chore(aci milestone 3): open period -> incident serializer #103131

mifu67 · 2025-11-11T00:57:03Z

Previously, this serializer took in an open period, fetched the incident via the IGOP lookup table, and serialized the incident. With the incident no longer guaranteed to exist, create a serializer that will populate an incident response using only the open period model.

semgrep-code-getsentry · 2025-11-11T01:00:11Z

src/sentry/incidents/endpoints/serializers/workflow_engine_incident.py

+        alert_rule_detectors = AlertRuleDetector.objects.filter(
+            detector__in=list(open_periods_to_detectors.values())
+        ).values_list("alert_rule_id", "detector_id")


High severity vulnerability may affect your project—review required:
Line 73 lists a dependency (django) with a known High severity vulnerability.

ℹ️ Why this matters

Affected versions of Django are vulnerable to Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'). SQL injection in Django's ORM column aliases: when using QuerySet.annotate(), QuerySet.alias(), QuerySet.aggregate(), or QuerySet.extra() with dictionary expansion (**kwargs), the dictionary keys are used unescaped as SQL column aliases. On MySQL and MariaDB backends, an attacker who can influence those keys (for example, by passing a crafted dict of annotations) can inject arbitrary SQL into the generated query.

References: GHSA, CVE

To resolve this comment:
Check if you are using Django with MySQL or MariaDB.

If you're affected, upgrade this dependency to at least version 5.2.7 at uv.lock.

If you're not affected, comment /fp we don't use this [condition]

💬 Ignore this finding

To ignore this, reply with:

/fp <comment> for false positive

/ar <comment> for acceptable risk

/other <comment> for all other reasons

_{You can view more details on this finding in the Semgrep AppSec Platform here.}

codecov · 2025-11-11T01:15:19Z

❌ 6 Tests Failed:

Tests completed	Failed	Passed	Skipped
29575	6	29569	243

View the top 3 failed test(s) by shortest run time

tests.sentry.incidents.serializers.test_workflow_engine_detector.TestDetectorSerializer::test_latest_incident

Stack Traces | 4.52s run time

#x1B[1m#x1B[.../incidents/serializers/test_workflow_engine_detector.py#x1B[0m:65: in test_latest_incident
    serialized_detector = serialize(
#x1B[1m#x1B[.../api/serializers/base.py#x1B[0m:55: in serialize
    return serialize([objects], user=user, serializer=serializer, **kwargs)[0]
#x1B[1m#x1B[.../api/serializers/base.py#x1B[0m:71: in serialize
    attrs = serializer.get_attrs(
#x1B[1m#x1B[.../endpoints/serializers/workflow_engine_detector.py#x1B[0m:309: in get_attrs
    self.add_latest_incident(result, user, detectors, detector_to_action_ids)
#x1B[1m#x1B[.../endpoints/serializers/workflow_engine_detector.py#x1B[0m:213: in add_latest_incident
    serialized_group_open_period = serialize(
#x1B[1m#x1B[.../api/serializers/base.py#x1B[0m:55: in serialize
    return serialize([objects], user=user, serializer=serializer, **kwargs)[0]
#x1B[1m#x1B[.../api/serializers/base.py#x1B[0m:71: in serialize
    attrs = serializer.get_attrs(
#x1B[1m#x1B[.../endpoints/serializers/workflow_engine_incident.py#x1B[0m:64: in get_attrs
    open_periods_to_detectors = self.get_open_periods_to_detectors(item_list)
#x1B[1m#x1B[.../endpoints/serializers/workflow_engine_incident.py#x1B[0m:129: in get_open_periods_to_detectors
    open_periods_to_detectors[op] = groups_to_detectors[group]
#x1B[1m#x1B[31mE   KeyError: <Group at 0x7f758844c190: id=67, project_id=4555195392327682>#x1B[0m

tests.sentry.notifications.notification_action.metric_alert_registry.test_msteams_metric_alert_handler.TestMsteamsMetricAlertHandler::test_send_alert

