Description
The reserve_stock() and release_stock() endpoints both call int() directly on user-supplied input without a try/except guard. If the quantity field in the JSON body is a non-integer-castable value (e.g., "abc", null, [], 3.5), Python raises an unhandled ValueError (or TypeError) that Flask converts to a generic 500 Internal Server Error. At that time we need to showcase them as to enter integer or 400 BAD request with the add of int() logic.
Current Behavior
POST /api/v1/products/<id>/reserve
Body: { "quantity": "abc" }
→ Python raises: ValueError: invalid literal for int() with base 10: 'abc'
→ Flask returns: 500 Internal Server Error (generic HTML or JSON error page)
The raw traceback is logged server-side, and the client receives no useful error message.
in short = if user enter "abc" it showcase 500 status.
Expected Behavior
The endpoint should validate the input gracefully and return a 400 Bad Request with a clear JSON error message such as:
{ "error": "quantity must be a positive integer" }
Location
app.py
Impact
• Callers receive an opaque 500 error instead of actionable 400 feedback.
• Every malformed quantity triggers a 500 logged as a server error, polluting error metrics and potentially triggering false alerts.
• The order_service calls /reserve and /release programmatically. If it ever passes a malformed value, it gets a 503/500 cascading failure instead of a clear rejection.
Suggested Solution
Wrap the int() cast in a try/except, matching the pattern already used in create_product():
add with int(). with some minor logics.
Description
The
reserve_stock()andrelease_stock()endpoints both callint()directly on user-supplied input without a try/except guard. If the quantity field in the JSON body is a non-integer-castable value (e.g., "abc", null, [], 3.5), Python raises an unhandled ValueError (or TypeError) that Flask converts to a generic 500 Internal Server Error. At that time we need to showcase them as to enter integer or 400 BAD request with the add of int() logic.Current Behavior
in short = if user enter "abc" it showcase 500 status.
Expected Behavior
The endpoint should validate the input gracefully and return a 400 Bad Request with a clear JSON error message such as:
{ "error": "quantity must be a positive integer" }Location
app.py
Impact
• Callers receive an opaque 500 error instead of actionable 400 feedback.
• Every malformed quantity triggers a 500 logged as a server error, polluting error metrics and potentially triggering false alerts.
• The order_service calls /reserve and /release programmatically. If it ever passes a malformed value, it gets a 503/500 cascading failure instead of a clear rejection.
Suggested Solution
Wrap the int() cast in a try/except, matching the pattern already used in create_product():
add with int(). with some minor logics.