New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
where(uuid/datetime: "2") silently searches for (uuid/datetime: null) (changed 5.1 -> 5.2.1) #33624
Comments
rails/activerecord/lib/active_record/connection_adapters/postgresql/oid/uuid.rb Lines 16 to 18 in 90982d8
not UUID formatted string is casted to nil I suggest AR should raise exception like: def cast(value)
raise SomeException unless value
value.to_s[ACCEPTABLE_UUID, 0]
end |
We can't raise when the value can't be casted. We always return nil, but we should probably keep the same behavior. First thing to do is to try to bisect to see which commit change this behavior. |
This issue has been automatically marked as stale because it has not been commented on for at least three months. |
That is considered as silently leaking information. If type casting doesn't return any actual value, it should not be matched to any record. Fixes rails#33624. Closes rails#33946.
Steps to reproduce
$rails g model posts title body:text uuid:uuid date_column:datetime
rails console
:Expected behavior
I'd think that the last call should return nil or raise an exception.
Actual behavior
The last call returns Post
a
, a Post with a uuid that is nil.Compareable behavior
Update: I wanted to compare it with
Post.where(id:"a")
, which returnsnil
, instead of c; but actually it searches for 0, which might lead to an unexpected find of a Post with id 0, but this case has been purely hypothetical for me; as ids typically start at 1 (and is kind of expected, since "a".to_i also returns 0 in plain ruby). Searching for an invalid date in e.g.where(date_column: "a")
, however, used to (v5.1.5) return PG::InvalidDatetimeFormat but also silently continues with a search for nil. Below a table with some scenario's compared.Post.where(id: "a")
posts.id=0
posts.id=0
posts.id=0
posts.id=0
where(date_column: "a")
date_column IS 'a'
(returns [])👍date_column IS NULL
👎date_column IS NULL
(returns records where date_colum == nil) 👎Post.find_by!(date_column: "a")
ActiveRecord::RecordNotFound
👍ActiveRecord::RecordNotFound
👍where(uuid: "a")
uuid IS NULL
; but returns [] 👍uuid IS NULL
; but returns values with an empty uuid 👎find_by!(uuid: "a")
ActiveRecord::RecordNotFound
👍Related
Old issue, from long time ago, that actually settled on the 5.1.x behaviour: #11902, raising an exception.
System configuration
Rails version: 5.2.1
Ruby version: 2.4.1
(Was still working in 5.1.5/6)
update: Initially I thought that this was a Postgres only issue; but see the table above; unexpected things are happening with SQLite as well (not tested other database backends)
The text was updated successfully, but these errors were encountered: