Creating threat model with duplicate name returns 500 error instead of validation message

[Ajith-Penmatsa-GGL]

Describe the bug:

When attempting to save a new threat model with a name that already exists in the repository, the application returns a 500 server error instead of providing a user-friendly validation message. This occurs because GitHub's API requires a SHA parameter when updating existing files, but the application is sending a create request without one.

Expected behaviour:

When a user tries to save a threat model with a name that already exists:

1. The application should detect the duplicate name before attempting the API call
2. Display a clear error message: "A threat model with this name already exists. Please choose a different name."
3. Allow the user to modify the name without losing their work
4. Alternatively, offer to update/overwrite the existing file with user confirmation

Environment:

• Version: 2.5
• Platform: Web App
• OS: Windows
• Browser: Chrome

To Reproduce:

1. Log in with GitHub provider
2. Select a repository and branch
3. Create a new threat model with name "Test Model"
4. Save successfully
5. Create another threat model with the same name "Test Model"
6. Attempt to save
7. Observe 500 error response

Declaration:

By submitting this issue you have:

• read the contribution guide and agree to the Code of Conduct
• not used agentic or generative AI in creating this bug report

The screenshot above shows the threat models already saved in my branch.

As shown above, when attempting to create a new threat model with the duplicate name , the application returns a 500 server error with no actionable feedback or guidance.

Suggested Fix:

Before attempting to save a new threat model:

1. Check if a threat model with the same name already exists in the selected branch (this can be done with checking the models array which exists in the state)
2. If duplicate detected, show validation error with clear message
3. Prevent the API call from being made

Alternatively, catch the 500 error response and transform it into a user-friendly message.

[jgadsden]

excellent bug report @Ajith-Penmatsa-GGL , do you have a fix for this as well as the one you are working on for #1433 ?
Much appreciated, and I have provided you with Triage role to view and manage your PR

[Ajith-Penmatsa-GGL]

Thanks for the triage role, I appreciate it!

Yes, I have fixes ready for both #1433 and this issue. While working on these, I've also identified and fixed a couple additional related bugs to ensure a comprehensive solution.

I'm currently doing thorough manual testing and writing unit tests for all the changes. I'll open a PR once testing is complete.

[jgadsden]

Thanks @Ajith-Penmatsa-GGL , also if you make sure the pull requests are as focussed as possible to make it better to review - it may take two pull requests or more
recently we have had pull requests from other contributors that have suffered from PR sprawl which have been difficult to review

[jgadsden]

@Ajith-Penmatsa-GGL is the solution to just use a Toast message if receiving the 500 response?

[Ajith-Penmatsa-GGL]

For this issue, I noticed that the GitHub API returns a 422 when a user attempts to save a duplicate threat model, so I handled this explicitly in the catch block of the threat model controller.

How it works

• Backend: Extended the error helper with an unprocessableEntity (422) handler
• Backend: In the threat model controller’s create method, catch GitHub’s 422 and return it cleanly to the frontend
• Frontend: In save.js (repoCreate), check for a 422 response and show a warning toast

This avoids returning a generic 500 and instead gives the user clear, actionable feedback about what actually went wrong.

Let me know if this approach looks good to you.