mirror of
https://github.com/dograh-hq/dograh.git
synced 2026-06-13 08:15:21 +02:00
ace4903c0e
The /cloudonix/cdr webhook is a public, unauthenticated endpoint that parses
arbitrary external JSON. It dereferenced cdr_data.get("session").get("token")
unconditionally, so a partial or malformed CDR payload that omits "session"
(or sends "session": null) raised AttributeError -> HTTP 500. The existing
"Missing call_id field" guard right below it was unreachable because the crash
happened first.
StatusCallbackRequest.from_cloudonix_cdr had the same fragility plus a second
one: data.get("disposition", "") returns None when the key is present-but-null,
and None.upper() then crashed.
Navigate both fields defensively so missing/null values fall through to the
intended graceful error path instead of crashing. Adds regression tests
covering missing session, null session, null disposition, and the well-formed
mapping path.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
|
||
|---|---|---|
| .. | ||
| alembic | ||
| assets | ||
| db | ||
| errors | ||
| mcp_server | ||
| native/rnnoise | ||
| routes | ||
| schemas | ||
| services | ||
| tasks | ||
| tests | ||
| utils | ||
| .cursorignore | ||
| .dockerignore | ||
| .env.example | ||
| .env.test.example | ||
| .gitignore | ||
| __init__.py | ||
| AGENTS.md | ||
| alembic.ini | ||
| app.py | ||
| CLAUDE.md | ||
| conftest.py | ||
| constants.py | ||
| Dockerfile | ||
| enums.py | ||
| logging_config.py | ||
| pyproject.toml | ||
| pytest.ini | ||
| requirements.dev.txt | ||
| requirements.txt | ||
| sdk_expose.py | ||