fix: guard against None actions in incidents and add deliver_feature_result to org seer rpc#119465
Draft
billyvg wants to merge 1 commit into
Draft
fix: guard against None actions in incidents and add deliver_feature_result to org seer rpc#119465billyvg wants to merge 1 commit into
billyvg wants to merge 1 commit into
Conversation
…e_result to org seer rpc Fixes two production errors: 1. SENTRY-5RDY: AttributeError in incidents/logic.py when action is None - `trigger.get("actions", [])` can yield None entries; is_included now returns False early instead of calling .get() on None. 2. SENTRY-5RDJ: RpcResolutionException for deliver_feature_result via org endpoint - deliver_feature_result was in the internal seer_method_registry but missing from public_org_seer_method_registry, causing 404s when ProductionProxyRpcClient (local Seer dev against prod) calls back to Sentry via the org-scoped endpoint. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01AMHSVfELZygxVFppMefZzm
| from sentry.seer.autofix.autofix_tools import get_error_event_details, get_profile_details | ||
| from sentry.seer.endpoints.registry import SeerRpcMethod, seer_rpc | ||
| from sentry.seer.endpoints.seer_rpc import ( | ||
| deliver_feature_result, |
Contributor
There was a problem hiding this comment.
Read-only org member can trigger expensive night-shift writeback via org Seer RPC
Registering deliver_feature_result in the org-member Seer RPC registry lets any member with only org:read push a crafted night-shift result for a known run_uuid, triggering expensive trigger_autofix_agent runs, marking issues skipped, and writing fabricated triage rows within their org. Keep this writeback on the HMAC-authenticated Seer service endpoint (SeerRpcServiceEndpoint) only.
Evidence
- The PR adds
deliver_feature_resulttopublic_org_seer_method_registryinorganization_seer_rpc.py:164; that endpoint only enforcesSeerRpcPermission(org:read) plus theorganizations:seer-public-rpcflag and comments that it is "actually read only." deliver_feature_result(seer_rpc.py:1004) dispatchesfeature_id="night_shift"todeliver_night_shift_result, which parses attacker-suppliedresultintoTriageResponseand in_process_verdictscallsmark_skippedandtrigger_autofix_agentfor org groups (expensive/paid Seer operations) and bulk-createsSeerNightShiftRunResultrows with attacker-controlled reason text.- The delivery lookup is scoped to the caller's org (
SeerNightShiftRunShard.objects.filter(seer_run__uuid=run_uuid, run__organization_id=organization_id)), so impact is intra-org, not cross-tenant. - A valid
run_uuidis obtainable by members:SeerRunSerializer.serializereturnsstr(obj.uuid)asid, andfiltered_runs_querysetalways keeps project-less runs (night-shift shardSeerRuns), exposing the needed identifier.
Also found at 1 additional location
src/sentry/seer/endpoints/organization_seer_rpc.py:164-164
Identified by Warden security-review · FTM-DTG
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Fixes two production errors caught by automated monitoring.
Bug 1: SENTRY-5RDY — AttributeError in
is_includedwhen action isNoneSeverity: Medium (production error on alert rule update path)
Evidence:
AttributeError: 'NoneType' object has no attribute 'get'atsentry/incidents/logic.py:1999with local variableaction: "None". Triggered by PUT/api/0/organizations/{org}/alert-rules/{id}/when a trigger'sactionslist contains aNoneentry.Fix: Guard
is_includedagainstNoneentries before calling.get(). ANoneaction is excluded (returnsFalse) rather than crashing. Also corrects the type annotation toMapping[str, Any] | None.Bug 2: SENTRY-5RDJ —
RpcResolutionException: Unknown method deliver_feature_resultSeverity: Medium (breaks Seer explorer feature result push-back to Sentry)
Evidence:
RpcResolutionExceptionraised inorganization_seer_rpc.py:332withrpc.referrer: explorer. Seer's explorer callsdeliver_feature_resultviaProductionProxyRpcClientwhich routes to/api/0/organizations/{org}/seer-rpc/(the org-scoped endpoint), but the method was only registered in the internalseer_method_registry, not inpublic_org_seer_method_registry.Seer Autofix root cause: "deliver_feature_result is registered in the global seer RPC registry but missing from the organization-scoped endpoint's registry."
Fix: Add
deliver_feature_resulttopublic_org_seer_method_registry. The method is safe here — it is already gated by theorganizations:seer-public-rpcfeature flag andorg:readpermission, and unknownfeature_idvalues are silently ignored.Session
https://claude.ai/code/session_01AMHSVfELZygxVFppMefZzm
Legal Boilerplate
Look, I get it. The entity doing business as "Sentry" was incorporated in the State of Delaware in 2015 as Functional Software, Inc. and is gonna need some rights from me in order to utilize my contributions in this here PR. So here's the deal: I retain all rights, title and interest in and to my contributions, and by keeping this boilerplate intact I confirm that Sentry can use, modify, copy, and redistribute my contributions, under Sentry's choice of terms.
Generated by Claude Code