Conversation
## Problem Users see a bare HTTP 404 error when submitting context or remediation notes on a penetration test finding. ## Root cause FindingContextSection.tsx computes the runId with wrong precedence: `resolvedRunId = issue.runId ?? runId`. Since Issue.runId is non-nullable in the generated types, it always wins. This causes the save endpoint to send the provider's per-issue runId instead of the actual pentest run.id. The ownership check in assertRunOwnership looks for an ownership marker keyed on providerRunId (which equals run.id), so it finds nothing and throws a NotFoundException with no message field. This surfaces to the user as a bare "HTTP 404:" error. Viewing a finding uses run.id and works fine. Saving uses issue.runId and 404s. Code-path asymmetry. ## Fix Flip the precedence to `runId ?? issue.runId`. This ensures we use the pentest run id first, falling back to the issue's run id only if needed. ## Explicitly NOT touched - No changes to assertRunOwnership logic or error handling - No database migrations or schema changes - No changes to the ownership marker creation ## Verification ✅ Tested context submission on a pentest finding in org_69840a18d99f827ad3de64c8 ✅ Ownership check now finds the correct marker ✅ Save endpoint returns 200 instead of 404 ✅ Finding view still works as before
fix(pentest): use run id instead of issue run id for context submission
|
The latest updates on your projects. Learn more about Vercel for GitHub.
1 Skipped Deployment
|
Contributor
|
🎉 This PR is included in version 3.90.1 🎉 The release is available on GitHub release Your semantic-release bot 📦🚀 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This is an automated pull request to release the candidate branch into production, which will trigger a deployment.
It was created by the [Production PR] action.
Summary by cubic
Fixes the 404 error when saving context or remediation notes on pentest findings. We now send the page’s pentest run id to the API instead of the provider per-issue runId.
FindingContextSection, save against the pagerunId(pentest run) rather thanissue.runIdto satisfy ownership checks.saveContextis called with the page run id.Written for commit 4aa79bd. Summary will update on new commits.