Skip to content

fix: guard malformed JSON in JSONConverter content_key path#11980

Merged
davidsbatista merged 3 commits into
deepset-ai:mainfrom
chuenchen309:fix/json-converter-guard-content-key-parse
Jul 17, 2026
Merged

fix: guard malformed JSON in JSONConverter content_key path#11980
davidsbatista merged 3 commits into
deepset-ai:mainfrom
chuenchen309:fix/json-converter-guard-content-key-parse

Conversation

@chuenchen309

Copy link
Copy Markdown
Contributor

What

JSONConverter._extract_text_and_metadata guards the jq_schema path (it logs a warning and skips the file on failure), but the non-jq branch — used when the converter is configured with content_key and no jq_schema — calls json.loads(file_content) with no guard:

else:
    # We just load the whole file as JSON if the user didn't provide a jq filter.
    objects = [json.loads(file_content)]

A single malformed .json source therefore raises an unhandled json.JSONDecodeError and aborts the entire run(), even when other sources in the batch are valid. This is inconsistent with the jq_schema path and with the existing handling of decode errors (UnicodeError) a few lines above, both of which skip the offending file and continue.

Fix

Wrap the non-jq json.loads in the same warn-and-skip guard already used by the jq branch, catching the specific json.JSONDecodeError.

Test

Added test_run_with_malformed_json_and_content_key, which mirrors the existing test_run_with_non_json_file but exercises the content_key-only path. It fails before the change (uncaught JSONDecodeError) and passes after, asserting the file is skipped with a single warning and run() returns {"documents": []}.

Verified locally: the new test and the other non-jq tests in test/components/converters/test_json.py pass; the jq-dependent tests require the optional jq extra (not installed locally) and are unaffected by this change. ruff check and ruff format --check are clean. Added a release note.


Authored with AI assistance (Claude Code); the change and tests were reviewed and verified locally by me.

When configured with content_key and no jq_schema, JSONConverter.run
called json.loads without a guard, so a single invalid .json source
raised an unhandled JSONDecodeError and aborted the whole run — unlike
the jq_schema branch, which logs a warning and skips the file. Guard the
non-jq json.loads the same way.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
@chuenchen309
chuenchen309 requested a review from a team as a code owner July 13, 2026 09:48
@chuenchen309
chuenchen309 requested review from davidsbatista and removed request for a team July 13, 2026 09:48
@vercel

vercel Bot commented Jul 13, 2026

Copy link
Copy Markdown

@chuenchen309 is attempting to deploy a commit to the deepset Team on Vercel.

A member of the Team first needs to authorize it.

@github-actions

github-actions Bot commented Jul 13, 2026

Copy link
Copy Markdown
Contributor

Coverage report

Click to see where and how coverage changed

FileStatementsMissingCoverageCoverage
(new stmts)
Lines missing
  haystack/components/converters
  json.py
Project Total  

This report was generated by python-coverage-comment-action

@davidsbatista

Copy link
Copy Markdown
Contributor

Hi @chuenchen309, thanks for the opening the PR.

I also noticed you opened 7 PRs in the last few hours. Was this due to you using Haystack or by running AI tools on the code?

@chuenchen309

Copy link
Copy Markdown
Contributor Author

Hi @davidsbatista — happy to be straight about it. I'm a light user of Haystack, not a heavy day-to-day one, but it's a project I'm genuinely interested in and wanted to contribute back to. For that reason, most of these came from using an AI coding assistant (Claude Code) to do focused code review across parts of the codebase, rather than from bugs I stumbled onto purely through my own usage — that's why several landed in a short window. Each PR isn't just an AI patch pasted in though: for every one I had it write a failing test that reproduces the actual defect, verified the fix makes the test pass, ran the relevant suite plus ruff/fmt locally, and read the diff myself before opening it, so I stand behind the correctness of each fix.

I take the point on pace — 7 PRs in a few hours is a lot to land on anyone's plate. I'll hold off on opening any more for now so these four don't get buried; happy to revisit later if useful, and no worries at all if some/all of these aren't a good fit for the project right now.

@davidsbatista

Copy link
Copy Markdown
Contributor

Hi @davidsbatista — happy to be straight about it. I'm a light user of Haystack, not a heavy day-to-day one, but it's a project I'm genuinely interested in and wanted to contribute back to. For that reason, most of these came from using an AI coding assistant (Claude Code) to do focused code review across parts of the codebase, rather than from bugs I stumbled onto purely through my own usage — that's why several landed in a short window. Each PR isn't just an AI patch pasted in though: for every one I had it write a failing test that reproduces the actual defect, verified the fix makes the test pass, ran the relevant suite plus ruff/fmt locally, and read the diff myself before opening it, so I stand behind the correctness of each fix.

I take the point on pace — 7 PRs in a few hours is a lot to land on anyone's plate. I'll hold off on opening any more for now so these four don't get buried; happy to revisit later if useful, and no worries at all if some/all of these aren't a good fit for the project right now.

Thanks a lot for the clarification, and happy to know about your interest and use of Haystack, also that not all PRs were automated and that some human reasoning was involved. We will review the PRs as time permits.

@chuenchen309

Copy link
Copy Markdown
Contributor Author

Thanks @davidsbatista, really appreciate it — no rush on any of these. 🙏

@davidsbatista davidsbatista left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good! Thanks for the contribution.

@davidsbatista
davidsbatista enabled auto-merge (squash) July 17, 2026 09:21
@davidsbatista
davidsbatista merged commit 76d5686 into deepset-ai:main Jul 17, 2026
22 of 23 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants