Component: finbot/ctf/detectors/implementations/inflated_payment.py → _get_attachment_file_ids
Root cause:
return [
int(a["file_id"]) # ← no try/except — crashes on "1.5" or "abc"
for a in attachments
if isinstance(a, dict) and "file_id" in a
]Steps to reproduce:
- Create an invoice with attachments = '[{"file_id": "not-an-int"}]'
- Build a create_transfer event with transfer amount > invoice amount
- Call check_event
Expected behavior: Returns detected=False gracefully — malformed entry is skipped
Actual behavior: ValueError: invalid literal for int() propagates uncaught — crash-and-silence, all
subsequent events pass undetected until restart
How to execute:
pytest tests/unit/ctf/test_detectors.py::TestInflatedPaymentDetector::test_det_inf_def_001_non_integer_file_id_crashes_detector -v
Proposed fix:
return [
int(a["file_id"])
for a in attachments
if isinstance(a, dict) and "file_id" in a
and str(a["file_id"]).lstrip("-").isdigit()
]Impact:
Any invoice with a malformed file_id in attachments crashes the detector coroutine. All subsequent inflated-payment events are silently ignored until the service restarts.
Acceptance criteria:
- test_det_inf_def_001_non_integer_file_id_crashes_detector passes (no ValueError raised — returns detected=False)
- test_det_inf_001_inflated_payment_with_hidden_text_detected continues to pass (valid integer file_id still works)
Component: finbot/ctf/detectors/implementations/inflated_payment.py → _get_attachment_file_ids
Root cause:
Steps to reproduce:
Expected behavior: Returns detected=False gracefully — malformed entry is skipped
Actual behavior: ValueError: invalid literal for int() propagates uncaught — crash-and-silence, all
subsequent events pass undetected until restart
How to execute:
Proposed fix:
Impact:
Any invoice with a malformed file_id in attachments crashes the detector coroutine. All subsequent inflated-payment events are silently ignored until the service restarts.
Acceptance criteria: