._build_url with centralized sanitize_segment to neutralize directory traversal attempts in dynamic URI parameters.
    • Context Manager Enforcement: Strong promotion of with Client(...) as client: to mitigate CWE-772 (Missing Resource Release).
    • SSRF Guardrails: Implemented strict domain anchoring in Config.validate_config_url.
    • Enterprise Fuzzing: Integrated Atheris (libFuzzer) to expose edge-case parsing exceptions.

  • Unit & Integration Tests:

    • Registry-First Testing: Added a comprehensive, parameterized test suite for 40+ endpoints ensuring full parity with legacy routing logic.
    • Performance Benchmarks: Integrated pytest-benchmark and cold-boot profiling to ensure SDK startup latency remains within strictly defined thresholds (<0.1s).
    • CI/CD Hardening: Segregated testing topologies (Unit/Integration/Regression) to ensure clean CI execution.

  • CI/CD, Linting & Repository Management:

    • Defense in Depth: Integrated GitHub CodeQL, Google OSV-Scanner, and Semgrep (OWASP Top 10 ruleset) for automated security auditing.
    • Linting Resolution: Resolved all D10x, DOC201, and PLC0415 errors, enforcing strict Google-style documentation and import placement.
    • Supply Chain: Decoupled pip-audit into a standalone strict job.

  • Documentation & Samples:

    • README Overhaul: Modernized all code snippets to enforce safe memory/socket management via Context Managers.
    • Release Prep: Synchronized CHANGELOG.md with 1.7.0 updates, updated PERFORMANCE.md with new benchmarks, and bumped version to 1.7.0.

@skupriienko skupriienko self-assigned this May 26, 2026
@skupriienko skupriienko marked this pull request as ready for review May 26, 2026 12:21
@skupriienko skupriienko reopened this May 26, 2026
@skupriienko skupriienko reopened this May 26, 2026
github-advanced-security[bot]
github-advanced-security AI found potential problems May 26, 2026
View reviewed changes
Comment thread .github/workflows/security.yml Fixed
Comment thread .github/workflows/security.yml Fixed
Comment thread .github/workflows/security.yml Fixed
Comment thread .github/workflows/security.yml Fixed
github-code-quality[bot]
github-code-quality Bot found potential problems May 26, 2026
View reviewed changes
Comment thread tests/unit/test_client.py Fixed
Comment thread tests/unit/test_client.py Fixed
Comment thread tests/unit/test_client.py Fixed
Comment thread tests/unit/test_client.py Fixed
Comment thread mailjet_rest/types.py Fixed
Comment thread mailjet_rest/types.py Fixed
Comment thread mailjet_rest/types.py Fixed
Comment thread mailjet_rest/types.py Fixed
Comment thread mailjet_rest/types.py Fixed
Comment thread mailjet_rest/types.py Fixed
github-advanced-security[bot]
github-advanced-security AI found potential problems May 26, 2026
View reviewed changes
Comment thread .github/workflows/security.yml Fixed
skupriienko and others added 4 commits May 26, 2026 16:13
@skupriienko @github-advanced-security
Potential fix for pull request finding 'CodeQL / Workflow does not co…
381f1ef 
…ntain permissions'

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
@skupriienko
chore: Add a new line
4265de0
@skupriienko
Merge branch 'refine-client' of github-oss-repack:mailjet/mailjet-api…
7d1ab29 
…v3-python into refine-client
@skupriienko
test: replace explicit __del__ calls with gc.collect() to resolve Cod…
1ae37af 
…eQL warning
github-code-quality[bot]
github-code-quality Bot found potential problems May 26, 2026
View reviewed changes
Comment thread mailjet_rest/client.py Fixed
Comment thread tests/fuzz/fuzz_builder.py Fixed
Comment thread tests/fuzz/fuzz_client.py Fixed
Comment thread tests/fuzz/fuzz_guardrails.py Fixed
github-code-quality[bot]
github-code-quality Bot found potential problems May 26, 2026
View reviewed changes
Comment thread tests/unit/test_client.py Fixed
Comment thread tests/fuzz/fuzz_core.py Fixed
skupriienko and others added 3 commits May 26, 2026 17:43
@skupriienko @github-code-quality
Potential fix for pull request finding 'Empty except'
8ebdafc 
Co-authored-by: Copilot Autofix powered by AI <223894421+github-code-quality[bot]@users.noreply.github.com>
@skupriienko @github-code-quality
Potential fix for pull request finding 'Unused import'
0819d8b 
Co-authored-by: Copilot Autofix powered by AI <223894421+github-code-quality[bot]@users.noreply.github.com>
@skupriienko
chore: Remove __del__ method and tests
7075193
github-code-quality[bot]
github-code-quality Bot found potential problems May 26, 2026
View reviewed changes
Comment thread tests/unit/test_client.py Fixed
@skupriienko skupriienko changed the title Harden security workflows and packaging refactor: Modernize SDK architecture, harden security, and enable O(1) routing May 28, 2026
@skupriienko
feat(security): implement advanced input guardrails and fuzzing tests
d50ad86 
- client: add CRLF header validation before request dispatch
- config: enforce strict float coercion and math invariants for timeouts
- endpoint: explicitly encode dots in CSV routes to prevent path traversal
- guardrails: patch ReDoS in secret redaction; add recursive log scrubbing and 1000-char truncation limits
- fuzzing: implement network fault injection (Evil Server) and file I/O mocking
- manage.sh: support dynamic LibFuzzer args and fail CI on non-zero exit codes
github-advanced-security[bot]
github-advanced-security AI found potential problems Jun 3, 2026
View reviewed changes
Comment thread tests/integration/test_client.py Fixed
github-code-quality[bot]
github-code-quality Bot found potential problems Jun 3, 2026
View reviewed changes
Comment thread tests/fuzz/fuzz_builder.py Fixed
Comment thread tests/fuzz/fuzz_state_machine.py Fixed
Comment thread tests/fuzz/fuzz_builder.py Fixed
Comment thread tests/fuzz/fuzz_builder.py Fixed
Comment thread tests/fuzz/fuzz_builder.py Fixed
Comment thread tests/fuzz/fuzz_differential_v3.py Fixed
Comment thread tests/fuzz/fuzz_differential_v3.py Fixed
Comment thread tests/fuzz/fuzz_guardrails.py Fixed
Comment thread tests/fuzz/fuzz_guardrails.py Fixed
Comment thread tests/fuzz/fuzz_guardrails.py Fixed
github-code-quality[bot]
github-code-quality Bot found potential problems Jun 3, 2026
View reviewed changes
Comment thread tests/fuzz/fuzz_endpoint.py Fixed
skupriienko and others added 5 commits June 3, 2026 16:41
@skupriienko @github-code-quality
Potential fix for pull request finding 'Empty except'
cde2522 
Co-authored-by: Copilot Autofix powered by AI <223894421+github-code-quality[bot]@users.noreply.github.com>
@skupriienko @github-code-quality
Potential fix for pull request finding 'Empty except'
6155853 
Co-authored-by: Copilot Autofix powered by AI <223894421+github-code-quality[bot]@users.noreply.github.com>
@skupriienko @github-code-quality
Potential fix for pull request finding 'Empty except'
86eff36 
Co-authored-by: Copilot Autofix powered by AI <223894421+github-code-quality[bot]@users.noreply.github.com>
@skupriienko @github-code-quality
Potential fix for pull request finding 'Empty except'
4f24939 
Co-authored-by: Copilot Autofix powered by AI <223894421+github-code-quality[bot]@users.noreply.github.com>
@skupriienko @github-code-quality
Potential fix for pull request finding 'Empty except'
0954c42 
Co-authored-by: Copilot Autofix powered by AI <223894421+github-code-quality[bot]@users.noreply.github.com>
github-code-quality[bot]
github-code-quality Bot found potential problems Jun 3, 2026
View reviewed changes
Comment thread tests/fuzz/fuzz_guardrails.py Fixed
Comment thread tests/fuzz/fuzz_structure_aware.py Fixed
Comment thread tests/fuzz/fuzz_structure_aware.py Fixed
Comment thread tests/fuzz/fuzz_builder.py Fixed
Comment thread tests/fuzz/fuzz_differential.py Fixed
skupriienko and others added 2 commits June 3, 2026 16:48
@skupriienko @github-code-quality
Potential fix for pull request finding 'Empty except'
193a3ec 
Co-authored-by: Copilot Autofix powered by AI <223894421+github-code-quality[bot]@users.noreply.github.com>
@skupriienko @github-code-quality
Potential fix for pull request finding 'Empty except'
f118160 
Co-authored-by: Copilot Autofix powered by AI <223894421+github-code-quality[bot]@users.noreply.github.com>
github-code-quality[bot]
github-code-quality Bot found potential problems Jun 3, 2026
View reviewed changes
Comment thread tests/fuzz/fuzz_guardrails.py Fixed
Comment thread tests/fuzz/fuzz_evil_server.py Fixed
Comment thread tests/fuzz/fuzz_state_machine.py Fixed
github-code-quality[bot]
github-code-quality Bot found potential problems Jun 3, 2026
View reviewed changes
Comment thread tests/fuzz/fuzz_structure_aware.py Fixed
Comment thread tests/property/test_schemas.py Fixed
Comment thread tests/fuzz/fuzz_config.py Fixed
Comment thread tests/fuzz/fuzz_config.py Fixed
Comment thread mailjet_rest/types.py Dismissed
github-code-quality[bot]
github-code-quality Bot found potential problems Jun 3, 2026
View reviewed changes
Comment thread tests/fuzz/fuzz_state_machine.py Dismissed
Comment thread mailjet_rest/types.py Dismissed
Comment thread mailjet_rest/types.py Dismissed
Comment thread mailjet_rest/types.py Fixed
Comment thread mailjet_rest/types.py Fixed
Comment thread mailjet_rest/types.py Fixed
github-code-quality[bot]
github-code-quality Bot found potential problems Jun 4, 2026
View reviewed changes
Comment thread tests/fuzz/fuzz_csv_import_flow.py Fixed
Comment thread tests/fuzz/fuzz_csv_import_flow.py Fixed
Comment thread tests/fuzz/fuzz_differential_v3.py Fixed
Comment thread tests/fuzz/fuzz_differential_v3.py Fixed
Comment thread tests/fuzz/fuzz_config.py Dismissed
Comment thread tests/fuzz/fuzz_config.py Dismissed
github-code-quality[bot]
github-code-quality Bot found potential problems Jun 4, 2026
View reviewed changes
Comment thread mailjet_rest/types.py Dismissed
Comment thread mailjet_rest/types.py Dismissed
Comment thread mailjet_rest/types.py Dismissed
@skupriienko skupriienko merged commit d1ac4b2 into master Jun 4, 2026
26 checks passed
@skupriienko skupriienko deleted the refine-client branch June 4, 2026 14:57
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

2 more reviewers

@github-advanced-security github-advanced-security[bot] github-advanced-security[bot] left review comments

@github-code-quality github-code-quality[bot] github-code-quality[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

@skupriienko skupriienko

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@skupriienko @github-advanced-security