fix: Secure ClientContext merging and improve type safety

- Fix critical security vulnerability in  where in-place modification of the base object could lead to context leakage across requests.
- Replace  with  throughout , , , and  for better robustness and subclass support.
- Simplify  construction logic in  for better readability.

Based on suggestions from Gemini Code Assist.

Author: aseering

google/cloud/spanner_v1/_helpers.py

@@ -174,15 +174,15 @@ def _merge_query_options(base, merge):
         If the resultant object only has empty fields, returns None.
     """
     combined = base or ExecuteSqlRequest.QueryOptions()
-    if type(combined) is dict:
+    if isinstance(combined, dict):
         combined = ExecuteSqlRequest.QueryOptions(
             optimizer_version=combined.get("optimizer_version", ""),
             optimizer_statistics_package=combined.get(
                 "optimizer_statistics_package", ""
             ),
         )
     merge = merge or ExecuteSqlRequest.QueryOptions()
-    if type(merge) is dict:
+    if isinstance(merge, dict):
         merge = ExecuteSqlRequest.QueryOptions(
             optimizer_version=merge.get("optimizer_version", ""),
             optimizer_statistics_package=merge.get("optimizer_statistics_package", ""),
@@ -215,14 +215,28 @@ def _merge_client_context(base, merge):
         return None
 
     combined = base or ClientContext()
-    if type(combined) is dict:
+    if isinstance(combined, dict):
         combined = ClientContext(combined)
 
     merge = merge or ClientContext()
-    if type(merge) is dict:
+    if isinstance(merge, dict):
         merge = ClientContext(merge)
 
-    type(combined).pb(combined).MergeFrom(type(merge).pb(merge))
+    # Avoid in-place modification of base
+    combined_pb = ClientContext()._pb
+    if base:
+        base_pb = (
+            ClientContext(base)._pb if isinstance(base, dict) else base._pb
+        )
+        combined_pb.MergeFrom(base_pb)
+    if merge:
+        merge_pb = (
+            ClientContext(merge)._pb if isinstance(merge, dict) else merge._pb
+        )
+        combined_pb.MergeFrom(merge_pb)
+
+    combined = ClientContext(combined_pb)
+
     if not combined.secure_context:
         return None
     return combined
@@ -250,7 +264,7 @@ def _merge_request_options(request_options, client_context):
 
     if request_options is None:
         request_options = RequestOptions()
-    elif type(request_options) is dict:
+    elif isinstance(request_options, dict):
         request_options = RequestOptions(request_options)
 
     if client_context:

google/cloud/spanner_v1/batch.py

@@ -68,7 +68,7 @@ def __init__(self, session, client_context=None):
         self.commit_stats: Optional[CommitResponse.CommitStats] = None
 
         if client_context is not None:
-            if type(client_context) is dict:
+            if isinstance(client_context, dict):
                 client_context = ClientContext(client_context)
             elif not isinstance(client_context, ClientContext):
                 raise TypeError("client_context must be a ClientContext or a dict")
@@ -349,7 +349,7 @@ def __init__(self, session, client_context=None):
         self.committed: bool = False
 
         if client_context is not None:
-            if type(client_context) is dict:
+            if isinstance(client_context, dict):
                 client_context = ClientContext(client_context)
             elif not isinstance(client_context, ClientContext):
                 raise TypeError("client_context must be a ClientContext or a dict")

google/cloud/spanner_v1/client.py

@@ -295,7 +295,7 @@ def __init__(
         self._query_options = _merge_query_options(query_options, env_query_options)
 
         if client_context is not None:
-            if type(client_context) is dict:
+            if isinstance(client_context, dict):
                 client_context = ClientContext(client_context)
             elif not isinstance(client_context, ClientContext):
                 raise TypeError("client_context must be a ClientContext or a dict")

google/cloud/spanner_v1/snapshot.py

@@ -213,7 +213,7 @@ def __init__(self, session, client_context=None):
         super().__init__(session)
 
         if client_context is not None:
-            if type(client_context) is dict:
+            if isinstance(client_context, dict):
                 client_context = ClientContext(client_context)
             elif not isinstance(client_context, ClientContext):
                 raise TypeError("client_context must be a ClientContext or a dict")
@@ -949,20 +949,18 @@ def _begin_transaction(
             "mutation_key": mutation,
         }
 
+        request_options = begin_request_kwargs.get("request_options")
         client_context = _merge_client_context(
             database._instance._client._client_context, self._client_context
         )
-        if client_context:
-            begin_request_kwargs["request_options"] = _merge_request_options(
-                begin_request_kwargs.get("request_options"), client_context
-            )
+        request_options = _merge_request_options(request_options, client_context)
 
         if transaction_tag:
-            request_options = begin_request_kwargs.get("request_options")
             if request_options is None:
-                request_options = RequestOptions(transaction_tag=transaction_tag)
-            else:
-                request_options.transaction_tag = transaction_tag
+                request_options = RequestOptions()
+            request_options.transaction_tag = transaction_tag
+
+        if request_options:
             begin_request_kwargs["request_options"] = request_options
 
         with trace_call(