[dev] [Marfuen] mariano/prisma-ssl-pool-fix#2420
Conversation
…nt double-parsing)
PR SummaryMedium Risk Overview Applies the same Written by Cursor Bugbot for commit 8ba459d. This will update automatically on new commits. Configure here. |
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 1 potential issue.
Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.
| const ssl = getSslConfig(url); | ||
| // Strip sslmode from connection string — pg parses it independently and | ||
| // can override our explicit ssl config. We handle SSL entirely via the ssl option. | ||
| const cleanUrl = url.replace(/[?&]sslmode=\w[\w-]*/g, '').replace(/\?&/, '?').replace(/\?$/, ''); |
There was a problem hiding this comment.
Regex produces malformed URL when sslmode is first parameter
High Severity
When sslmode is the first query parameter and other parameters follow (e.g. ?sslmode=require&pool_timeout=10), the first .replace() consumes the ? along with sslmode=..., leaving &pool_timeout=10 with no leading ?. The second .replace(/\?&/, '?') is meant to fix this, but it can never match because the ? was already removed. The result is a malformed connection string (e.g. host/db&pool_timeout=10), which will cause database connection failures in any environment where DATABASE_URL has sslmode as the first query parameter followed by other parameters. This affects all six files with this identical logic.
Additional Locations (2)
# [3.14.0](v3.13.1...v3.14.0) (2026-04-02) ### Bug Fixes * add SSL support to PrismaPg adapter for RDS/staging (rejectUnauthorized: false) ([#2418](#2418)) ([451c6a1](451c6a1)) * **api:** pin prisma@7.6.0 in Dockerfile generate step (prevents stale v6 binary resolution) ([#2423](#2423)) ([13a7b77](13a7b77)) * **api:** upgrade Dockerfile base images for Prisma v7 Node.js requirement (bun 1.3.11, node 22) ([#2425](#2425)) ([dc9351c](dc9351c)) * **app:** comment button gets disabled with numbered formatting ([#2368](#2368)) ([0586dfe](0586dfe)) * **auth:** make Microsoft OAuth tenantId configurable via env var ([#2412](#2412)) ([ffb260b](ffb260b)), closes [#2411](#2411) * **company:** make Access Request form options in Documents ([#2369](#2369)) ([f461c4d](f461c4d)) * **db:** point prisma.config.ts to schema directory for multi-file schema support in migrations ([#2422](#2422)) ([8a05e29](8a05e29)) * **db:** remove dotenv/config import from prisma.config.ts (not available in Docker build context) ([#2426](#2426)) ([a98cf93](a98cf93)) * **db:** use process.env fallback for DATABASE_URL in prisma.config.ts ([#2416](#2416)) ([3e29382](3e29382)) * default to SSL for non-localhost connections, remove buggy cleanUrl stripping ([#2430](#2430)) ([98213f8](98213f8)) * Enable 'Ready for Review' menu for client on Document Finding ([#2404](#2404)) ([12e5e3a](12e5e3a)) * handle stale Ramp sync provider in legacy orgs ([3d6d1d4](3d6d1d4)) * install ca-certificates before wget, clean apt after download ([#2433](#2433)) ([772ac48](772ac48)) * install ca-certificates before wget, clean apt after download ([#2434](#2434)) ([b7b7944](b7b7944)) * **portal:** remove getJwtToken and use session-cookie auth directly ([67aacf5](67aacf5)) * scope stale provider cleanup to ramp only ([a3313cd](a3313cd)) * set trigger.dev runtime to node-22 (Prisma v7 requires node >=20.19 || >=22.12) ([#2419](#2419)) ([f688334](f688334)) * strip sslmode from connection string before passing to pg (prevent double-parsing) ([#2420](#2420)) ([00e6f13](00e6f13)) * strip sslmode from DATABASE_URL to avoid conflict with explicit ssl option ([#2435](#2435)) ([335dcd2](335dcd2)) * use AWS RDS CA bundle for proper SSL verification, simplify client SSL config ([#2432](#2432)) ([863f14b](863f14b)) * use installed prisma binary instead of bunx (fixes prisma/config resolution in Docker) ([#2427](#2427)) ([fab6693](fab6693)) * use process.env fallback for DATABASE_URL in all prisma.config.ts files (build envs have no DB) ([#2417](#2417)) ([977a705](977a705)) ### Features * **app, api, framework-editor:** restructure compliance app and add framework editor CLI ([30516d4](30516d4)) * migrate prisma from v6 to v7 ([59e0db9](59e0db9)) * remove Ramp integration entirely ([a04c486](a04c486))
|
🎉 This PR is included in version 3.14.0 🎉 The release is available on GitHub release Your semantic-release bot 📦🚀 |
2 participants
This is an automated pull request to merge mariano/prisma-ssl-pool-fix into dev.
It was created by the [Auto Pull Request] action.