Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

switchDatabase errors are ignored which can lead to unexpected behaviour #470

Closed
yonjah opened this issue Mar 30, 2017 · 1 comment
Closed
Labels

Comments

@yonjah
Copy link

yonjah commented Mar 30, 2017

connect.js doesn't check if switchDatabase actually returns an error
https://github.com/db-migrate/node-db-migrate/blob/master/connect.js#L39
You can test this by setting a scope with a db that the user does not have access to

This can cause unexpected database corruptions since the migrations will keep running
on the main database.
If the migration statements fail to run the error will be misleading since it will point to the migration statement causing the error where the actual issue is the failing to change to the required database


Want to back this issue? Post a bounty on it! We accept bounties via Bountysource.

@wzrdtales wzrdtales added the bug label Apr 9, 2017
@wzrdtales
Copy link
Member

@yonjah Good catch! Thanks for reporting this!

RandomSeeded added a commit to blend/node-db-migrate that referenced this issue May 29, 2018
* cs fixes

* add concepting to comments

* fix driver inclusion

* remove sqlite dependency, add sqlite to devdependencies and outsource driver

* remove unnecessary files

* remove mongodb dependency, outsource mongodb driver

* Bump sqlite3 package version to fix issue with node 4.0.0

* Bump sqlite3 package version to fix issue with node 4.0.0

* add node version 4.0, remove iojs allowed build failures

* remove mysql dependency and add to dev for testing purposes

* fix index_test tests

* change base test to extern base

* fix index test

* remove last driver dependencies

resolves db-migrate#227

* add pg to dev dependencies

* ?

* updated fixed pg driver

* add error message to executeDB and handle callback

* return error message if available or the object/message directly passed through

* fix some cs issues

* add missing nosql methods to interface

* do not strip private functions from driver

removed unnecessary entries from migrator interface
do not strip any `_function` unless it is explicitly defined via exclude

* change config to internal scope

* fix test for new internal config

* fix last details to move config i into internal scope

* remove debug message

* remove es5 from jshint rules, fix one cs

*  add rules to jshint

* fix some cs issues and adjust rules

* adjust some settings and add jscs already

* [cs] fixed some issues and do some cleanup

* update lab

* update dependency and check

* add 4.1 to travis ci

* change couple of templates

* update sql templates

* add undo seed function to api

* fix bug on up/down of seeders

* add reset method and limit down methods of seeds

* add dummy calls to linked seeders and migrations

* link to read the docs and remove readme documentation

* 0.10.0-beta.1

* remove the badge ending from the documentation url

* make entry in readme more clear to be also a user manual

* Extend startup with logging and failure handling on 0.9.x versions

Before this patch users may ran into a local installation older than 0.9.x, this patch
ensures that the version is compatible to be preffered over the global version. If the
local version is to old (<0.10.0) the global version will be used instead. If this is
the case a warn message gets displayed to the user.

Additionally added informational logging within the verbose mode if a local version gets
preferred.

solves db-migrate#317

* 0.10.0-beta.2

* add lts node.js version to travis tests

* Resolve driver from local projects

Fixes db-migrate#318

* use synchronized variant of resolve for drivers

* 0.10.0-beta.3

* fix sql templates to work with 0.10.x again

* ignore on init formatting

* 0.10.0-beta.4

* Support setting default environment via ENV variable.

* Support setting default environment via ENV variable.

* coffeescript template refactory

coffeescript template refactory

by default coffeescript always returns the last line/variable, so there is no need to use the ~return~ keyword, there is not need for ; also.

* add scope logging

* [bugfix] internal linking causes infinite loop

fixes db-migrate#329

* add scope logging

* [bugfix] internal linking causes infinite loop

fixes db-migrate#329

* coffeescript template refactory

coffeescript template refactory

by default coffeescript always returns the last line/variable, so there is no need to use the ~return~ keyword, there is not need for ; also.

* 0.10.0-beta.5

* remove debug message

* 0.10.0-beta.6

* allow configuration through options object

* adjust test

* add direct execution of seeders and migrator links

* Fix config file setting.

* update parse db-url to 0.3.0

Introduces mongodb uri support

* update some dependencies

* fix(migration):

A promise is not properly identified and returning an empty resolve ends up in
db-migrate hanging up forever.

Fixes db-migrate#343

* fix(api): callback not called on run

If db-mgirate is run via any run method (except directly from console), the callback was not available
to the migration functions anymore.

* fix(api): callback called twice

Revert the change to add the callback if it is undefined.

Fixes db-migrate#343

* Fix promise issue for down migrations.

* refactor(migration): Make check for promise more reliable

* fix(test): Stub MySQL connect method instead of calling the original

The MySQL driver now connects directly to the driver, instead on the first query. This
caused some trouble with the ssh tunnel test, this functionality was stubbed.

Fixes db-migrate#348

* chore(security): Bump dependency because of security vulnerability

* pull down package.json

* chore(dependencies): update and remove unneeded dependencies

* Update data_type.js

For consistency :-)

* chore(travis): change travis config to use modern compiler

* chore(travis): add node 5 to ci builds

* chore(travis): remove obsolete node 4.1

Keep 4.2 lts and node 4 in the build which is usually enough.

* Avoid warning in promise/callback bridge code

When Bluebird detects when a promise is created within a promise
handler, but is not returned, it [emits a warning][warn] 'a promise was
created in a handler but was not returned from it'.

This happens if the `callback()` function is implemented using Promises,
but uses `nodeify()` to make it callback compatible. By using nodeify
here, it handles the returned Promise (if any) and avoids the warning.

 [warn]: https://github.com/petkaantonov/bluebird/blob/master/docs/docs/warning-explanations.md

* Updated documentation link in README

Current documentation link points to a 404 page, updated it with a working version.

* chore(travis): add node 6

* fix(api): fix race condition on create migration

A callback was placed not inside but after the callback which it belongs to. This
resulted in a very rarely occuring race condition when creating migrations without
an existing migration directory.

Fixes db-migrate#376

* 0.10.0-beta.12

* chore(compatibility): update dependencies

* chore(dev): add .tern file to project

* refactor(log): move log into new extern lib

Refers to db-migrate#382

* refactor(datatype): move dataType into new extern lib

Refers to db-migrate#382

* refactor(remove): remove log and dataType artifacts

Refers to db-migrate#382

* refactor(util): remove util artifact

Resolves db-migrate#382

* detect real callback for several api functions

* feat(api): promisify all current api methods

* refactor(ssh): delay loading of tunnel-ssh and improve load time

This improves the loadtime of db-migrate by 47%. To be exact from ~22ms to ~15ms.

Resolves db-migrate#387

* refactor(modularize): require inflection from npm instead

* refactor(tests): added shadow test and rewrite api test

* chore(comments): add some notes to the api tests

* refactor(globals): remove several globals, this might break things

There are several things that are exposed as global. For example Migrator, Seeder, Class, or the async and dbm globals.

Most probably finally removing async and dbm which have been marked deprecated, will end up for some people in a breaking change. But we need to remove all those
globals, to not interfere with projects using db-migrate. DB-Migrate is not just a cli module anymore though. In this step we now also finally removed internals completely
from the API, and needed to adjust the onComplete callback to actually do this. This change could also lead to a breaking change and should thus be communicated

All in all this is a big clean up and also two not necessary functions were removed.

* chore(parallelize): parallelize non interferring api tests

* refactor(tests): add index tests and some configs

* refactor(tests): refactored util_tests

* refactor(tests): refactored migration tests

* refactor(tests): refactored config tests

* refactor(tests): refactored base tests

* refactor(tests): add create tests and remove sample shadows

* chore(ci,dep): update ci and dependencies

* chore(test): create Makefile for tests and edit ci config

Removing 0.10 and 0.12 from tests

* chore(ci): clean up ci config

* chore(dependencies): upgrade dotenv and pkginfo

* chore(devdep): update and remove some devDependencies

* use path.join (db-migrate#353)

refactor(template): use path.join as it is intended to be used

* fix(template): fix unnoticed error introduced in the last merge request

Wrong migrations have been generated

* feat(plugins): add basic support for plugins and improve performance

Some libraries have been changed to be delay loaded. DB-Migrate is back to the minimal load time possible again, if no command at all is entered.

