Skip to content

fix(workflows): Treat OrganizationWorkflowIndexEndpoint query parse errors as 400s#110434

Merged
kcons merged 1 commit intomasterfrom
kcons/bettererr
Mar 11, 2026
Merged

fix(workflows): Treat OrganizationWorkflowIndexEndpoint query parse errors as 400s#110434
kcons merged 1 commit intomasterfrom
kcons/bettererr

Conversation

@kcons
Copy link
Member

@kcons kcons commented Mar 11, 2026

Unexpected query terms are expected.

Fixes SENTRY-5JJB.

@kcons kcons requested a review from a team as a code owner March 11, 2026 16:57
@github-actions github-actions bot added the Scope: Backend Automatically applied to PRs that change backend components label Mar 11, 2026
saponifi3d
saponifi3d approved these changes Mar 11, 2026
View reviewed changes
Copy link
Contributor

@saponifi3d saponifi3d left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

best pr since sliced bread.

src/sentry/workflow_engine/endpoints/organization_workflow_index.py
if raw_query := request.GET.get("query"):
for filter in parse_workflow_query(raw_query):
try:
parsed_query = parse_workflow_query(raw_query)
Copy link
Contributor

@saponifi3d saponifi3d Mar 11, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

❤️

@kcons kcons enabled auto-merge (squash) March 11, 2026 16:59
github-advanced-security[bot]
github-advanced-security bot found potential problems Mar 11, 2026
View reviewed changes
src/sentry/workflow_engine/endpoints/organization_workflow_index.py
try:
parsed_query = parse_workflow_query(raw_query)
except InvalidSearchQuery as e:
raise serializers.ValidationError({"query": [str(e)]})

Check warning

Code scanning / CodeQL

Information exposure through an exception Medium

Stack trace information
Loading
flows to this location and may be exposed to an external user.

Copilot Autofix

AI 6 days ago

To fix this, we should stop returning the raw InvalidSearchQuery exception message to the client and instead send a generic, user-safe validation error while logging or otherwise handling the detailed error server-side if needed. The key is to preserve behavior (a 400 with an error on the query field) while ensuring the message is not derived from the exception text.

Concretely, in OrganizationWorkflowIndexEndpoint.filter_workflows, change the except InvalidSearchQuery as e: block so that it no longer uses str(e) in the response. Replace:

except InvalidSearchQuery as e:
    raise serializers.ValidationError({"query": [str(e)]})

with a version that uses a static message, such as:

except InvalidSearchQuery:
    raise serializers.ValidationError(
        {"query": ["Invalid search query. Check the syntax and supported fields."]}
    )

This keeps the same structure of the validation error (field key query, list of messages) and the same exception type, so existing client handling should continue to work, but no longer leaks exception-derived details. No new imports are required, and no other parts of the file need to change for this fix.

Suggested changeset 1
src/sentry/workflow_engine/endpoints/organization_workflow_index.py

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/src/sentry/workflow_engine/endpoints/organization_workflow_index.py b/src/sentry/workflow_engine/endpoints/organization_workflow_index.py
--- a/src/sentry/workflow_engine/endpoints/organization_workflow_index.py
+++ b/src/sentry/workflow_engine/endpoints/organization_workflow_index.py
@@ -164,8 +164,14 @@
         if raw_query := request.GET.get("query"):
             try:
                 parsed_query = parse_workflow_query(raw_query)
-            except InvalidSearchQuery as e:
-                raise serializers.ValidationError({"query": [str(e)]})
+            except InvalidSearchQuery:
+                raise serializers.ValidationError(
+                    {
+                        "query": [
+                            "Invalid search query. Check the query syntax and supported fields."
+                        ]
+                    }
+                )
             for filter in parsed_query:
                 assert isinstance(filter, SearchFilter)
                 match filter:
EOF
@@ -164,8 +164,14 @@
if raw_query := request.GET.get("query"):
try:
parsed_query = parse_workflow_query(raw_query)
except InvalidSearchQuery as e:
raise serializers.ValidationError({"query": [str(e)]})
except InvalidSearchQuery:
raise serializers.ValidationError(
{
"query": [
"Invalid search query. Check the query syntax and supported fields."
]
}
)
for filter in parsed_query:
assert isinstance(filter, SearchFilter)
match filter:
Copilot is powered by AI and may make mistakes. Always verify output.
@kcons kcons merged commit caa3bc9 into master Mar 11, 2026
58 checks passed
@kcons kcons deleted the kcons/bettererr branch March 11, 2026 17:20
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@saponifi3d saponifi3d saponifi3d approved these changes

Assignees

No one assigned

Labels

Scope: Backend Automatically applied to PRs that change backend components

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@kcons @saponifi3d