Skip to content

test(fastapi): Verify request info capture with POST endpoints#6287

Merged
alexander-alderman-webb merged 24 commits into
masterfrom
webb/fastapi/request-extractor-tests
Jun 9, 2026
Merged

test(fastapi): Verify request info capture with POST endpoints#6287
alexander-alderman-webb merged 24 commits into
masterfrom
webb/fastapi/request-extractor-tests

Merge branch 'master' into webb/fastapi/request-extractor-tests

71b3439
Select commit
Loading
Failed to load commit list.
@sentry/warden / warden completed Jun 9, 2026 in 5m 9s

4 issues

Low

`str()` on `base64.b64encode()` embeds `b'...'` prefix in multipart test body - `tests/integrations/fastapi/test_fastapi.py:32`

In BODY_FORM, str(base64.b64encode(open(PICTURE, "rb").read())) produces a string like "b'/9j/4AAQ...'" (with the literal b' prefix and trailing quote), which is not valid base64. The Content-Transfer-Encoding: base64 field therefore contains malformed data. The tests still pass only because the server treats the photo field as opaque file content and Sentry redacts it, so the assertion (event["request"]["data"]["photo"] == "") does not exercise the base64 content. Consider using .decode('ascii') instead.

New POST body tests omit FastApiIntegration, diverging from other FastAPI tests - `tests/integrations/fastapi/test_fastapi.py:118-122`

The three new tests (test_request_info_json_body, test_formdata_request_body, test_request_body_too_big) initialize Sentry with only StarletteIntegration(), while every other test in this file uses StarletteIntegration() and FastApiIntegration() together, which reflects the real-world FastAPI setup. Request body capture itself is performed by the Starlette middleware layer, so the tests do validate the behavior, but the integration setup is inconsistent with the rest of the file. Have you considered adding FastApiIntegration() to these tests to exercise the full FastAPI stack and match the established pattern?

`str()` on bytes produces invalid base64 in multipart form test body - `tests/integrations/fastapi/test_fastapi.py:32`

In the new FastAPI test, BODY_FORM substitutes {{image_data}} with str(base64.b64encode(open(PICTURE, "rb").read())). Wrapping the bytes returned by b64encode in str() yields the Python bytes repr (e.g. b'/9j/...', including the b' prefix and trailing quote) rather than a valid base64 string, so the multipart body sent to /body/form contains malformed base64 for the photo field. The Django ASGI equivalent (tests/integrations/django/asgi/test_asgi.py:664) correctly uses .decode("utf-8"). The test still passes because it only asserts the photo field is captured as "" (line 176), masking the defect. Use .decode("utf-8") instead of str().

Also found at:

  • tests/integrations/fastapi/test_fastapi.py:166
New FastAPI POST endpoint tests omit FastApiIntegration - `tests/integrations/fastapi/test_fastapi.py:118`

The three new POST-body tests (test_request_info_json_body, test_formdata_request_body, test_request_body_too_big) pass only StarletteIntegration() to sentry_init, so FastApiIntegration is not activated. Since these were adapted from the Starlette suite into a test(fastapi) PR, they should register FastApiIntegration() alongside StarletteIntegration() (as most other tests in this file do) so the FastAPI-specific code path is exercised. This is a test-completeness/consistency gap, not a functional defect: request body capture is handled by Starlette's ASGI middleware, so the tests still pass.

4 skills analyzed
Skill Findings Duration Cost
security-review 0 2.8s $0.03
code-review 2 2m 6s $0.50
find-bugs 2 4m 5s $0.84
skill-scanner 0 3.3s $0.03

⏱ 6m 17s · 460.7k in / 37.4k out · $1.39