Summary
The flights snapshot endpoint returns 400 synthetic aircraft when the upstream provider fails, caches them, and serves them through the normal live flight contract. Missing telemetry is converted into fabricated air traffic.
Evidence
server/src/routes/flights.ts#L35-L84 catches provider errors and generates fallbackStates with 400 fake aircraft.- The synthetic rows use invented identifiers and properties such as
originCountry: 'Mockland', generated callsigns, synthetic coordinates, headings, and altitudes.
- The response is cached for 5 seconds and returned with
X-Cache: FALLBACK, but the API body still uses the standard states payload shape.
Why this matters
- The UI can show a full moving air picture during upstream failure even though none of it is real.
- Downstream components and users cannot safely distinguish real telemetry from mock fallback unless they inspect headers.
- This undermines any operational claim the flight layer makes.
Attack or failure scenario
OpenSky or ADS-B ingestion fails. The server silently swaps in 400 fabricated aircraft over Europe. A user opens the map and sees a healthy-looking moving traffic picture rather than a degraded-state indicator.
Root cause
The route optimizes for visual continuity instead of truthfulness and treats synthetic fallback data as a valid substitute for live telemetry.
Recommended fix
- Remove synthetic aircraft fallback from the production response path.
- Return explicit degraded or unavailable state when no verified provider data exists.
- If demo mode is needed, isolate it behind a separate route or build flag.
- Add tests ensuring provider failure does not emit fabricated aircraft states.
Acceptance criteria
- Upstream failure no longer returns synthetic aircraft in the live API contract.
- Clients receive explicit degraded/unavailable state instead of mock flight data.
- Demo/mock data is isolated from production telemetry paths.
Suggested labels
- bug
- data-quality
- reliability
- production-readiness
Severity
Critical — the flight layer fabricates a complete traffic picture when real telemetry fails.
Confidence
Confirmed — the server explicitly generates and returns 400 synthetic aircraft on provider failure.
Summary
The flights snapshot endpoint returns 400 synthetic aircraft when the upstream provider fails, caches them, and serves them through the normal live flight contract. Missing telemetry is converted into fabricated air traffic.
Evidence
server/src/routes/flights.ts#L35-L84catches provider errors and generatesfallbackStateswith 400 fake aircraft.originCountry: 'Mockland', generated callsigns, synthetic coordinates, headings, and altitudes.X-Cache: FALLBACK, but the API body still uses the standardstatespayload shape.Why this matters
Attack or failure scenario
OpenSky or ADS-B ingestion fails. The server silently swaps in 400 fabricated aircraft over Europe. A user opens the map and sees a healthy-looking moving traffic picture rather than a degraded-state indicator.
Root cause
The route optimizes for visual continuity instead of truthfulness and treats synthetic fallback data as a valid substitute for live telemetry.
Recommended fix
Acceptance criteria
Suggested labels
Severity
Critical — the flight layer fabricates a complete traffic picture when real telemetry fails.
Confidence
Confirmed — the server explicitly generates and returns 400 synthetic aircraft on provider failure.