Skip to content

fix(api): Handle non-dict payload for project symbol sources PUT#119158

Open
sentry[bot] wants to merge 1 commit into
masterfrom
seer/fix/api-symbol-sources-put-payload
Open

fix(api): Handle non-dict payload for project symbol sources PUT#119158
sentry[bot] wants to merge 1 commit into
masterfrom
seer/fix/api-symbol-sources-put-payload

Conversation

@sentry

@sentry sentry Bot commented Jul 7, 2026

Copy link
Copy Markdown
Contributor

This PR addresses a TypeError: list indices must be integers or slices, not str that occurs when the PUT /api/0/projects/{organization_id_or_slug}/{project_id_or_slug}/symbol-sources/ endpoint receives a JSON array as its request body instead of the expected JSON object.

The root cause was that the endpoint's put() method directly assigned request.data to source and then attempted to access source["id"] without validating that source was a dictionary. If request.data was a list, this would lead to the TypeError.

The fix introduces a type check at the beginning of the put() method in src/sentry/api/endpoints/project_symbol_sources.py. If request.data is not an instance of dict, the API now returns a 400 Bad Request response with a {"detail": "Invalid request body"} message, preventing the TypeError and providing a clearer error to the client.

Legal Boilerplate

Look, I get it. The entity doing business as "Sentry" was incorporated in the State of Delaware in 2015 as Functional Software, Inc. and is gonna need some rights from me in order to utilize my contributions in this here PR. So here's the deal: I retain all rights, title and interest in and to my contributions, and by keeping this boilerplate intact I confirm that Sentry can use, modify, copy, and redistribute my contributions, under Sentry's choice of terms.

Fixes SENTRY-5R9Y

Comment @sentry <feedback> on this PR to have Autofix iterate on the changes.

@sentry sentry Bot requested a review from a team as a code owner July 7, 2026 21:17
@github-actions github-actions Bot added the Scope: Backend Automatically applied to PRs that change backend components label Jul 7, 2026
Comment on lines +401 to +402
return Response(data={"detail": "Invalid request body"}, status=400)

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Bug: The new validation check returns an error response with a detail key, while the rest of the endpoint consistently uses an error key, breaking the documented API contract.
Severity: MEDIUM

Suggested Fix

To ensure API consistency and maintain backward compatibility, modify the error response to use the error key instead of detail. Change the response to return Response(data={"error": "Invalid request body"}, status=400).

Prompt for AI Agent
Review the code at the location below. A potential bug has been identified by an AI
agent. Verify if this is a real issue. If it is, propose a fix; if not, explain why it's
not valid.

Location: src/sentry/api/endpoints/project_symbol_sources.py#L401-L402

Potential issue: The new validation check in the `put` method returns an error response
using the format `{"detail": "..."}`. This is inconsistent with the rest of the
endpoint, which uses the `{"error": "..."}` format for all other errors. This violates
the documented API contract, as specified by the `_SymbolSourceErrorResponse` TypedDict
and the method's return type annotation. The documentation explicitly states the
`{"error": ...}` format is retained for backward compatibility, so this change could
break existing API consumers that expect the `error` key in all error responses from
this endpoint.

Did we get this right? 👍 / 👎 to inform future reviews.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

Scope: Backend Automatically applied to PRs that change backend components

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants