Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: validate integers to prevent overflow #3231

Merged
merged 5 commits into from Sep 26, 2022
Merged

fix: validate integers to prevent overflow #3231

merged 5 commits into from Sep 26, 2022

Conversation

Weakky
Copy link
Member

@Weakky Weakky commented Sep 26, 2022
edited

@Weakky Weakky requested a review from a team as a code owner September 26, 2022 10:08
tomhoule
tomhoule approved these changes Sep 26, 2022
View reviewed changes
psl/psl-core/src/datamodel_connector/int_type.rs Outdated
impl std::fmt::Display for IntType {
fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
match self {
IntType::Signed8 => write!(f, "8-bit signed integer"),
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nitpick (no need to fix now), but f.write_str("8-bit signed integer") does the same and is easier on the compiler

query-engine/core/src/query_document/parser.rs
(QueryValue::Int(i), ScalarType::Float) => Ok(PrismaValue::Float(BigDecimal::from(i))),
(QueryValue::Int(i), ScalarType::Decimal) => Ok(PrismaValue::Float(BigDecimal::from(i))),
(QueryValue::Int(i), ScalarType::BigInt) => Ok(PrismaValue::BigInt(i)),

(QueryValue::Float(f), ScalarType::Float) => Ok(PrismaValue::Float(f)),
(QueryValue::Float(f), ScalarType::Decimal) => Ok(PrismaValue::Float(f)),
(QueryValue::Float(f), ScalarType::Int) => match f.to_i64() {
(QueryValue::Float(f), ScalarType::Int(_)) => match f.to_i64() {
Some(converted) => Ok(PrismaValue::Int(converted)),
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't know if there's a good place to persist that, but it would be good to document that we validate all integers except 64 bit integers because they are strings at the graphql level (IIUC).

@Weakky Weakky added this to the 4.4.0 milestone Sep 26, 2022
@Weakky Weakky merged commit 5a6e984 into main Sep 26, 2022
@Weakky Weakky deleted the fix/integer-overflow branch September 26, 2022 16:47
Weakky added a commit that referenced this pull request Sep 27, 2022
@Weakky
Revert "fix: validate integers to prevent overflow (#3231)"
8f84f51 
This reverts commit 5a6e984.
Weakky added a commit that referenced this pull request Sep 27, 2022
@Weakky
Revert "fix: validate integers to prevent overflow (#3231)" (#3237)
f352a33
@Weakky Weakky mentioned this pull request Oct 20, 2022
Merged
2 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tomhoule tomhoule tomhoule approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
4.4.0
Development

Successfully merging this pull request may close these issues.

Postgres integer column silently overflows to bad value
2 participants
@Weakky @tomhoule