search

chaos-genius / chaos_genius

ML powered analytics engine for outlier detection and root cause analysis.
https://www.chaosgenius.io
MIT License
730 stars 82 forks source link

[BUG] Input validations for APIs missing #818

Open rjdp opened 2 years ago

rjdp commented 2 years ago

Describe the bug

when updating anomaly_params for an Kpi if anomaly_params passed is null, it causes HTTP 500 response

Explain the environment

Current behavior

HTTP 500

Expected behavior

should cause validation error with HTTP 4xx

Logs

{"asctime": "2022-03-11 11:46:27,599", "levelname": "ERROR", "name": "chaos_genius", "message": "Exception on /api/anomaly-data/16/anomaly-params [POST]", "lineno": 1440, "funcName": "log_exception", "filename": "app.py", "exc_info": "Traceback (most recent call last):\n  File \"/usr/local/lib/python3.8/dist-packages/flask/app.py\", line 2051, in wsgi_app\n    response = self.full_dispatch_request()\n  File \"/usr/local/lib/python3.8/dist-packages/flask/app.py\", line 1501, in full_dispatch_request\n    rv = self.handle_user_exception(e)\n  File \"/usr/local/lib/python3.8/dist-packages/flask_cors/extension.py\", line 165, in wrapped_function\n    return cors_after_request(app.make_response(f(*args, **kwargs)))\n  File \"/usr/local/lib/python3.8/dist-packages/flask/app.py\", line 1499, in full_dispatch_request\n    rv = self.dispatch_request()\n  File \"/usr/local/lib/python3.8/dist-packages/flask/app.py\", line 1485, in dispatch_request\n    return self.ensure_sync(self.view_functions[rule.endpoint])(**req.view_args)\n  File \"/usr/src/app/chaos_genius/views/anomaly_data_view.py\", line 295, in kpi_anomaly_params\n    err, new_anomaly_params = validate_partial_anomaly_params(\n  File \"/usr/src/app/chaos_genius/views/anomaly_data_view.py\", line 736, in validate_partial_anomaly_params\n    if fields.isdisjoint(set(anomaly_params.keys())):\nAttributeError: 'NoneType' object has no attribute 'keys'"}
Samyak2 commented 2 years ago

The issue lies here: https://github.com/chaos-genius/chaos_genius/blob/9e2ac69f06a5ed8e17bd173c18f24e2769a81c3c/chaos_genius/views/anomaly_data_view.py#L284-L297

There is no check for req_data["anomaly_params"] is None. This should be a simple fix.

Lancelot03 commented 1 year ago

1201