Stack Traces | 4.6s run time

#x1B[1m#x1B[.../notification_action/metric_alert_registry/test_msteams_metric_alert_handler.py#x1B[0m:64: in test_send_alert
    self.handler.send_alert(
#x1B[1m#x1B[.../metric_alert_registry/handlers/msteams_metric_alert_handler.py#x1B[0m:50: in send_alert
    incident_serialized_response = get_detailed_incident_serializer(open_period)
#x1B[1m#x1B[.../metric_alert_registry/handlers/utils.py#x1B[0m:35: in get_detailed_incident_serializer
    return serialize(open_period, None, WorkflowEngineDetailedIncidentSerializer())
#x1B[1m#x1B[.../api/serializers/base.py#x1B[0m:55: in serialize
    return serialize([objects], user=user, serializer=serializer, **kwargs)[0]
#x1B[1m#x1B[.../api/serializers/base.py#x1B[0m:71: in serialize
    attrs = serializer.get_attrs(
#x1B[1m#x1B[.../endpoints/serializers/workflow_engine_incident.py#x1B[0m:64: in get_attrs
    open_periods_to_detectors = self.get_open_periods_to_detectors(item_list)
#x1B[1m#x1B[.../endpoints/serializers/workflow_engine_incident.py#x1B[0m:129: in get_open_periods_to_detectors
    open_periods_to_detectors[op] = groups_to_detectors[group]
#x1B[1m#x1B[31mE   KeyError: <Group at 0x7fcc1eb6d950: id=243, project_id=4557091736322051>#x1B[0m

tests.sentry.notifications.notification_action.metric_alert_registry.test_slack_metric_alert_handler.TestSlackMetricAlertHandler::test_send_alert

Stack Traces | 4.61s run time

#x1B[1m#x1B[.../notification_action/metric_alert_registry/test_slack_metric_alert_handler.py#x1B[0m:67: in test_send_alert
    self.handler.send_alert(
#x1B[1m#x1B[.../metric_alert_registry/handlers/slack_metric_alert_handler.py#x1B[0m:51: in send_alert
    incident_serialized_response = get_detailed_incident_serializer(open_period)
#x1B[1m#x1B[.../metric_alert_registry/handlers/utils.py#x1B[0m:35: in get_detailed_incident_serializer
    return serialize(open_period, None, WorkflowEngineDetailedIncidentSerializer())
#x1B[1m#x1B[.../api/serializers/base.py#x1B[0m:55: in serialize
    return serialize([objects], user=user, serializer=serializer, **kwargs)[0]
#x1B[1m#x1B[.../api/serializers/base.py#x1B[0m:71: in serialize
    attrs = serializer.get_attrs(
#x1B[1m#x1B[.../endpoints/serializers/workflow_engine_incident.py#x1B[0m:64: in get_attrs
    open_periods_to_detectors = self.get_open_periods_to_detectors(item_list)
#x1B[1m#x1B[.../endpoints/serializers/workflow_engine_incident.py#x1B[0m:129: in get_open_periods_to_detectors
    open_periods_to_detectors[op] = groups_to_detectors[group]
#x1B[1m#x1B[31mE   KeyError: <Group at 0x7ff7486d07d0: id=212, project_id=4557091734159363>#x1B[0m

tests.sentry.notifications.notification_action.metric_alert_registry.test_email_metric_alert_handler.TestEmailMetricAlertHandler::test_send_alert

Stack Traces | 4.75s run time

#x1B[1m#x1B[.../notification_action/metric_alert_registry/test_email_metric_alert_handler.py#x1B[0m:66: in test_send_alert
    self.handler.send_alert(
#x1B[1m#x1B[.../metric_alert_registry/handlers/email_metric_alert_handler.py#x1B[0m:59: in send_alert
    incident_serialized_response = get_detailed_incident_serializer(open_period)
#x1B[1m#x1B[.../metric_alert_registry/handlers/utils.py#x1B[0m:35: in get_detailed_incident_serializer
    return serialize(open_period, None, WorkflowEngineDetailedIncidentSerializer())
#x1B[1m#x1B[.../api/serializers/base.py#x1B[0m:55: in serialize
    return serialize([objects], user=user, serializer=serializer, **kwargs)[0]
#x1B[1m#x1B[.../api/serializers/base.py#x1B[0m:71: in serialize
    attrs = serializer.get_attrs(
#x1B[1m#x1B[.../endpoints/serializers/workflow_engine_incident.py#x1B[0m:64: in get_attrs
    open_periods_to_detectors = self.get_open_periods_to_detectors(item_list)
#x1B[1m#x1B[.../endpoints/serializers/workflow_engine_incident.py#x1B[0m:129: in get_open_periods_to_detectors
    open_periods_to_detectors[op] = groups_to_detectors[group]
#x1B[1m#x1B[31mE   KeyError: <Group at 0x7f69274f51d0: id=185, project_id=4557091731603459>#x1B[0m

tests.sentry.notifications.notification_action.metric_alert_registry.test_discord_metric_alert_handler.TestDiscordMetricAlertHandler::test_send_alert

