diff --git a/src/sentry/api/endpoints/debug_files.py b/src/sentry/api/endpoints/debug_files.py index faa655a70cf78d..bb374f837b3163 100644 --- a/src/sentry/api/endpoints/debug_files.py +++ b/src/sentry/api/endpoints/debug_files.py @@ -55,6 +55,7 @@ set_assemble_status, ) from sentry.utils.db import atomic_transaction +from sentry.workflow_engine.endpoints.utils.ids import to_valid_int_id logger = logging.getLogger("sentry.api") ERR_FILE_EXISTS = "A file matching this debug identifier already exists" @@ -258,7 +259,7 @@ def get(self, request: Request, project: Project) -> Response: """ download_requested = request.GET.get("id") is not None if download_requested and has_download_permission(request, project): - return self.download(request.GET.get("id"), project) + return self.download(to_valid_int_id("id", request.GET["id"], raise_404=True), project) elif download_requested: return Response(status=403) @@ -356,9 +357,10 @@ def delete(self, request: Request, project: Project) -> Response: """ debug_file_id = request.GET.get("id") if debug_file_id and _has_delete_permission(request.access, project): + validated_id = to_valid_int_id("id", debug_file_id, raise_404=True) with atomic_transaction(using=router.db_for_write(File)): debug_file = ( - ProjectDebugFile.objects.filter(id=debug_file_id, project_id=project.id) + ProjectDebugFile.objects.filter(id=validated_id, project_id=project.id) .select_related("file") .first() ) diff --git a/src/sentry/integrations/api/endpoints/data_forwarding_details.py b/src/sentry/integrations/api/endpoints/data_forwarding_details.py index f11b80e57563fe..96223e9fcad1b5 100644 --- a/src/sentry/integrations/api/endpoints/data_forwarding_details.py +++ b/src/sentry/integrations/api/endpoints/data_forwarding_details.py @@ -35,6 +35,7 @@ RpcUserOrganizationContext, ) from sentry.web.decorators import set_referrer_policy +from sentry.workflow_engine.endpoints.utils.ids import to_valid_int_id class OrganizationDataForwardingDetailsPermission(OrganizationPermission): @@ -73,7 +74,7 @@ def convert_args( self, request: Request, organization_id_or_slug: int | str, - data_forwarder_id: int, + data_forwarder_id: int | str, *args, **kwargs, ): @@ -86,7 +87,7 @@ def convert_args( try: data_forwarder = DataForwarder.objects.get( - id=data_forwarder_id, + id=to_valid_int_id("data_forwarder_id", data_forwarder_id, raise_404=True), organization=kwargs["organization"], ) except DataForwarder.DoesNotExist: diff --git a/src/sentry/integrations/api/endpoints/external_user_details.py b/src/sentry/integrations/api/endpoints/external_user_details.py index 5e191500f5bfa6..3552cc394b9425 100644 --- a/src/sentry/integrations/api/endpoints/external_user_details.py +++ b/src/sentry/integrations/api/endpoints/external_user_details.py @@ -24,6 +24,7 @@ from sentry.integrations.api.serializers.models.external_actor import ExternalActorSerializer from sentry.integrations.models.external_actor import ExternalActor from sentry.models.organization import Organization +from sentry.workflow_engine.endpoints.utils.ids import to_valid_int_id logger = logging.getLogger(__name__) @@ -42,13 +43,14 @@ def convert_args( self, request: Request, organization_id_or_slug: int | str, - external_user_id: int, + external_user_id: int | str, *args: Any, **kwargs: Any, ) -> tuple[tuple[Any, ...], dict[str, Any]]: args, kwargs = super().convert_args(request, organization_id_or_slug, *args, **kwargs) kwargs["external_user"] = self.get_external_actor_or_404( - external_user_id, kwargs["organization"] + to_valid_int_id("external_user_id", external_user_id, raise_404=True), + kwargs["organization"], ) return args, kwargs diff --git a/src/sentry/integrations/api/endpoints/organization_repository_commits.py b/src/sentry/integrations/api/endpoints/organization_repository_commits.py index ada366ec757590..7af478b9f942b2 100644 --- a/src/sentry/integrations/api/endpoints/organization_repository_commits.py +++ b/src/sentry/integrations/api/endpoints/organization_repository_commits.py @@ -20,6 +20,7 @@ from sentry.apidocs.utils import inline_sentry_response_serializer from sentry.models.commit import Commit from sentry.models.repository import Repository +from sentry.workflow_engine.endpoints.utils.ids import to_valid_int_id @cell_silo_endpoint @@ -73,7 +74,10 @@ def get(self, request: Request, organization, repo_id) -> Response: List a Repository's Commits """ try: - repo = Repository.objects.get(id=repo_id, organization_id=organization.id) + repo = Repository.objects.get( + id=to_valid_int_id("repo_id", repo_id, raise_404=True), + organization_id=organization.id, + ) except Repository.DoesNotExist: raise ResourceDoesNotExist diff --git a/src/sentry/notifications/api/endpoints/notification_actions_details.py b/src/sentry/notifications/api/endpoints/notification_actions_details.py index 5279c5537debcb..b09afcf344c8e6 100644 --- a/src/sentry/notifications/api/endpoints/notification_actions_details.py +++ b/src/sentry/notifications/api/endpoints/notification_actions_details.py @@ -27,6 +27,7 @@ OutgoingNotificationActionSerializer, ) from sentry.notifications.models.notificationaction import NotificationAction +from sentry.workflow_engine.endpoints.utils.ids import to_valid_int_id logger = logging.getLogger(__name__) @@ -50,13 +51,16 @@ class NotificationActionsDetailsEndpoint(OrganizationEndpoint): permission_classes = (NotificationActionsPermission,) - def convert_args(self, request: Request, action_id: int, *args, **kwargs): + def convert_args(self, request: Request, action_id: int | str, *args, **kwargs): parsed_args, parsed_kwargs = super().convert_args(request, *args, **kwargs) organization = parsed_kwargs["organization"] # Get the relevant action associated with the organization and request try: - action = NotificationAction.objects.get(id=action_id, organization_id=organization.id) + action = NotificationAction.objects.get( + id=to_valid_int_id("action_id", action_id, raise_404=True), + organization_id=organization.id, + ) except NotificationAction.DoesNotExist: raise ResourceDoesNotExist