db-connect
db-connect copied to clipboard
cloudflare
sql column types are not respected
Currently in db-connect, column type is defined as a function argument, but the type is never used in coercion to JSON, and it instead guesses at the data type for every field. This can lead to unexpected types in returned data where user input might be treated as something other than a string and break consuming code. For example, in a database where I might expect typeof to resolve like
{
"status": { "string": 9362 },
"stats": { "object": 9362 }, // null or object
"startedAt": { "string": 9362 }, // string (date)
"sellerName": { "string": 9362 },
"sellerCastle": { "string": 9362 },
"quality": { "object": 8430, "string": 932 }, // null or string
"price": { "number": 9362 },
"lotId": { "string": 9362 }, // string, even if it looks like a number
"itemName": { "string": 9362 }, // string (date)
"finishedAt": { "string": 8692, "object": 670 }, // null or string (date)
"endAt": { "string": 9362 }, // string (date)
"condition": { "object": 8418, "string": 944 }, // null or string
"buyerName": { "string": 7461, "object": 1901 }, // null or string
"buyerCastle": { "string": 8194, "object": 1168 } // null or string
}
I instead see
{
"status": { "string": 9362 },
"stats": { "object": 9362 },
"startedAt": { "string": 9362 },
"sellerName": { "string": 9361, "number": 1 }, // user input string, parsing "8888" into 8888
"sellerCastle": { "string": 9362 },
"quality": { "object": 8430, "string": 932 },
"price": { "number": 9362 },
"lotId": { "number": 9362 }, // forward thinking to id changes, this is meant to be a string
"itemName": { "string": 9362 },
"finishedAt": { "string": 8692, "object": 670 },
"endAt": { "string": 9362 },
"condition": { "object": 8418, "string": 944 },
"buyerName": { "string": 7461, "object": 1901 },
"buyerCastle": { "string": 8194, "object": 1168 }
}
https://github.com/cloudflare/cloudflared/blob/710f66b0bbf9da94585235f6fba9b1a18ac631fa/dbconnect/sql.go#L278-L294
