Component: finbot/tools/data/vendor.py · get_vendor_details
Root cause:
db = next(get_db())
vendor_repo = VendorRepository(db, session_context)
vendor = vendor_repo.get_vendor(vendor_id)
if not vendor:
raise ValueError("Vendor not found")
return vendor.to_dict()
The db session is never closed on the error path. No try/finally or context manager wraps the database access.
Steps to reproduce:
- Call get_vendor_details with a non-existent vendor_id
- ValueError is raised
- db.close() is never called
Expected behavior: db.close() is called even when an exception is raised
Actual behavior: Database session is leaked on every failed vendor lookup
How to execute:
pytest tests/unit/tools/test_vendor.py::TestGetVendorDetailsDefects::test_vnd_get_004_db_session_not_closed_on_exception -v
Proposed fix:
db = next(get_db())
try:
vendor_repo = VendorRepository(db, session_context)
vendor = vendor_repo.get_vendor(vendor_id)
if not vendor:
raise ValueError("Vendor not found")
return vendor.to_dict()
finally:
db.close()
Impact:
Same class of issue as INV-GET-004. Under load, repeated lookups for invalid vendor IDs exhaust the connection pool, causing a denial-of-service across all database-backed operations.
Acceptance criteria:
- test_vnd_get_004_db_session_not_closed_on_exception passes — db.close() called after ValueError
- test_vnd_get_001 through test_vnd_get_003 continue to pass
Component: finbot/tools/data/vendor.py · get_vendor_details
Root cause:
Steps to reproduce:
Expected behavior: db.close() is called even when an exception is raised
Actual behavior: Database session is leaked on every failed vendor lookup
How to execute:
Proposed fix:
Impact:
Same class of issue as INV-GET-004. Under load, repeated lookups for invalid vendor IDs exhaust the connection pool, causing a denial-of-service across all database-backed operations.
Acceptance criteria: