Fix empty list filter raising IndexError instead of WeaviateInvalidInputError

[dirkkul]

based on #1942

[orca-security-eu]

Orca Security Scan Summary

Status	Check	Issues by priority
Passed	Infrastructure as Code	0   0   0   0	View in Orca
Passed	SAST	0   0   0   0	View in Orca
Passed	Secrets	0   0   0   0	View in Orca
Passed	Vulnerabilities	0   0   0   0	View in Orca

[Copilot]

Pull request overview

This PR prevents IndexError when filters are called with empty list values by adding client-side validation and serialization-layer guards, aligning the behavior with WeaviateInvalidInputError expectations.

Changes:

• Add explicit empty-list validation to Filter.by_property(...).equal/not_equal/less_than/less_or_equal/greater_than/greater_or_equal.
• Add REST serialization guard to raise WeaviateInvalidInputError for empty lists.
• Add gRPC serialization guards to avoid indexing into empty lists, and add unit tests covering the new validations.

Reviewed changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated 1 comment.

File	Description
weaviate/collections/filters.py	Adds empty-list handling in gRPC list conversions and raises WeaviateInvalidInputError in REST parsing for empty lists.
weaviate/collections/classes/filters.py	Adds empty-list validation to comparison filter builder methods to raise WeaviateInvalidInputError.
test/collection/test_filter.py	Adds unit tests asserting empty-list inputs raise WeaviateInvalidInputError for the updated methods.
test/collection/test_config_methods.py	Formats the test schema dict (no functional change).

Comments suppressed due to low confidence (1)

weaviate/collections/classes/filters.py:229

• The empty-list validation checks isinstance(val, list) only. Since FilterValuesList is typed as Sequence[...], callers could pass an empty tuple/other sequence and bypass this guard, leading to a different error later (e.g., ValueError in REST parsing) instead of the intended WeaviateInvalidInputError. Consider validating Sequence (excluding str/bytes) or coercing sequences to list consistently before checking len(...) == 0.

    def equal(self, val: FilterValues) -> _Filters:
        """Filter on whether the property is equal to the given value."""
        if isinstance(val, list) and len(val) == 0:
            raise WeaviateInvalidInputError(
                "Filtering on empty lists is not supported by Weaviate. "
                "To filter by property length, use "
                "Filter.by_property('prop', length=True).equal(0)"
            )
        return _FilterValue(target=self._target_path(), value=val, operator=_Operator.EQUAL)

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

Pull request overview

Copilot reviewed 4 out of 4 changed files in this pull request and generated no new comments.

Comments suppressed due to low confidence (2)

integration/test_rbac.py:392

• This change appears unrelated to the PR's stated purpose of fixing empty list filter validation. While the change itself makes sense (avoiding duplicate role names in tests), it should ideally be in a separate commit or PR, or at least mentioned in the PR description. Including unrelated changes can make code reviews more difficult and confuse the git history.

                name="AlliasRole3",

test/collection/test_filter.py:65

• Consider adding a similar test for the REST converter to ensure the defense-in-depth empty list check in _FilterToREST.__parse_filter also works as expected. While the gRPC test covers one code path, the REST converter has its own empty list validation at line 236-241 of weaviate/collections/filters.py that should be tested independently to ensure both serialization paths handle empty lists correctly.

def test_empty_list_grpc_conversion() -> None:
    """Ensure the gRPC converter raises WeaviateInvalidInputError for empty lists."""
    fv = _FilterValue(target="test", value=[], operator=_Operator.EQUAL)
    with pytest.raises(weaviate.exceptions.WeaviateInvalidInputError):
        _FilterToGRPC.convert(fv)

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[codecov-commenter]

Codecov Report

❌ Patch coverage is 95.45455% with 2 lines in your changes missing coverage. Please review.
✅ Project coverage is 87.88%. Comparing base (ed3eed2) to head (460b20b).

Files with missing lines	Patch %	Lines
weaviate/collections/filters.py	77.77%	2 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #1962      +/-   ##
==========================================
- Coverage   87.88%   87.88%   -0.01%     
==========================================
  Files         280      280              
  Lines       21347    21388      +41     
==========================================
+ Hits        18760    18796      +36     
- Misses       2587     2592       +5     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.