Fix unreachable JSON validation code in validate_input_path

[codewithfourtix]

In src/scancode/cli.py, the validate_input_path function contained a premature raise statement that made the JSON validation checks below it dead/unreachable code. As a result, two important validations were silently never executed:

• Checking that the JSON input file has a .json extension
• Checking that the JSON file is well-formed (starts with {)

Root Cause

The raise click.BadParameter(...) for "not a file" was placed before the extension and content checks, causing Python to exit the block immediately and skip the remaining validations entirely.

Before (Broken)

if from_json and not is_file(location=inp, follow_symlinks=True):
    raise click.BadParameter(f"JSON input: {inp!r} is not a file")
    if not inp.lower().endswith(".json"):   # ← never reached
        raise click.BadParameter(f"JSON input: {inp!r} is not a JSON file with a .json extension")
    with open(inp) as js:
        start = js.read(100).strip()
    if not start.startswith("{"):           # ← never reached
        raise click.BadParameter(f"JSON input: {inp!r} is not a well formed JSON file")

After (Fixed)

if from_json and not is_file(location=inp, follow_symlinks=True):
    raise click.BadParameter(f"JSON input: {inp!r} is not a file")

if from_json and is_file(location=inp, follow_symlinks=True):
    if not inp.lower().endswith(".json"):
        raise click.BadParameter(f"JSON input: {inp!r} is not a JSON file with a .json extension")
    with open(inp) as js:
        start = js.read(100).strip()
    if not start.startswith("{"):
        raise click.BadParameter(f"JSON input: {inp!r} is not a well formed JSON file")

Impact

Without this fix, users could pass a non-.json file or a malformed JSON file as --from-json input and ScanCode would proceed without raising an appropriate error, likely causing a confusing failure downstream.

---

Tasks

• Reviewed [contribution guidelines](https://github.com/nexB/scancode-toolkit/blob/develop/CONTRIBUTING.rst)
• PR is descriptively titled and links the original issue above
• Tests pass
• Commits are in a uniquely-named feature branch and has no merge conflicts
• Updated documentation pages (not applicable)
• Updated CHANGELOG.rst (not applicable for minor bug fix)

[Copilot]

Pull request overview

Fixes the JSON-specific validation path in validate_input_path() so that JSON extension/content checks can run (instead of being placed after an unconditional raise).

Changes:

• Splits the --from-json validation into “not a file” vs “is a file” branches.
• Restores execution of .json extension and “looks like JSON” ({ prefix) checks for file inputs.

Comments suppressed due to low confidence (1)

src/scancode/cli.py:202

• open(inp) uses the platform default text encoding and the read() can raise UnicodeDecodeError for binary/non-UTF-8 inputs, which would surface as an unhandled exception during CLI argument validation. Handle decode errors explicitly (e.g., specify an encoding and catch UnicodeDecodeError) and convert them to a click.BadParameter so users get a consistent, friendly error.

            with open(inp) as js:
                start = js.read(100).strip()
            if not start.startswith("{"):
                raise click.BadParameter(f"JSON input: {inp!r} is not a well formed JSON file")

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.