Skip to content

Reject non-serializable webhook payloads before insert in dlqRepository.insert in src/db/repositories/dlqRepository.ts #519

Description

@Jagadeeshftw

📌 Description

dlqRepository.insert in src/db/repositories/dlqRepository.ts serializes the entry payload with JSON.stringify(entry.payload). If the payload contains circular references or BigInt/other non-serializable values, JSON.stringify throws an uncaught error that propagates out of the DLQ insert — exactly when the system is already in a failure path trying to record a dead letter.

💡 Why it matters: The DLQ is the last line of defense; an insert that throws on a weird payload means the failed delivery is lost rather than captured for later inspection.

🧩 Requirements and context

  • Guard the serialization: catch JSON.stringify failures (circular refs, BigInt) and fall back to a safe, lossy-but-recorded representation (e.g. a sanitized stringification noting the issue).
  • Never let a serialization error prevent the DLQ row from being written.
  • Record a metric/log when a payload required fallback serialization.
  • Add unit tests with a circular-reference and a BigInt payload.

Non-functional requirements

  • Must be secure, tested, and documented.
  • Should be efficient and easy to review.

🛠️ Suggested execution

1. Fork the repo and create a branch

git checkout -b fix/dlq-insert-serialization-guard

2. Implement changes

  • Write/modify the relevant source: src/db/repositories/dlqRepository.ts
  • Write comprehensive tests: tests/dlq.test.ts
  • Add documentation: inline TSDoc on fallback behavior
  • Include TSDoc doc comments
  • Validate security assumptions: fallback doesn't leak secrets

3. Test and commit

  • Run tests:
npm test
  • Cover edge cases: circular ref payload, BigInt payload, normal payload
  • Include test output and security notes in the PR description.

Example commit message

fix(dlq): guard JSON serialization in dlqRepository.insert

✅ Acceptance criteria

  • Non-serializable payloads no longer throw on insert
  • A DLQ row is still written via safe fallback
  • Fallback usage is logged/metered
  • Tests cover circular/BigInt payloads

🔒 Security notes

Ensure the fallback representation does not inadvertently include sensitive fields.

📋 Guidelines

  • Minimum 95% test coverage
  • Clear documentation
  • Timeframe: 96 hours

Metadata

Metadata

Assignees

Labels

GrantFox OSSGrantFox open-source programMaybe RewardedGrantFox: potentially rewarded contributionOfficial CampaignGrantFox official campaign issueStellar WaveIssues in the Stellar wave programbackendBackend service workbugBugdatabasePostgreSQL / persistence

Type

Fields

No fields configured for Bug.

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions