fix: nil pointer dereference in QueryServerVersion when dbVersion is nil #5449
Description
Summary
QueryServerVersion in chaoscenter/graphql/server/pkg/chaos_infrastructure/service.go directly accesses fields on the value returned by GetConfig without a nil check. If GetConfig returns a nil pointer alongside a nil error (e.g. when the config key does not exist in the database), the server panics.
Affected Code
File: chaoscenter/graphql/server/pkg/chaos_infrastructure/service.go
Lines: 952–961
func (in *infraService) QueryServerVersion(ctx context.Context) (*model.ServerVersionResponse, error) {
dbVersion, err := config.GetConfig(ctx, "version")
if err != nil {
return nil, err
}
return &model.ServerVersionResponse{
Key: dbVersion.Key, // panics if dbVersion == nil
Value: dbVersion.Value.(string), // panics if dbVersion == nil or Value is not a string
}, nil
}Panic Flow
flowchart TD
A[QueryServerVersion called] --> B[GetConfig returns dbVersion, err]
B --> C{err != nil?}
C -- yes --> D[return nil, err]
C -- no --> E{dbVersion == nil?}
E -- no --> F[access dbVersion.Key and .Value safely]
E -- yes --> G[💥 nil pointer dereference PANIC]
F --> H{Value is a string?}
H -- yes --> I[return response]
H -- no --> J[💥 type assertion panic]
Expected Behavior
When dbVersion is nil or Value is not a string, the function should return a descriptive error instead of panicking.
Suggested Fix
func (in *infraService) QueryServerVersion(ctx context.Context) (*model.ServerVersionResponse, error) {
dbVersion, err := config.GetConfig(ctx, "version")
if err != nil {
return nil, err
}
if dbVersion == nil {
return nil, errors.New("server version config not found")
}
versionStr, ok := dbVersion.Value.(string)
if !ok {
return nil, errors.New("server version config has invalid type")
}
return &model.ServerVersionResponse{
Key: dbVersion.Key,
Value: versionStr,
}, nil
}