Skip to content

[BUG] Type-Unsafe Request Payloads (Missing Pydantic Models) #1489

Description

@sahare-mayur-0071

Type-Unsafe Request Payloads (Missing Pydantic Models)

Description:
Many POST and PATCH endpoints in backend/secuscan/routes.py use generic Dict[str, Any] for incoming request payloads rather than strictly typed Pydantic models. This circumvents FastAPI's automatic request validation and type coercion.

Affected Code/Endpoints:

  • /target-policies: async def create_target_policy(payload: Dict[str, Any], ...)
  • /credential-profiles: async def create_credential_profile(payload: Dict[str, Any], ...)
  • /session-profiles: async def create_session_profile(payload: Dict[str, Any], ...)
  • /workflows: async def create_workflow(payload: Dict[str, Any], ...)

Recommendation:
Define proper Pydantic models (e.g., TargetPolicyCreate, CredentialProfileCreate) in models.py and replace Dict[str, Any] with these models to ensure robust type checking and automatic 422 HTTP responses on invalid input.

Metadata

Metadata

Labels

area:backendBackend API, database, or service worklevel:advanced55 pts difficulty label for advanced contributor PRspriority:mediumImportant issue with normal urgencytype:bugBug fix work category bonus labeltype:refactorRefactor work category bonus label

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions