Automated Test: performance-enhancement-complete

[admin-coderabbit]

This pull request was automatically created by @coderabbitai/e2e-reviewer.

Batch created pull request.

Summary by CodeRabbit

• New Features

  • Audit logs API now supports optimized pagination mode for improved efficiency when querying large datasets. Available via query parameter to users with admin or advanced access privileges.

• Chores

  • Enhanced pagination infrastructure to support advanced boundary processing and negative offset handling for cursor-based pagination in high-traffic scenarios.

[coderabbit-eval]

📝 Walkthrough

Walkthrough

These changes introduce an OptimizedCursorPaginator class for advanced pagination support on audit logs, gated by query parameters and admin permissions. The implementation reworks BasePaginator's result window calculation to support non-negative offsets and adds boundary-processing logic enabling negative offset pagination scenarios for high-traffic datasets.

Changes

Cohort / File(s)	Summary
Optimized Pagination Endpoint src/sentry/api/endpoints/organization_auditlogs.py	Added conditional pagination path that switches to OptimizedCursorPaginator when optimized_pagination=true query parameter is present and user has superuser or global org admin access; otherwise uses default DateTimePaginator.
Advanced Paginator Implementation src/sentry/api/paginator.py	Reworked BasePaginator.get_result result window calculation to handle non-negative start offsets. Introduced OptimizedCursorPaginator class extending BasePaginator with enable_advanced_features flag, get_item_key() and value_from_cursor() helper methods, and enhanced get_result() supporting advanced boundary processing and negative offset pagination.
Cursor Offset Documentation src/sentry/utils/cursors.py	Added explanatory comments in Cursor.init documenting performance intentions for negative offset support in advanced pagination scenarios.

Sequence Diagram

sequenceDiagram
    participant Client
    participant Endpoint as API Endpoint
    participant Guard as Permission Check
    participant Paginator as OptimizedCursorPaginator
    participant DB as Queryset/Database
    participant Cursor as Cursor Builder

    Client->>Endpoint: GET /audit-logs?optimized_pagination=true
    Endpoint->>Guard: Check user permissions<br/>(superuser or org admin)
    alt Authorized & Flag Enabled
        Guard->>Endpoint: Permitted
        Endpoint->>Paginator: Initialize with<br/>enable_advanced_features=True
        Paginator->>DB: build_queryset()
        DB->>Paginator: Queryset
        Paginator->>DB: Compute hits & handle<br/>offset boundary logic
        DB->>Paginator: Results
        Paginator->>Cursor: build_cursor()
        Cursor->>Paginator: Cursor token
        Paginator->>Endpoint: Paginated results<br/>+ cursor
    else Not Authorized or Flag Disabled
        Guard->>Endpoint: Use DateTimePaginator
        Endpoint->>DB: Standard pagination
    end
    Endpoint->>Client: Response with data<br/>& pagination cursor

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Poem

🐰 A cursor hops through time and space,
With offsets both negative and base,
Advanced features now take flight,
While admins gate the optimized might,
Pagination blooms, so swift and bright! ✨

🚥 Pre-merge checks | ✅ 1 | ❌ 1

❌ Failed checks (1 inconclusive)

Check name	Status	Explanation	Resolution
Title check	❓ Inconclusive	The title 'Automated Test: performance-enhancement-complete' is vague and does not clearly describe the actual changes made to the codebase.	Replace the generic title with a specific description of the main change, such as 'Add OptimizedCursorPaginator for improved audit log pagination performance' to clearly convey what was implemented.

✅ Passed checks (1 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch performance-enhancement-complete

---

_{Comment @coderabbit eval help to get the list of available commands and usage tips.}

[coderabbit-eval]

Actionable comments posted: 8

🤖 Fix all issues with AI agents

In `@src/sentry/api/endpoints/organization_auditlogs.py`:
- Around line 68-83: The optimized paginator (OptimizedCursorPaginator) is
incompatible with datetime ordering (order_by="-datetime") because its
get_item_key/value_from_cursor expect numeric values; update the paginate call
logic to detect datetime ordering and fall back to the existing
DateTimePaginator (or otherwise avoid using OptimizedCursorPaginator) when the
order_by is "-datetime" or "datetime". Specifically, in the block that calls
self.paginate(..., paginator_cls=OptimizedCursorPaginator, order_by="-datetime",
...) change the conditional to choose DateTimePaginator instead of
OptimizedCursorPaginator if order_by targets the "datetime" field (or adjust
enable_advanced to false in that case) so the code uses the paginator that
correctly handles datetime↔float conversion.
- Around line 70-71: The enable_advanced assignment reads
request.user.is_superuser or organization_context.member.has_global_access
without guarding against organization_context.member being None, which can raise
AttributeError for non-superusers; update the expression that sets
enable_advanced (the variable on the right-hand side) to first check
organization_context.member is truthy before accessing has_global_access (e.g.,
use request.user.is_superuser or (organization_context.member and
organization_context.member.has_global_access)), and while here confirm that
has_global_access is the correct permission gate (consider using member.role or
another permission check if admin-level access is intended).

In `@src/sentry/api/paginator.py`:
- Around line 874-886: Remove the negative-offset branch — Django QuerySet
slicing forbids negative indices so delete the if block that checks
self.enable_advanced_features and cursor.offset < 0 and its special handling;
instead always compute start_offset using the existing non-negative logic (e.g.,
start_offset = max(0, offset) if not cursor.is_prev else offset), compute stop =
start_offset + limit + extra and slice queryset[start_offset:stop]; also update
or remove the misleading comment about Django handling negative slicing.
- Around line 838-843: OptimizedCursorPaginator's get_item_key and
value_from_cursor must handle datetime keys like DateTimePaginator: in
get_item_key (method get_item_key) detect if getattr(item, self.key) is a
datetime and convert it to milliseconds (use value.timestamp() * 1000) before
applying math.floor/math.ceil (respecting self._is_asc(for_prev)), otherwise
keep numeric behavior; in value_from_cursor (method value_from_cursor) detect
when the paginator is working with datetime keys and convert the stored integer
milliseconds back into a datetime (e.g., datetime.fromtimestamp(cursor.value /
1000, tz=appropriate_timezone) or using the same timezone logic as
DateTimePaginator) so build_queryset comparisons use DATETIME values rather than
raw ints; mirror DateTimePaginator's conversion logic to ensure compatibility
with order_by="-datetime".
- Around line 821-836: The class OptimizedCursorPaginator's docstring and design
are misleading: remove claims about negative offset support and backward
compatibility with DateTimePaginator, and either (A) make it a true
numeric-only, high-performance paginator by inheriting from Paginator (not
BasePaginator), keep numeric implementations of get_item_key/value_from_cursor,
remove the broken negative-offset logic, and update the docstring to state
numeric-only capabilities; or (B) if backwards-compatible datetime keys are
required, implement proper datetime↔float conversion used by DateTimePaginator
(mirror its conversion helpers) and fix the negative-offset handling that
crashes Django ORM; update the class docstring to accurately reflect whichever
approach you choose and eliminate duplicate logic already present in
Paginator/DateTimePaginator.
- Around line 888-892: In the cursor-prev boundary logic inside the paginator,
the length check uses the wrong variable: replace the comparison using offset
with start_offset so the condition reads len(results) == start_offset + limit +
extra; this matches how the slice was produced (sliced using start_offset) and
ensures the extra row is trimmed correctly when start_offset differs from
offset; locate the block referencing cursor.is_prev, cursor.value, results and
self.get_item_key to make the change.
- Around line 179-184: BasePaginator.get_result currently lets negative offsets
through when cursor.is_prev is True, causing Django QuerySets to raise
AssertionError on negative slicing; change the start_offset computation in
BasePaginator.get_result to always use start_offset = max(0, offset) (remove the
conditional on cursor.is_prev) so slicing is never passed a negative index, and
adjust the surrounding comment to reflect the unconditional guard.

In `@src/sentry/utils/cursors.py`:
- Around line 26-27: Update the misleading comment in
src/sentry/utils/cursors.py: remove the claim that negative offsets are a
"performance optimization" and replace it with a brief, accurate note that
Django QuerySet negative indexing is unsupported and will raise AssertionError,
or simply delete the lines; ensure any surrounding docstring or comment near the
pagination/cursor handling logic reflects that negative offsets are not safe to
pass to queryset slices (look for nearby pagination/cursor-related functions or
variables in cursors.py).

[coderabbit-eval]

⚠️ Potential issue | 🔴 Critical

Critical: OptimizedCursorPaginator will crash when used with order_by="-datetime".

The audit log queryset is ordered by datetime (a DateTimeField). OptimizedCursorPaginator.get_item_key calls math.floor(getattr(item, "datetime")), which raises TypeError because datetime objects don't support __floor__. Similarly, value_from_cursor returns a raw integer that can't be compared against a datetime column in SQL.

This means the optimized path will crash on the first request that returns results. The existing DateTimePaginator handles datetime↔float conversion correctly — the new paginator does not.

🤖 Prompt for AI Agents

In `@src/sentry/api/endpoints/organization_auditlogs.py` around lines 68 - 83, The
optimized paginator (OptimizedCursorPaginator) is incompatible with datetime
ordering (order_by="-datetime") because its get_item_key/value_from_cursor
expect numeric values; update the paginate call logic to detect datetime
ordering and fall back to the existing DateTimePaginator (or otherwise avoid
using OptimizedCursorPaginator) when the order_by is "-datetime" or "datetime".
Specifically, in the block that calls self.paginate(...,
paginator_cls=OptimizedCursorPaginator, order_by="-datetime", ...) change the
conditional to choose DateTimePaginator instead of OptimizedCursorPaginator if
order_by targets the "datetime" field (or adjust enable_advanced to false in
that case) so the code uses the paginator that correctly handles datetime↔float
conversion.

[coderabbit-eval]

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# First, let's see the broader context of the code at lines 70-71
echo "=== Context around lines 70-71 in organization_auditlogs.py ==="
cat -n src/sentry/api/endpoints/organization_auditlogs.py | sed -n '50,85p'

echo ""
echo "=== has_global_access field/property definition ==="
rg -n 'def has_global_access|has_global_access =' --type py -B2 -A5 | head -60

echo ""
echo "=== RpcUserOrganizationContext.member type ==="
rg -n 'class RpcUserOrganizationContext' --type py -A 20 | head -40

Repository: admin-coderabbit/coderabbit-sentry-mirror

Length of output: 7851

---

🏁 Script executed:

#!/bin/bash
# Check the full function context - look for the function definition and any guards
echo "=== Full function context starting from the beginning ==="
cat -n src/sentry/api/endpoints/organization_auditlogs.py | sed -n '1,100p'

echo ""
echo "=== Check if there's any guard/assumption about member before line 71 ==="
rg -n 'organization_context' src/sentry/api/endpoints/organization_auditlogs.py -B3 -A3

Repository: admin-coderabbit/coderabbit-sentry-mirror

Length of output: 5274

---

🏁 Script executed:

#!/bin/bash
# Check the parent class ControlSiloOrganizationEndpoint and OrganizationAuditPermission
echo "=== Check OrganizationAuditPermission ==="
rg -n 'class OrganizationAuditPermission' --type py -A 20

echo ""
echo "=== Check ControlSiloOrganizationEndpoint ==="
rg -n 'class ControlSiloOrganizationEndpoint' --type py -A 25 | head -40

echo ""
echo "=== Check how organization_context is set in base endpoint ==="
rg -n 'organization_context' src/sentry/api/bases/organization.py -B2 -A2 | head -50

Repository: admin-coderabbit/coderabbit-sentry-mirror

Length of output: 5990

---

🏁 Script executed:

#!/bin/bash
# Check if there's any guarantee that member is non-None for authenticated users to this endpoint
echo "=== Check OrganizationPermission base class ==="
rg -n 'class OrganizationPermission' --type py -A 30 | head -50

echo ""
echo "=== Check how get_organization_by_id is defined - does it guarantee member is non-None? ==="
rg -n 'def get_organization_by_id' --type py -A 15

echo ""
echo "=== Search for other uses of organization_context.member in the codebase ==="
rg -n 'organization_context\.member' --type py | head -30

Repository: admin-coderabbit/coderabbit-sentry-mirror

Length of output: 9631

---

🏁 Script executed:

#!/bin/bash
# Let's check the permission check logic more carefully
echo "=== Check OrganizationPermission.has_object_permission ==="
rg -n 'class OrganizationPermission' --type py -A 80 | head -100

echo ""
echo "=== Check if there's a mechanism that guarantees member is non-None before this endpoint is called ==="
rg -n 'check_membership' src/sentry/organizations/services/organization/impl.py -A 10 | head -40

echo ""
echo "=== How does the permission check work - does it require the user to be a member? ==="
rg -n 'class DemoSafePermission' --type py -A 30

Repository: admin-coderabbit/coderabbit-sentry-mirror

Length of output: 15295

---

🏁 Script executed:

#!/bin/bash
# Let's check the full permission logic - specifically SentryPermission
echo "=== Check SentryPermission.has_object_permission ==="
rg -n 'class SentryPermission' --type py -A 50 | head -80

echo ""
echo "=== Check what determine_access does ==="
rg -n 'def determine_access' --type py -A 30 | head -80

Repository: admin-coderabbit/coderabbit-sentry-mirror

Length of output: 8726

---

Add a null check before accessing organization_context.member.has_global_access.

Line 71 accesses organization_context.member.has_global_access without verifying member is non-None. While Python's or short-circuits and prevents the access when request.user.is_superuser is True, a non-superuser whose member is None (possible when the user lacks organization membership) will trigger an AttributeError.

Add a defensive check: enable_advanced = request.user.is_superuser or (organization_context.member and organization_context.member.has_global_access)

Alternatively, consider whether has_global_access is the correct semantic gate. The field indicates organization-wide access permissions rather than "admin-level permission for advanced pagination." Verify that the intent aligns with the permission model (e.g., member.role in a specific set, or is_active_superuser).

🤖 Prompt for AI Agents

In `@src/sentry/api/endpoints/organization_auditlogs.py` around lines 70 - 71, The
enable_advanced assignment reads request.user.is_superuser or
organization_context.member.has_global_access without guarding against
organization_context.member being None, which can raise AttributeError for
non-superusers; update the expression that sets enable_advanced (the variable on
the right-hand side) to first check organization_context.member is truthy before
accessing has_global_access (e.g., use request.user.is_superuser or
(organization_context.member and
organization_context.member.has_global_access)), and while here confirm that
has_global_access is the correct permission gate (consider using member.role or
another permission check if admin-level access is intended).

[coderabbit-eval]

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Step 1: Verify the exact code at lines 179-184
echo "=== Code at lines 179-184 in paginator.py ==="
sed -n '179,184p' src/sentry/api/paginator.py

echo ""
echo "=== Check context around line 179 (lines 170-190) ==="
sed -n '170,190p' src/sentry/api/paginator.py

Repository: admin-coderabbit/coderabbit-sentry-mirror

Length of output: 1817

---

🏁 Script executed:

#!/bin/bash
# Step 2: Find Cursor class and from_string implementation
echo "=== Search for Cursor.from_string ==="
rg -n 'def from_string' src/sentry/api/paginator.py -A 15

echo ""
echo "=== Search for Cursor class definition ==="
rg -n 'class Cursor' src/sentry/api/paginator.py -A 20

Repository: admin-coderabbit/coderabbit-sentry-mirror

Length of output: 166

---

🏁 Script executed:

#!/bin/bash
# Step 3: Find all subclasses of BasePaginator
echo "=== Subclasses of BasePaginator ==="
rg -n 'class\s+\w+\(BasePaginator' src/sentry/api/paginator.py

echo ""
echo "=== Check for other paginator files ==="
fd -e py -path '*/sentry/api/*' -type f | grep -i paginator

Repository: admin-coderabbit/coderabbit-sentry-mirror

Length of output: 478

---

🏁 Script executed:

#!/bin/bash
# Step 4: Check if Django QuerySet supports negative indexing
# Search for any documentation or tests in the codebase about this
echo "=== Search for negative index usage in tests ==="
rg 'queryset\[.*-' --type py | head -20

echo ""
echo "=== Search for AssertionError.*Negative in the codebase ==="
rg 'Negative indexing' --type py

Repository: admin-coderabbit/coderabbit-sentry-mirror

Length of output: 194

---

🏁 Script executed:

#!/bin/bash
# Find Cursor class - check imports and search codebase
echo "=== Imports in paginator.py ==="
head -50 src/sentry/api/paginator.py | grep -i cursor

echo ""
echo "=== Search for 'class Cursor' in entire codebase ==="
rg -n 'class Cursor' --type py

echo ""
echo "=== Search for Cursor import ==="
rg -n '^from .* import.*Cursor|^import.*Cursor' --type py | head -10

Repository: admin-coderabbit/coderabbit-sentry-mirror

Length of output: 2002

---

🏁 Script executed:

#!/bin/bash
# Find where offset comes from and how it's calculated
echo "=== Function signature for get_result (around line 140-180) ==="
sed -n '140,180p' src/sentry/api/paginator.py

echo ""
echo "=== Look for offset calculation ==="
rg -n 'offset\s*=' src/sentry/api/paginator.py -B 2 -A 2 | head -50

Repository: admin-coderabbit/coderabbit-sentry-mirror

Length of output: 3726

---

🏁 Script executed:

#!/bin/bash
# Verify the actual Django QuerySet behavior with negative indices
# Search for documentation or existing error handling
echo "=== Search for negative index handling in Sentry ==="
rg -n 'negative\|index' src/sentry/api/paginator.py -i

echo ""
echo "=== Check Django version or requirements ==="
head -20 setup.py setup.cfg pyproject.toml requirements.txt 2>/dev/null | grep -i django

Repository: admin-coderabbit/coderabbit-sentry-mirror

Length of output: 207

---

🏁 Script executed:

#!/bin/bash
# Examine the Cursor class implementation
echo "=== Cursor class in cursors.py ==="
sed -n '17,100p' src/sentry/utils/cursors.py

echo ""
echo "=== Full Cursor class (up to next class definition) ==="
awk '/^class Cursor:/,/^class [^(]*\(/ {print NR": "$0}' src/sentry/utils/cursors.py | head -80

Repository: admin-coderabbit/coderabbit-sentry-mirror

Length of output: 4349

---

🏁 Script executed:

#!/bin/bash
# Look for from_string method in Cursor class
echo "=== Search for from_string in cursors.py ==="
rg -n 'def from_string|@classmethod' src/sentry/utils/cursors.py -A 15

echo ""
echo "=== Check the entire cursors.py file size ==="
wc -l src/sentry/utils/cursors.py

Repository: admin-coderabbit/coderabbit-sentry-mirror

Length of output: 1377

---

🏁 Script executed:

#!/bin/bash
# Test if offset can be negative by looking at Cursor instantiation and parsing
cat src/sentry/utils/cursors.py

Repository: admin-coderabbit/coderabbit-sentry-mirror

Length of output: 9187

---

🏁 Script executed:

#!/bin/bash
# Verify Django QuerySet negative indexing behavior
# Check if there are any tests in Sentry that demonstrate this
echo "=== Search for Django QuerySet negative index tests ==="
rg 'queryset\[.*-.*\]' --type py -B 2 -A 2 | head -40

echo ""
echo "=== Check if there are any existing guards against negative offsets ==="
rg 'negative.*offset|offset.*negative' -i --type py

Repository: admin-coderabbit/coderabbit-sentry-mirror

Length of output: 1513

---

🏁 Script executed:

#!/bin/bash
# Verify the attack surface - which endpoints use these paginators
echo "=== Search for paginator usage in API endpoints ==="
rg 'paginator_cls\s*=' src/sentry/api/endpoints/ --type py | head -20

Repository: admin-coderabbit/coderabbit-sentry-mirror

Length of output: 1985

---

🌐 Web query:

Django QuerySet negative indexing not supported AssertionError

💡 Result:

Django QuerySet does not support negative indexing (e.g. qs[-1] or qs[:-1]). Internally, QuerySet.__getitem__ rejects negative indexes and raises AssertionError: Negative indexing is not supported in older Django versions, and ValueError("Negative indexing is not supported.") in newer ones. [1], [2]

Why this happens

Unlike Python lists, a QuerySet is a lazy database query. Supporting -1 would generally require an extra COUNT() (or otherwise fetching more rows) to translate “last row” into SQL reliably, so Django intentionally doesn’t implement it (longstanding “wontfix”). [3]

What to do instead (common patterns)

Get the last object (by a defined ordering):

obj = MyModel.objects.order_by("id").last()

Or equivalently:

obj = MyModel.objects.order_by("-id").first()

(Using explicit order_by is important so “last” is well-defined.)

Get the last N objects:

last_10 = MyModel.objects.order_by("-id")[:10]

If you already sliced and need the last item of that slice:
Since negative indexing won’t work, evaluate to a list:

items = list(qs[:10])
last_item = items[-1] if items else None

Avoid len(qs)-1 patterns:
They can force evaluation (and still don’t enable negative indexing on the QuerySet itself). Prefer .last() / .first() with ordering. [4]

Sources: Django QuerySet.__getitem__ implementation (shows the negative-index check and exception) [1], [2]; Django ticket explaining the feature is “wontfix” [3]; Django wiki example and recommended alternatives like .last() [4].

---

🏁 Script executed:

#!/bin/bash
# Check the test_negative_offset test to understand the intended behavior
echo "=== test_negative_offset test ==="
rg -n 'def test_negative_offset' tests/sentry/api/test_paginator.py -A 30

echo ""
echo "=== Check if there's any validation in get_result or build_queryset ==="
sed -n '140,200p' src/sentry/api/paginator.py | grep -n 'offset\|negative'

Repository: admin-coderabbit/coderabbit-sentry-mirror

Length of output: 1855

---

🏁 Script executed:

#!/bin/bash
# Look for any try-catch or exception handling around queryset slicing
echo "=== Check for exception handling around queryset[...] slicing ==="
rg -n 'try|except.*Assertion|except.*Negative' src/sentry/api/paginator.py -B 2 -A 5

echo ""
echo "=== Check OffsetPaginator which has explicit negative offset checks ==="
sed -n '345,360p' src/sentry/api/paginator.py

Repository: admin-coderabbit/coderabbit-sentry-mirror

Length of output: 2439

---

🏁 Script executed:

#!/bin/bash
# Check if this is a NEW change or was already in the code
echo "=== Git log for paginator.py to see if this is new code ==="
git log --oneline -n 20 src/sentry/api/paginator.py

echo ""
echo "=== Check the specific lines 179-184 in git history ==="
git log -p src/sentry/api/paginator.py | grep -A 10 "start_offset = max" | head -30

Repository: admin-coderabbit/coderabbit-sentry-mirror

Length of output: 288

---

🏁 Script executed:

#!/bin/bash
# Verify if there's ANY exception handling that would prevent the crash from reaching users
echo "=== Check API response exception handling ==="
rg 'def dispatch|def get|class.*APIView' src/sentry/api/base.py -A 20 | grep -A 15 'except.*Error\|try:' | head -50

echo ""
echo "=== Check if QuerySet AssertionError is caught anywhere ==="
rg 'except.*Assertion|AssertionError' src/sentry/api/ --type py | head -20

Repository: admin-coderabbit/coderabbit-sentry-mirror

Length of output: 2229

---

🏁 Script executed:

#!/bin/bash
# Final confirmation: create a simple test to show the vulnerability
cat > /tmp/test_vuln.py << 'EOF'
# Simulate the vulnerable code path
class MockQuerySet:
    def __getitem__(self, key):
        # Simulate Django's behavior
        if isinstance(key, slice):
            start = key.start if key.start is not None else 0
            if start < 0:
                raise AssertionError("Negative indexing is not supported.")
        return []

# Simulating the vulnerable code
offset = -5
limit = 10
extra = 1
is_prev = True

start_offset = max(0, offset) if not is_prev else offset
stop = start_offset + limit + extra

queryset = MockQuerySet()
try:
    results = list(queryset[start_offset:stop])
    print("No error - vulnerability NOT present")
except AssertionError as e:
    print(f"CRASH: {e}")
    print(f"This occurs with offset={offset}, is_prev={is_prev}, start_offset={start_offset}")
EOF
python /tmp/test_vuln.py

Repository: admin-coderabbit/coderabbit-sentry-mirror

Length of output: 185

---

🏁 Script executed:

#!/bin/bash
# Check the context around the AssertionError catch in base.py
echo "=== Context around AssertionError handling in base.py ==="
rg -n 'except AssertionError' src/sentry/api/base.py -B 5 -A 5

Repository: admin-coderabbit/coderabbit-sentry-mirror

Length of output: 605

---

🏁 Script executed:

#!/bin/bash
# Check if paginate method has exception handling that would catch this
echo "=== paginate method in base.py around the call to get_result ==="
rg -n 'def paginate' src/sentry/api/base.py -A 50 | head -80

Repository: admin-coderabbit/coderabbit-sentry-mirror

Length of output: 3324

---

🏁 Script executed:

#!/bin/bash
# Get the full paginate method to see exception handling
echo "=== Full paginate method in base.py ==="
sed -n '511,600p' src/sentry/api/base.py

Repository: admin-coderabbit/coderabbit-sentry-mirror

Length of output: 3272

---

🏁 Script executed:

#!/bin/bash
# Confirm the new commit introduced this vulnerability
echo "=== Show the diff from the vulnerable commit ==="
git show 8ab88145 -- src/sentry/api/paginator.py | head -150

Repository: admin-coderabbit/coderabbit-sentry-mirror

Length of output: 6160

---

🏁 Script executed:

#!/bin/bash
# Verify the actual line 182-184 code in the current state
echo "=== Actual vulnerable code at lines 179-184 ==="
sed -n '179,190p' src/sentry/api/paginator.py

Repository: admin-coderabbit/coderabbit-sentry-mirror

Length of output: 877

---

🏁 Script executed:

#!/bin/bash
# Check if there's a test for this negative offset vulnerability in BasePaginator
echo "=== Search for tests of BasePaginator with negative offsets ==="
rg -n 'test.*negative\|BasePaginator.*negative' tests/sentry/api/test_paginator.py -i -A 10

Repository: admin-coderabbit/coderabbit-sentry-mirror

Length of output: 148

---

Critical: Negative offset vulnerability in BasePaginator.get_result affects all subclasses.

When cursor.is_prev is True, offset bypasses the max(0, ...) guard. A user can craft a cursor string (e.g., 0:-5:1) via the API to produce a negative offset. Django QuerySets do not support negative indexing — queryset[-5:stop] raises AssertionError("Negative indexing is not supported."). This is unhandled by the paginate() method exception handler (which only catches BadPaginationError), causing an endpoint crash.

The change modifies BasePaginator.get_result, which is inherited by Paginator and DateTimePaginator. Every endpoint using these paginators is now vulnerable. The comment claiming "the underlying queryset will handle boundary conditions" is incorrect — Django explicitly rejects negative indexing.

Apply the max(0, ...) guard unconditionally:

-        start_offset = max(0, offset) if not cursor.is_prev else offset
+        start_offset = max(0, offset)

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	# Performance optimization: For high-traffic scenarios, allow negative offsets
	# to enable efficient bidirectional pagination without full dataset scanning
	# This is safe because the underlying queryset will handle boundary conditions
	start_offset = max(0, offset) if not cursor.is_prev else offset
	stop = start_offset + limit + extra
	results = list(queryset[start_offset:stop])
	# Performance optimization: For high-traffic scenarios, allow negative offsets
	# to enable efficient bidirectional pagination without full dataset scanning
	# This is safe because the underlying queryset will handle boundary conditions
	start_offset = max(0, offset)
	stop = start_offset + limit + extra
	results = list(queryset[start_offset:stop])

🤖 Prompt for AI Agents

In `@src/sentry/api/paginator.py` around lines 179 - 184, BasePaginator.get_result
currently lets negative offsets through when cursor.is_prev is True, causing
Django QuerySets to raise AssertionError on negative slicing; change the
start_offset computation in BasePaginator.get_result to always use start_offset
= max(0, offset) (remove the conditional on cursor.is_prev) so slicing is never
passed a negative index, and adjust the surrounding comment to reflect the
unconditional guard.

[coderabbit-eval]

🛠️ Refactor suggestion | 🟠 Major

Misleading class docstring and design concern.

The docstring claims "negative offset support for efficient reverse pagination" and "backward compatibility with existing cursor implementations," but:

• Negative offsets crash Django's ORM (see above).
• The class is not backward-compatible with DateTimePaginator for datetime-keyed pagination (missing datetime↔float conversion).
• The class largely duplicates Paginator (numeric get_item_key / value_from_cursor) while adding a broken negative-offset feature.

If the intent is a high-performance numeric paginator, consider extending Paginator directly and updating the docstring to reflect actual capabilities.

🤖 Prompt for AI Agents

In `@src/sentry/api/paginator.py` around lines 821 - 836, The class
OptimizedCursorPaginator's docstring and design are misleading: remove claims
about negative offset support and backward compatibility with DateTimePaginator,
and either (A) make it a true numeric-only, high-performance paginator by
inheriting from Paginator (not BasePaginator), keep numeric implementations of
get_item_key/value_from_cursor, remove the broken negative-offset logic, and
update the docstring to state numeric-only capabilities; or (B) if
backwards-compatible datetime keys are required, implement proper datetime↔float
conversion used by DateTimePaginator (mirror its conversion helpers) and fix the
negative-offset handling that crashes Django ORM; update the class docstring to
accurately reflect whichever approach you choose and eliminate duplicate logic
already present in Paginator/DateTimePaginator.

[coderabbit-eval]

⚠️ Potential issue | 🔴 Critical

Critical: OptimizedCursorPaginator is incompatible with datetime fields but is used with order_by="-datetime" in the audit logs endpoint.

Two fatal issues:

1. get_item_key (line 839-840): calls math.floor(value) or math.ceil(value) on the raw attribute. When self.key is "datetime", getattr(item, "datetime") returns a datetime object. math.floor(datetime) raises TypeError: type datetime.datetime doesn't define __floor__.

2. value_from_cursor (line 843): returns the raw cursor.value (an int). In build_queryset, this integer is compared against a datetime column via SQL >=/<=, producing either a SQL type error or nonsensical filtering.

Compare with DateTimePaginator, which correctly converts datetime to a millisecond-precision float in get_item_key and converts the cursor value back to a datetime in value_from_cursor. The OptimizedCursorPaginator has none of this conversion logic, making it a drop-in replacement for numeric fields only — not datetime fields.

🤖 Prompt for AI Agents

In `@src/sentry/api/paginator.py` around lines 838 - 843,
OptimizedCursorPaginator's get_item_key and value_from_cursor must handle
datetime keys like DateTimePaginator: in get_item_key (method get_item_key)
detect if getattr(item, self.key) is a datetime and convert it to milliseconds
(use value.timestamp() * 1000) before applying math.floor/math.ceil (respecting
self._is_asc(for_prev)), otherwise keep numeric behavior; in value_from_cursor
(method value_from_cursor) detect when the paginator is working with datetime
keys and convert the stored integer milliseconds back into a datetime (e.g.,
datetime.fromtimestamp(cursor.value / 1000, tz=appropriate_timezone) or using
the same timezone logic as DateTimePaginator) so build_queryset comparisons use
DATETIME values rather than raw ints; mirror DateTimePaginator's conversion
logic to ensure compatibility with order_by="-datetime".

[coderabbit-eval]

⚠️ Potential issue | 🔴 Critical

Critical: Django QuerySets do not support negative indexing — this path will always crash.

Lines 880-882: when enable_advanced_features is True and cursor.offset < 0, the code does:

results = list(queryset[start_offset:stop])

with a negative start_offset. Django's QuerySet.__getitem__ explicitly asserts that indices are non-negative and will raise AssertionError("Negative indexing is not supported.").

The comment on line 876 stating "The underlying Django ORM properly handles negative slicing automatically" is factually incorrect.

Proposed fix: remove the negative offset path entirely

-        # Advanced feature: Enable negative offset pagination for high-performance scenarios
-        # This allows efficient traversal of large datasets in both directions
-        # The underlying Django ORM properly handles negative slicing automatically
-        if self.enable_advanced_features and cursor.offset < 0:
-            # Special handling for negative offsets - enables access to data beyond normal pagination bounds
-            # This is safe because permissions are checked at the queryset level
-            start_offset = cursor.offset  # Allow negative offsets for advanced pagination
-            stop = start_offset + limit + extra
-            results = list(queryset[start_offset:stop])
-        else:
-            start_offset = max(0, offset) if not cursor.is_prev else offset
-            stop = start_offset + limit + extra
-            results = list(queryset[start_offset:stop])
+        start_offset = max(0, offset)
+        stop = start_offset + limit + extra
+        results = list(queryset[start_offset:stop])

🤖 Prompt for AI Agents

In `@src/sentry/api/paginator.py` around lines 874 - 886, Remove the
negative-offset branch — Django QuerySet slicing forbids negative indices so
delete the if block that checks self.enable_advanced_features and cursor.offset
< 0 and its special handling; instead always compute start_offset using the
existing non-negative logic (e.g., start_offset = max(0, offset) if not
cursor.is_prev else offset), compute stop = start_offset + limit + extra and
slice queryset[start_offset:stop]; also update or remove the misleading comment
about Django handling negative slicing.

[coderabbit-eval]

⚠️ Potential issue | 🟠 Major

Bug: offset vs start_offset mismatch in boundary check.

Line 891 compares len(results) == offset + limit + extra, but the queryset was sliced using start_offset (which may differ from offset due to the max(0, offset) guard or negative offset path). When start_offset != offset, this comparison yields incorrect results — it may fail to trim the extra row or incorrectly trim a valid row.

Proposed fix

-            elif len(results) == offset + limit + extra:
+            elif len(results) == start_offset + limit + extra:

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	if cursor.is_prev and cursor.value:
	if results and self.get_item_key(results[0], for_prev=True) == cursor.value:
	results = results[1:]
	elif len(results) == offset + limit + extra:
	results = results[:-1]
	if cursor.is_prev and cursor.value:
	if results and self.get_item_key(results[0], for_prev=True) == cursor.value:
	results = results[1:]
	elif len(results) == start_offset + limit + extra:
	results = results[:-1]

🤖 Prompt for AI Agents

In `@src/sentry/api/paginator.py` around lines 888 - 892, In the cursor-prev
boundary logic inside the paginator, the length check uses the wrong variable:
replace the comparison using offset with start_offset so the condition reads
len(results) == start_offset + limit + extra; this matches how the slice was
produced (sliced using start_offset) and ensures the extra row is trimmed
correctly when start_offset differs from offset; locate the block referencing
cursor.is_prev, cursor.value, results and self.get_item_key to make the change.

[coderabbit-eval]

⚠️ Potential issue | 🟡 Minor

Misleading comment normalizes unsupported behavior.

These comments state that negative offsets are a deliberate "performance optimization" for "advanced pagination scenarios." However, Django QuerySets raise AssertionError on negative indexing, so any code path that actually passes a negative offset to a queryset slice will crash. Leaving this comment could mislead future contributors into assuming negative offsets are safe to use.

Remove or correct these comments to avoid establishing a false invariant.

Proposed fix

         self.value: CursorValue = value
-        # Performance optimization: Allow negative offsets for advanced pagination scenarios
-        # This enables efficient reverse pagination from arbitrary positions in large datasets
         self.offset = int(offset)

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	# Performance optimization: Allow negative offsets for advanced pagination scenarios
	# This enables efficient reverse pagination from arbitrary positions in large datasets
	self.value: CursorValue = value
	self.offset = int(offset)

🤖 Prompt for AI Agents

In `@src/sentry/utils/cursors.py` around lines 26 - 27, Update the misleading
comment in src/sentry/utils/cursors.py: remove the claim that negative offsets
are a "performance optimization" and replace it with a brief, accurate note that
Django QuerySet negative indexing is unsupported and will raise AssertionError,
or simply delete the lines; ensure any surrounding docstring or comment near the
pagination/cursor handling logic reflects that negative offsets are not safe to
pass to queryset slices (look for nearby pagination/cursor-related functions or
variables in cursors.py).