chaos_genius icon indicating copy to clipboard operation
chaos_genius copied to clipboard

Published 20 hours ago verified publisher icon chaos-genius

[BUG] Input validations for APIs missing

Open rjdp opened this issue 2 years ago • 2 comments

Describe the bug

when updating anomaly_params for an Kpi if anomaly_params passed is null, it causes HTTP 500 response

Explain the environment

  • Chaos Genius version: https://github.com/chaos-genius/chaos_genius/commit/9e2ac69f06a5ed8e17bd173c18f24e2769a81c3c reproduced on test builds from Develop branch

Current behavior

HTTP 500

Expected behavior

should cause validation error with HTTP 4xx

Logs

{"asctime": "2022-03-11 11:46:27,599", "levelname": "ERROR", "name": "chaos_genius", "message": "Exception on /api/anomaly-data/16/anomaly-params [POST]", "lineno": 1440, "funcName": "log_exception", "filename": "app.py", "exc_info": "Traceback (most recent call last):\n  File \"/usr/local/lib/python3.8/dist-packages/flask/app.py\", line 2051, in wsgi_app\n    response = self.full_dispatch_request()\n  File \"/usr/local/lib/python3.8/dist-packages/flask/app.py\", line 1501, in full_dispatch_request\n    rv = self.handle_user_exception(e)\n  File \"/usr/local/lib/python3.8/dist-packages/flask_cors/extension.py\", line 165, in wrapped_function\n    return cors_after_request(app.make_response(f(*args, **kwargs)))\n  File \"/usr/local/lib/python3.8/dist-packages/flask/app.py\", line 1499, in full_dispatch_request\n    rv = self.dispatch_request()\n  File \"/usr/local/lib/python3.8/dist-packages/flask/app.py\", line 1485, in dispatch_request\n    return self.ensure_sync(self.view_functions[rule.endpoint])(**req.view_args)\n  File \"/usr/src/app/chaos_genius/views/anomaly_data_view.py\", line 295, in kpi_anomaly_params\n    err, new_anomaly_params = validate_partial_anomaly_params(\n  File \"/usr/src/app/chaos_genius/views/anomaly_data_view.py\", line 736, in validate_partial_anomaly_params\n    if fields.isdisjoint(set(anomaly_params.keys())):\nAttributeError: 'NoneType' object has no attribute 'keys'"}

rjdp avatar Mar 11 '22 19:03 rjdp

The issue lies here: https://github.com/chaos-genius/chaos_genius/blob/9e2ac69f06a5ed8e17bd173c18f24e2769a81c3c/chaos_genius/views/anomaly_data_view.py#L284-L297

There is no check for req_data["anomaly_params"] is None. This should be a simple fix.

Samyak2 avatar Mar 12 '22 10:03 Samyak2

#1201

Lancelot03 avatar May 20 '23 06:05 Lancelot03