From c931b9126dfeb280fb74dad18909845723c708e9 Mon Sep 17 00:00:00 2001
From: Yukai Xue <144064399+AlwinXue@users.noreply.github.com>
Date: Mon, 30 Mar 2026 18:47:00 -0700
Subject: [PATCH] fix: validate invalid dicom uploads before processing

Made-with: Cursor
---
 apps/backend/app/routers/reports.py | 11 +++++++++++
 apps/backend/tests/test_report.py   |  6 +++---
 2 files changed, 14 insertions(+), 3 deletions(-)

diff --git a/apps/backend/app/routers/reports.py b/apps/backend/app/routers/reports.py
index 5b80ab8e..b3d40199 100644
--- a/apps/backend/app/routers/reports.py
+++ b/apps/backend/app/routers/reports.py
@@ -7,6 +7,7 @@
 from typing import List, Optional
 from .data import data
 from pyaslreport import generate_report, get_bids_metadata
+from pyaslreport.main import get_dicom_header
 from pyaslreport.enums import ModalityTypeValues
 from fastapi.responses import FileResponse
 from weasyprint import HTML
@@ -89,6 +90,16 @@ async def get_report_dicom(
         except Exception as e:
             print(f"Error reading DICOM file {file.filename}: {e}")
 
+    try:
+        get_dicom_header(data["dicom_dir"])
+    except (TypeError, ValueError, OSError, FileNotFoundError) as e:
+        print(f"Invalid DICOM upload: {e}")
+        await remove_dir(base_dir)
+        raise HTTPException(
+            status_code=status.HTTP_400_BAD_REQUEST,
+            detail="No valid DICOM files provided"
+        )
+
     try:
         metadata, asl_context = get_bids_metadata(data)
         print("Generated BIDS metadata:", metadata)
diff --git a/apps/backend/tests/test_report.py b/apps/backend/tests/test_report.py
index 2dd19c8f..83554c45 100644
--- a/apps/backend/tests/test_report.py
+++ b/apps/backend/tests/test_report.py
@@ -23,12 +23,12 @@ def test_get_report_dicom_with_invalid_file(tmp_path):
     file_path.write_text("not a dicom")
     with open(file_path, "rb") as f:
         response = client.post(
-            "/report/process/dicom",
+            "/api/report/process/dicom",
             files={"dcm_files": ("not_a_dicom.txt", f, "text/plain")},
             data={"modality": "ASL"}
         )
-    # Should still return 500 due to invalid dicom
-    assert response.status_code in [500, 200]
+    assert response.status_code == 400
+    assert response.json()["detail"] == "No valid DICOM files provided"
 
 def test_report_pdf_endpoint():
     # Minimal valid report_data for rendering