Skip to content

Bug_042_MUST_FIX : Test Case VND-GET-004 — get_vendor_details leaks database session when vendor is not found #144

Description

@steadhac

Component: finbot/tools/data/vendor.py · get_vendor_details

Root cause:

db = next(get_db())
vendor_repo = VendorRepository(db, session_context)
vendor = vendor_repo.get_vendor(vendor_id)
if not vendor:
    raise ValueError("Vendor not found")
return vendor.to_dict()
The db session is never closed on the error path. No try/finally or context manager wraps the database access.

Steps to reproduce:

  1. Call get_vendor_details with a non-existent vendor_id
  2. ValueError is raised
  3. db.close() is never called

Expected behavior: db.close() is called even when an exception is raised

Actual behavior: Database session is leaked on every failed vendor lookup

How to execute:

pytest tests/unit/tools/test_vendor.py::TestGetVendorDetailsDefects::test_vnd_get_004_db_session_not_closed_on_exception -v

Proposed fix:

db = next(get_db())
try:
    vendor_repo = VendorRepository(db, session_context)
    vendor = vendor_repo.get_vendor(vendor_id)
    if not vendor:
        raise ValueError("Vendor not found")
    return vendor.to_dict()
finally:
    db.close()

Impact:
Same class of issue as INV-GET-004. Under load, repeated lookups for invalid vendor IDs exhaust the connection pool, causing a denial-of-service across all database-backed operations.

Acceptance criteria:

  • test_vnd_get_004_db_session_not_closed_on_exception passes — db.close() called after ValueError
  • test_vnd_get_001 through test_vnd_get_003 continue to pass

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions