Skip to content

Skip a malformed app record instead of 500ing the whole marketplace listing#8924

Merged
kodjima33 merged 1 commit into
BasedHardware:mainfrom
ZachL111:zach/apps-marketplace-poison-guard
Jul 3, 2026
Merged

Skip a malformed app record instead of 500ing the whole marketplace listing#8924
kodjima33 merged 1 commit into
BasedHardware:mainfrom
ZachL111:zach/apps-marketplace-poison-guard

Conversation

@ZachL111

@ZachL111 ZachL111 commented Jul 3, 2026

Copy link
Copy Markdown
Contributor

What

The public app marketplace listings are built by looping over raw Firestore documents and constructing App(**doc) for each, with no per-record guard:

  • get_popular_apps() feeds GET /v1/apps/popular
  • get_available_apps() feeds GET /v1/apps
  • get_approved_available_apps() feeds GET /v2/apps and GET /v1/approved-apps

App has required no-default fields (id, name, category, author, description, image, capabilities). A single legacy or malformed app document that is missing one of these raises pydantic.ValidationError, which is unhandled and 500s the entire listing. Because these listings are shared and Redis/process-cached across all users, one bad record takes the marketplace down for everyone, not just its owner.

Change

Add a _safe_build_app(app_dict) helper that builds the App, and on ValidationError skips the record (returns None) and logs its id plus the offending field names only (never the field values, per the logging-security rules). Use it at all three build sites so a malformed record is dropped instead of failing the whole page.

Single-file change in backend/utils/apps.py. No change to the model, the database layer, or the routers.

Test

New backend/tests/unit/test_apps_marketplace_poison_guard.py:

  • a valid record builds an App.
  • a record missing required fields, and an empty record, each return None instead of raising.
  • a poison record between two valid ones does not take the batch down (the two valid apps still come through).

The helper is a pure function, so the test imports and calls it directly (functional core, no monkeypatch, no sys.modules). Auto-discovered by scripts/select_backend_unit_tests.py --all; passes the import-purity and stub-pollution scanners.

Review in cubic

…isting

get_popular_apps, get_available_apps, and get_approved_available_apps build App(**doc)
in a loop over raw Firestore documents. Those listings are shared and Redis/process
cached across all users, so a single malformed or legacy app document raised
ValidationError and 500'd the entire page for everyone (GET /v1/apps, /v1/apps/popular,
/v2/apps, /v1/approved-apps).

Add a _safe_build_app helper that skips a record failing validation (returning None and
logging its id plus the offending field names only) and use it at all three build sites.
Adds pure unit tests for the helper.

@cubic-dev-ai cubic-dev-ai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No issues found across 2 files

Confidence score: 5/5

  • Automated review surfaced no issues in the provided summaries.
  • No files require special attention.

Re-trigger cubic

@kodjima33 kodjima33 left a comment

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Backend bug fix w/ tests: skip malformed app record instead of 500ing marketplace listings. Established poison-record pattern.

@kodjima33 kodjima33 merged commit 7029170 into BasedHardware:main Jul 3, 2026
5 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants