fix: Queries fail on nested date attributes #7582
Draft
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Thanks for opening this pull request!
|
mtrezza
requested changes
Sep 24, 2021
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## alpha #7582 +/- ##
==========================================
- Coverage 94.13% 84.86% -9.28%
==========================================
Files 182 183 +1
Lines 13785 13624 -161
==========================================
- Hits 12977 11562 -1415
- Misses 808 2062 +1254 ☔ View full report in Codecov by Sentry. |
|
I will reformat the title to use the proper commit message syntax. |
parse-github-assistant
bot
changed the title
mtrezza
reviewed
Oct 9, 2021
|
Could you look at the failing postgres tests? I seems the postgres adapter needs some changes too? And could you delete the TODOs at the top that don't apply here? |
|
I'm not very familiar with PostgreSQL. I'll take a dig at it and see if I can figure it out. |
|
Do you need a hand with Postgres? |
|
Sorry for the delay. I'm busy with some company work now. I'll take a look as soon as I can |
## [5.4.3](parse-community/parse-server@5.4.2...5.4.3) (2023-03-22) ### Bug Fixes * Unable to create new role if `beforeSave` hook exists ([parse-community#8474](parse-community#8474)) ([4f0f0ec](parse-community@4f0f0ec))
…rict file upload by file extension; this fixes a security vulnerability in which a phishing attack could be performed using an uploaded HTML file; by default the new option only allows file extensions matching the regex pattern `^[^hH][^tT][^mM][^lL]?$`, which excludes HTML files; this fix is released as a patch version given the severity of this vulnerability, however, if your app currently depends on uploading files with HTML file extensions then this may be a breaking change and you could allow HTML file upload by setting the option to `['.*']` (parse-community#8537)
# [5.5.0](parse-community/parse-server@5.4.3...5.5.0) (2023-05-20) ### Features * Add new Parse Server option `fileUpload.fileExtensions` to restrict file upload by file extension; this fixes a security vulnerability in which a phishing attack could be performed using an uploaded HTML file; by default the new option only allows file extensions matching the regex pattern `^[^hH][^tT][^mM][^lL]?$`, which excludes HTML files; this fix is released as a patch version given the severity of this vulnerability, however, if your app currently depends on uploading files with HTML file extensions then this may be a breaking change and you could allow HTML file upload by setting the option to `['.*']` ([parse-community#8537](parse-community#8537)) ([196e05f](parse-community@196e05f))
## [5.5.1](parse-community/parse-server@5.5.0...5.5.1) (2023-05-23) ### Bug Fixes * Security upgrade @parse/push-adapter from 4.1.2 to 4.1.3 ([parse-community#8571](parse-community#8571)) ([8e83cac](parse-community@8e83cac))
…pollution; fixes security vulnerability [GHSA-462x-c3jw-7vr6](GHSA-462x-c3jw-7vr6) (parse-community#8675)
## [5.5.2](parse-community/parse-server@5.5.1...5.5.2) (2023-06-28) ### Bug Fixes * Remote code execution via MongoDB BSON parser through prototype pollution; fixes security vulnerability [GHSA-462x-c3jw-7vr6](GHSA-462x-c3jw-7vr6) ([parse-community#8675](parse-community#8675)) ([5fad292](parse-community@5fad292))
## [5.5.3](parse-community/parse-server@5.5.2...5.5.3) (2023-06-29) ### Bug Fixes * Server does not start via CLI when `auth` option is set ([parse-community#8669](parse-community#8669)) ([601da1e](parse-community@601da1e))
## [5.5.4](parse-community/parse-server@5.5.3...5.5.4) (2023-07-30) ### Bug Fixes * Security upgrade semver from 7.5.1 to 7.5.2 ([parse-community#8704](parse-community#8704)) ([c7fa3b9](parse-community@c7fa3b9))
… circumvent `beforeFind` query trigger; fixes security vulnerability [GHSA-fcv6-fg5r-jm9q](GHSA-fcv6-fg5r-jm9q)
## [5.5.5](parse-community/parse-server@5.5.4...5.5.5) (2023-09-04) ### Bug Fixes * Parse Pointer allows to access internal Parse Server classes and circumvent `beforeFind` query trigger; fixes security vulnerability [GHSA-fcv6-fg5r-jm9q](GHSA-fcv6-fg5r-jm9q) ([6458ab0](parse-community@6458ab0))
## [5.5.6](parse-community/parse-server@5.5.5...5.5.6) (2023-10-20) ### Bug Fixes * Server crash when uploading file without extension; fixes security vulnerability [GHSA-792q-q67h-w579](GHSA-792q-q67h-w579) ([parse-community#8782](parse-community#8782)) ([686a9f2](parse-community@686a9f2))
# [5.6.0](parse-community/parse-server@5.5.6...5.6.0) (2023-10-25) ### Features * Add `$setOnInsert` operator to `Parse.Server.database.update` ([parse-community#8790](parse-community#8790)) ([c4a4a2a](parse-community@c4a4a2a))
…ccessed on undefined" This reverts commit 31c41cb.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
New Pull Request Checklist
Issue Description
Queries return empty results if nested date attributes are used in constraints
Related issue: #7575
Approach
MongoDB transformer was implemented to only transform root level attributes and leave nested attributes as it is except
DateandBytes. There was inconsistency betweentransformQueryKeyValueandparseObjectToMongoObjectForCreatewhich was causing some nested date queries to fail. following changes are made to fix it.DatetypesrootProp.nestedProp.TODOs before merging