fix(api) Don't fail on invalid queries to organization_teams endpoint (#51042)

markstory · web-flow · commit 5d6a2542fa46 · 2023-06-15T16:25:46.000Z
Fixes SENTRY-ZCY
diff --git a/src/sentry/api/endpoints/organization_teams.py b/src/sentry/api/endpoints/organization_teams.py
@@ -5,6 +5,7 @@
 from django.utils.translation import ugettext_lazy as _
 from drf_spectacular.utils import OpenApiResponse, extend_schema
 from rest_framework import serializers, status
+from rest_framework.exceptions import ParseError
 from rest_framework.request import Request
 from rest_framework.response import Response
 
@@ -132,6 +133,10 @@ def get(self, request: Request, organization) -> Response:
                 elif key == "slug":
                     queryset = queryset.filter(slug__in=value)
                 elif key == "id":
+                    try:
+                        value = [int(item) for item in value]
+                    except ValueError:
+                        raise ParseError(detail="Invalid id value")
                     queryset = queryset.filter(id__in=value)
                 else:
                     queryset = queryset.none()
diff --git a/tests/sentry/api/endpoints/test_organization_teams.py b/tests/sentry/api/endpoints/test_organization_teams.py
@@ -133,6 +133,10 @@ def test_query_by_id(self):
         team2 = self.create_team(organization=self.organization, name="bar")
         self.login_as(user=self.user)
 
+        path = f"/api/0/organizations/{self.organization.slug}/teams/?query=id:undefined"
+        response = self.client.get(path)
+        assert response.status_code == 400, response.content
+
         path = f"/api/0/organizations/{self.organization.slug}/teams/?query=id:{team1.id}"
         response = self.client.get(path)
         assert response.status_code == 200, response.content
