Skip to content

[Bug]: workflow expression evaluator mis-parses a pipe inside a quoted string as a filter #3260

Description

@Quratulain-bilal

Summary

In the workflow expression evaluator (src/specify_cli/workflows/expressions.py), the pipe-filter split is not quote/bracket-aware. A | that appears inside a quoted operand is wrongly treated as a filter separator, so an expression like {{ inputs.mode == 'read|write' }} raises ValueError: unknown filter 'write' and crashes the whole expression.

Root cause

_evaluate_simple_expression handles pipes with a naive check:

if "|" in expr:
    parts = expr.split("|", 1)

The and/or/in/comparison splits all go through _find_top_level(), which skips separators inside quotes or nested brackets (its docstring calls this out for mode == 'read and write'). The pipe split was the one separator that skipped that protection, so the | in a quoted literal is parsed as a filter pipe.

Reproduction

from specify_cli.workflows.expressions import evaluate_expression
from specify_cli.workflows.base import StepContext

ctx = StepContext(inputs={"mode": "read|write"})
evaluate_expression("{{ inputs.mode == 'read|write' }}", ctx)
# ValueError: unknown filter 'write': expected one of default ...

Expected: True (the comparison should apply to the whole string literal).

Impact

Any workflow gate/when condition or template that compares against (or contains) a string literal with a | crashes at evaluation. It also breaks join('|') where the separator argument is itself a pipe.

Suggested fix

Split at the first top-level pipe via _find_top_level(expr, "|"), matching how the other operators are already handled.


note: i used an ai assistant to help investigate and write this up.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type
    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions