Skip to content

feat(inbound-filters): Add custom inbound filters CRUD endpoint#117797

Draft
shellmayr wants to merge 11 commits into
masterfrom
shellmayr/feat/inbound-filters-v2-add-endpoint
Draft

feat(inbound-filters): Add custom inbound filters CRUD endpoint#117797
shellmayr wants to merge 11 commits into
masterfrom
shellmayr/feat/inbound-filters-v2-add-endpoint

ref(inbound-filters): Map audit log operation to verb instead of if-c…

304fb7c
Select commit
Loading
Failed to load commit list.
@sentry/warden / warden: sentry-backend-bugs completed Jun 16, 2026 in 0s

1 issue

sentry-backend-bugs: Found 1 issue (1 medium)

Medium

`post` (create) handler placed in the detail endpoint makes `POST /custom-inbound-filters/` return 405 - `src/sentry/api/endpoints/project_custom_inbound_filters.py:197-222`

The post method that creates a new filter is defined in CustomInboundFilterDetailsEndpoint, which is routed at /custom-inbound-filters/{filter_id}/. The collection endpoint CustomInboundFiltersEndpoint, routed at /custom-inbound-filters/, declares only "GET" in publish_status and has no post method, so a standard REST POST /custom-inbound-filters/ create request returns 405 Method Not Allowed. Creating a filter is only reachable by issuing POST /custom-inbound-filters/<arbitrary_id>/, where the filter_id path segment is accepted but never read inside post. A frontend built against the documented "Create a Custom Inbound Filter" collection URL would break, and the generated OpenAPI schema documents the create operation under the detail path with a meaningless required filter_id parameter. Fix: move the post method and its @extend_schema decorator into CustomInboundFiltersEndpoint, drop the unused filter_id parameter from its signature, and add "POST": ApiPublishStatus.PRIVATE to that class's publish_status (removing POST from CustomInboundFilterDetailsEndpoint).

⏱ 2m 44s · 300.1k in / 17.9k out · $0.63

Annotations

Check warning on line 222 in src/sentry/api/endpoints/project_custom_inbound_filters.py

See this annotation in the file changed.

@sentry-warden sentry-warden / warden: sentry-backend-bugs

`post` (create) handler placed in the detail endpoint makes `POST /custom-inbound-filters/` return 405 

The `post` method that creates a new filter is defined in `CustomInboundFilterDetailsEndpoint`, which is routed at `/custom-inbound-filters/{filter_id}/`. The collection endpoint `CustomInboundFiltersEndpoint`, routed at `/custom-inbound-filters/`, declares only `"GET"` in `publish_status` and has no `post` method, so a standard REST `POST /custom-inbound-filters/` create request returns 405 Method Not Allowed. Creating a filter is only reachable by issuing `POST /custom-inbound-filters/<arbitrary_id>/`, where the `filter_id` path segment is accepted but never read inside `post`. A frontend built against the documented "Create a Custom Inbound Filter" collection URL would break, and the generated OpenAPI schema documents the create operation under the detail path with a meaningless required `filter_id` parameter. Fix: move the `post` method and its `@extend_schema` decorator into `CustomInboundFiltersEndpoint`, drop the unused `filter_id` parameter from its signature, and add `"POST": ApiPublishStatus.PRIVATE` to that class's `publish_status` (removing `POST` from `CustomInboundFilterDetailsEndpoint`).
View more details on @sentry/warden