Stack Traces | 4.86s run time

#x1B[1m#x1B[.../notification_action/metric_alert_registry/test_discord_metric_alert_handler.py#x1B[0m:64: in test_send_alert
    self.handler.send_alert(
#x1B[1m#x1B[.../metric_alert_registry/handlers/discord_metric_alert_handler.py#x1B[0m:54: in send_alert
    incident_serialized_response = get_detailed_incident_serializer(open_period)
#x1B[1m#x1B[.../metric_alert_registry/handlers/utils.py#x1B[0m:35: in get_detailed_incident_serializer
    return serialize(open_period, None, WorkflowEngineDetailedIncidentSerializer())
#x1B[1m#x1B[.../api/serializers/base.py#x1B[0m:55: in serialize
    return serialize([objects], user=user, serializer=serializer, **kwargs)[0]
#x1B[1m#x1B[.../api/serializers/base.py#x1B[0m:71: in serialize
    attrs = serializer.get_attrs(
#x1B[1m#x1B[.../endpoints/serializers/workflow_engine_incident.py#x1B[0m:64: in get_attrs
    open_periods_to_detectors = self.get_open_periods_to_detectors(item_list)
#x1B[1m#x1B[.../endpoints/serializers/workflow_engine_incident.py#x1B[0m:129: in get_open_periods_to_detectors
    open_periods_to_detectors[op] = groups_to_detectors[group]
#x1B[1m#x1B[31mE   KeyError: <Group at 0x7ff7485039d0: id=196, project_id=4557091733766144>#x1B[0m

tests.sentry.notifications.notification_action.metric_alert_registry.test_sentry_app_metric_alert_handler.TestSentryAppMetricAlertHandler::test_send_alert

Stack Traces | 5.06s run time

#x1B[1m#x1B[.../notification_action/metric_alert_registry/test_sentry_app_metric_alert_handler.py#x1B[0m:74: in test_send_alert
    self.handler.send_alert(
#x1B[1m#x1B[.../metric_alert_registry/handlers/sentry_app_metric_alert_handler.py#x1B[0m:42: in send_alert
    incident_serialized_response = get_incident_serializer(open_period)
#x1B[1m#x1B[.../metric_alert_registry/handlers/utils.py#x1B[0m:39: in get_incident_serializer
    return serialize(open_period, None, WorkflowEngineIncidentSerializer())
#x1B[1m#x1B[.../api/serializers/base.py#x1B[0m:55: in serialize
    return serialize([objects], user=user, serializer=serializer, **kwargs)[0]
#x1B[1m#x1B[.../api/serializers/base.py#x1B[0m:71: in serialize
    attrs = serializer.get_attrs(
#x1B[1m#x1B[.../endpoints/serializers/workflow_engine_incident.py#x1B[0m:64: in get_attrs
    open_periods_to_detectors = self.get_open_periods_to_detectors(item_list)
#x1B[1m#x1B[.../endpoints/serializers/workflow_engine_incident.py#x1B[0m:129: in get_open_periods_to_detectors
    open_periods_to_detectors[op] = groups_to_detectors[group]
#x1B[1m#x1B[31mE   KeyError: <Group at 0x7fdcdce49d10: id=179, project_id=4557091731996674>#x1B[0m

To view more test analytics, go to the Test Analytics Dashboard
_{📋 Got 3 mins? Take this short survey to help us improve Test Analytics.}

mifu67 added 3 commits November 10, 2025 11:10

saving work

7ed6a36

implemented but not tested

11027dd

fixed some stuff

f9146ce

github-actions bot added the Scope: Backend Automatically applied to PRs that change backend components label Nov 11, 2025

vercel bot deployed to Preview November 11, 2025 00:57 View deployment

semgrep-code-getsentry bot reviewed Nov 11, 2025

View reviewed changes

jasonyuezhang mentioned this pull request Nov 11, 2025

chore(aci milestone 3): open period -> incident serializer jasonyuezhang/sentry#123

Open

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

chore(aci milestone 3): open period -> incident serializer #103131

chore(aci milestone 3): open period -> incident serializer #103131

mifu67 commented Nov 11, 2025

Uh oh!

semgrep-code-getsentry bot Nov 11, 2025

Uh oh!

codecov bot commented Nov 11, 2025 •

edited

Loading

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Uh oh!

chore(aci milestone 3): open period -> incident serializer #103131

Are you sure you want to change the base?

chore(aci milestone 3): open period -> incident serializer #103131

Conversation

mifu67 commented Nov 11, 2025

Uh oh!

semgrep-code-getsentry bot Nov 11, 2025

Choose a reason for hiding this comment

Uh oh!

codecov bot commented Nov 11, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

❌ 6 Tests Failed:

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

codecov bot commented Nov 11, 2025 •

edited

Loading