Basic plugin support and the first hook, in this case of the type overwrite has been added. An functional example of a yaml config plugin
has been published.
Also some old functions have been cleaned up which are not necessary any more.

refers to db-migrate#397

* chore(leftover): remove example plugin leftover from package.json

* fix(api): fix introduced undefined behavior of specified configs

internal.cwd added again, which is needed.

* fix(api): fix scoping

The api was missing the matching internal, which resulted in a missing prefix
when executing scope migrations.

fixes db-migrate#409

* most of the first protocol transition and the transition helper
is implemented already. Just the logic to actually call the helper is currently missing.

* feat(transitioner): add transitioner to easen the process of protocol changes

Resolves db-migrate#403

* feat(hook): parser hook and transitioner api

Added a hook for parsers and added the API endpoints for the transitioner.

Refers to db-migrate#403
Refers to db-migrate#397

* fix(config): Don't throw if environment variable is empty

Fixes db-migrate#411

* chore(hook): allow also to hook without adding any extension

* fix(transitioner): add new parser internal to transitioner

* fix(transitioner): catch whitespaces properly

* chore(templates): add meta protocol v1 to already aligned migration templates

* feat(plugin): add basic plugin support

Added basic plugin support, enabling to inject at multiple targets of the API, config and register
pre compiler.

Resolves db-migrate#397
Refers db-migrate#396

* fix(plugin): use correct path to include plugins

* fix(errorhandling): Add missing error assertion in executeDB

fixes db-migrate#381

* feat(sync): add sync mode

Refers to db-migrate#383
Resolves db-migrate#313
Refers to db-migrate#222

* refactor(tests): remove tests from main repo

Tests have been moved to their driver repo.

Resolves db-migrate#399

* refactor(cleanup): cleanup package.json and add db.config.ci back

* chore(ci): exclude interfaces

* chore(ci): Readd missing dependencies

* chore(test): Add Test for privateKey param on shh tunnel

* fix(resolve): Check if resolved version has plugin support

fix db-migrate#425

* log error on undefined stack

* refactor(api): cleanup information and added commentary

* feat(config): add rc style configs

fixes db-migrate#308
fixes db-migrate#406

* refactor(api): refactor tests and make api.js more modular

* fix(api): add missing reference to sync

* refactor(api): remove last output of postponed seeders

* add test dummies for api

* add first programable api tests

* directly use promises in tests

* Double quoting interpolated file name for coffee

* fix(create): use same timestamp in every created file

* fix(args): dont parse when called as module

fixes db-migrate#449

* fix deep config replacements

fixes db-migrate#473

* feat(config): helper to overwrite and extend configuration

This allows to parse a url from an url property and as well to overwrite and extend
variables as needed.
To pass in url as normal value an object is needed like the following: { url: { value: "http://example.com } }.

Fixes db-migrate#349
Fixes db-migrate/pg#8
Fixes db-migrate#488
Fixes db-migrate#463

* fix(tests): fix breaking tests

* refactor(config): do not just interpret database.json

also check for either a passed config object OR a config file exists

* fix(create): Fix create when using db-migrate as module

Bug introduced on db-migrate#485

Fixes: db-migrate#493

* test(create): Fix testing as module when no database.json on root

* fix small typo in cli help menu

* allow rc file to contain location of config file

* print the reason in unhandledRejection evnet if reason.stack does not exist

* complete refactor of api js

* add eslint to dependencies

* fix a few bugs and update tests

* fix last tests

* adjust to cs

* adjust manual changes for cs

* remove process.exit when no callback passed and remove optimist help when in module mode

Fixes db-migrate#516

* add changelog and release 0.10.0

* 0.10.0

* adjusted tests and updated devDependencies

Refers to db-migrate#518

* readd pkg-lock

* change tested versions

* rewrite latest to node

* add linting and fix cs on config test

* add commitlint

* remove parallel: true as it was deprecated

* add stale config

* use more appropiate label

* Create CODE_OF_CONDUCT.md

* fix(db): wrong reference to connect causes db:create to fail

Fixes db-migrate#520

* 0.10.1

* add changelog

* fix(log): error ended up in unreadable errors

Fixes db-migrate#524
Fixes db-migrate#521

* add changelog

* chore: Remove `moment`.

Signed-off-by: wtgtybhertgeghgtwtg <wtgtybhertgeghgtwtg@gmail.com>

* feat(issuetemplate): added a github issue template

Signed-off-by: BorntraegerMarc <marc.borntraeger@gmail.com>

* fix(exitCode): wrong check for existence fixed

A wrong check for existence resulted in events not
being loaded on version sized like 4.0.0. This resulted
in non zero error codes when actually running into errors.

Signed-off-by: Tobias Gurtzick <magic@wizardtales.com>

* refactor(deprecationNotice): remove insert deprecation

This temporarily removes the note being displayed to the user
when an insert call is being made. This will be removed until
seeders really going to be introduced.

Refers to db-migrate#215

Signed-off-by: Tobias Gurtzick <magic@wizardtales.com>

* fix(exitCode): wrong exit code on db methods

DB Calls always returned an exit code of 0, which leads
to an unexpected behavior on the user side.

Fixes db-migrate#534

Signed-off-by: Tobias Gurtzick <magic@wizardtales.com>

* fix(switchDatabase): no error was thrown on scope switch

switchDatabase error was unhandled, which resulted in an unhandled
scope switch error.

Fixes db-migrate#470

Signed-off-by: Tobias Gurtzick <magic@wizardtales.com>

* 0.10.3

* add changelog

* fix(insert): add missing insert entry to interface

Fixes db-migrate#542

Signed-off-by: Tobias Gurtzick <magic@wizardtales.com>

* 0.10.4

* changelog

Signed-off-by: Tobias Gurtzick <magic@wizardtales.com>

* 0.10.5

* update to use real checkboxes

* Update ISSUE_TEMPLATE.md

* feat(contribution): enrich contribution instructions

Refers to db-migrate#549

Signed-off-by: Tobias Gurtzick <magic@wizardtales.com>

* feat(contribution): enrich contribution instructions, issues

Signed-off-by: Tobias Gurtzick <magic@wizardtales.com>

* feat(progamableApi): CMD options can be passed programatically now

Signed-off-by: Marc Bornträger <marc.borntraeger@gmail.com>

* fix(ci): add ignores for backported features

Signed-off-by: Tobias Gurtzick <magic@wizardtales.com>

* chore: update dependencies

Signed-off-by: Tobias Gurtzick <magic@wizardtales.com>

* feat(progamableApi): using const now

Signed-off-by: BorntraegerMarc <marc.borntraeger@gmail.com>

* add changelog

Signed-off-by: Tobias Gurtzick <magic@wizardtales.com>

* 0.10.6

* chore: add test to detect cmdOptions functionality

Refers to db-migrate#560
Refers to db-migrate#557

Signed-off-by: Tobias Gurtzick <magic@wizardtales.com>

* fix(progamableApi): cmdOptions get passed into setDefaultArgv now

Signed-off-by: Marc Bornträger <marc.borntraeger@gmail.com>

* 0.10.7

* add changelog

Signed-off-by: Tobias Gurtzick <magic@wizardtales.com>

* chore: update dependency

Signed-off-by: Tobias Gurtzick <magic@wizardtales.com>

* chore: update dependency

Signed-off-by: Tobias Gurtzick <magic@wizardtales.com>

* feat(check): add check functionality to determine migrations to run

Signed-off-by: RandomSeeded <nate@blend.com>

* 0.11.0

* add changelog

Signed-off-by: Tobias Gurtzick <magic@wizardtales.com>

* fix(reset): regression introduced in check functionality

db-migrate#552 introduced a regression and effectively disfunctioned the reset function, since it
did append just to the actionables within the run context.

It was moved into its own context.

Signed-off-by: Tobias Gurtzick <magic@wizardtales.com>

* add changelog

Signed-off-by: Tobias Gurtzick <magic@wizardtales.com>

* 0.11.1

* fix(check): fix check via API not passing results to the callback

Signed-off-by: RandomSeeded <nate@blend.com>

* save

* save

* updates

* cleanup
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

No branches or pull requests

2 participants