Skip to content
This repository has been archived by the owner on Sep 12, 2024. It is now read-only.

[BUG] Input validations for APIs missing #818

Open
rjdp opened this issue Mar 11, 2022 · 2 comments
Open

[BUG] Input validations for APIs missing #818

rjdp opened this issue Mar 11, 2022 · 2 comments
Labels
🛠️ backend 🐛 bug Something isn't working good first issue Good for newcomers help wanted Extra attention is needed

Comments

@rjdp
Copy link
Contributor

rjdp commented Mar 11, 2022

Describe the bug

when updating anomaly_params for an Kpi if anomaly_params passed is null, it causes HTTP 500 response

Explain the environment

  • Chaos Genius version: 9e2ac69 reproduced on test builds from Develop branch

Current behavior

HTTP 500

Expected behavior

should cause validation error with HTTP 4xx

Logs

{"asctime": "2022-03-11 11:46:27,599", "levelname": "ERROR", "name": "chaos_genius", "message": "Exception on /api/anomaly-data/16/anomaly-params [POST]", "lineno": 1440, "funcName": "log_exception", "filename": "app.py", "exc_info": "Traceback (most recent call last):\n  File \"/usr/local/lib/python3.8/dist-packages/flask/app.py\", line 2051, in wsgi_app\n    response = self.full_dispatch_request()\n  File \"/usr/local/lib/python3.8/dist-packages/flask/app.py\", line 1501, in full_dispatch_request\n    rv = self.handle_user_exception(e)\n  File \"/usr/local/lib/python3.8/dist-packages/flask_cors/extension.py\", line 165, in wrapped_function\n    return cors_after_request(app.make_response(f(*args, **kwargs)))\n  File \"/usr/local/lib/python3.8/dist-packages/flask/app.py\", line 1499, in full_dispatch_request\n    rv = self.dispatch_request()\n  File \"/usr/local/lib/python3.8/dist-packages/flask/app.py\", line 1485, in dispatch_request\n    return self.ensure_sync(self.view_functions[rule.endpoint])(**req.view_args)\n  File \"/usr/src/app/chaos_genius/views/anomaly_data_view.py\", line 295, in kpi_anomaly_params\n    err, new_anomaly_params = validate_partial_anomaly_params(\n  File \"/usr/src/app/chaos_genius/views/anomaly_data_view.py\", line 736, in validate_partial_anomaly_params\n    if fields.isdisjoint(set(anomaly_params.keys())):\nAttributeError: 'NoneType' object has no attribute 'keys'"}
@rjdp rjdp added the 🐛 bug Something isn't working label Mar 11, 2022
@Samyak2
Copy link
Contributor

Samyak2 commented Mar 12, 2022

The issue lies here:

chaos_genius/chaos_genius/views/anomaly_data_view.py

Lines 284 to 297 in 9e2ac69

if "anomaly_params" not in req_data:
return (
jsonify(
{
"error": "The request JSON needs to have anomaly_params as a field",
"status": "failure",
}
),
400,
)
err, new_anomaly_params = validate_partial_anomaly_params(
req_data["anomaly_params"]
)

There is no check for req_data["anomaly_params"] is None. This should be a simple fix.

@manassolanki manassolanki added the help wanted Extra attention is needed label Mar 14, 2022
This was referenced May 20, 2023
Merged
Open
@Lancelot03
Copy link

#1201

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
🛠️ backend 🐛 bug Something isn't working good first issue Good for newcomers help wanted Extra attention is needed
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@rjdp @manassolanki @Samyak2 @Lancelot03