fix(dynamodb): cross-type relational comparisons in FilterExpression don't match#2022
Merged
Conversation
…don't match A FilterExpression / KeyConditionExpression relational comparison (`<`, `<=`, `>`, `>=`, BETWEEN) across mismatched attribute types wrongly matched, because compare_attribute_values falls back to Ordering::Equal on a type mismatch, which satisfies `<=`/`>=`/BETWEEN. So `n <= :s` (a Number attribute vs a String value) returned the item, and an optimistic-lock `version >= :v` guard could wrongly pass. The relational operators now require both operands to share a scalar type (S/N/B) — DynamoDB only compares same-typed values. (`=`/`<>` already used exact typed equality, and the PartiQL path already returned no-match for cross-type.) Adds an e2e test asserting `n <= :string` does not match while `n <= :number` does.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Cycle-6 bug-hunt backlog (T1.12).
A FilterExpression / KeyConditionExpression relational comparison (
<,<=,>,>=, BETWEEN) across mismatched attribute types wrongly matched:compare_attribute_valuesfalls back toOrdering::Equalon a type mismatch, which satisfies<=/>=/BETWEEN. Son <= :s(Number attribute vs String value) returned the item, and an optimistic-lockversion >= :vguard could wrongly pass. The relational operators now require both operands to share a scalar type (S/N/B) — DynamoDB only compares same-typed values. (=/<>already used exact typed equality; the PartiQLcompare_attrpath already returned no-match for cross-type.)E2E asserts
n <= :stringdoesn't match whilen <= :numberdoes. dynamodb lib (322) green. Builds clean; clippy-D warningsclean.Summary by cubic
Fixes DynamoDB FilterExpression/KeyConditionExpression so relational comparisons don’t match across mismatched types. Relational operators now require both sides to share a scalar type (S/N/B), preventing false positives like
n <= :sand protecting optimistic-lock guards.comparable_typesand gated<,<=,>,>=, andBETWEENon same-type operands (S/N/B).key_cond_simple_comparisonandkey_cond_between; equality/inequality remain exact typed.n <= :stringyields no match whilen <= :numbermatches (addresses Linear T1.12).Written for commit 5bde3ce. Summary will update on new commits.