Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(deps): update rust crate sqlx to 0.8.1 [security] #400

Merged
merged 2 commits into from
Sep 2, 2024
Merged

fix(deps): update rust crate sqlx to 0.8.1 [security] #400

merged 2 commits into from
Sep 2, 2024

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Aug 24, 2024

Mend Renovate

This PR contains the following updates:

Package Type Update Change
sqlx dependencies minor 0.7.4 -> 0.8.1
sqlx dev-dependencies minor 0.7.4 -> 0.8.1

GitHub Vulnerability Alerts

GHSA-xmrp-424f-vfpx

The following presentation at this year's DEF CON was brought to our attention on the SQLx Discord:

SQL Injection isn't Dead: Smuggling Queries at the Protocol Level
http://web.archive.org/web/20240812130923/https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Paul%20Gerste%20-%20SQL%20Injection%20Isn't%20Dead%20Smuggling%20Queries%20at%20the%20Protocol%20Level.pdf
(Archive link for posterity.)

Essentially, encoding a value larger than 4GiB can cause the length prefix in the protocol to overflow,
causing the server to interpret the rest of the string as binary protocol commands or other data.

It appears SQLx does perform truncating casts in a way that could be problematic,
for example: https://github.com/launchbadge/sqlx/blob/6f2905695b9606b5f51b40ce10af63ac9e696bb8/sqlx-postgres/src/arguments.rs#L163

This code has existed essentially since the beginning,
so it is reasonable to assume that all published versions <= 0.8.0 are affected.

Mitigation

As always, you should make sure your application is validating untrustworthy user input.
Reject any input over 4 GiB, or any input that could encode to a string longer than 4 GiB.
Dynamically built queries are also potentially problematic if it pushes the message size over this 4 GiB bound.

Encode::size_hint()
can be used for sanity checks, but do not assume that the size returned is accurate.
For example, the Json<T> and Text<T> adapters have no reasonable way to predict or estimate the final encoded size,
so they just return size_of::<T>() instead.

For web application backends, consider adding some middleware that limits the size of request bodies by default.

Resolution

Work has started on a branch to add #[deny] directives for the following Clippy lints:

and to manually audit the code that they flag.

A fix is expected to be included in the 0.8.1 release (still WIP as of writing).

Release Notes

launchbadge/sqlx (sqlx)

v0.8.1

Compare Source

16 pull requests were merged this release cycle.

This release contains a fix for RUSTSEC-2024-0363.

Postgres users are advised to upgrade ASAP as a possible exploit has been demonstrated:
#​3440 (comment)

MySQL and SQLite do not appear to be exploitable, but upgrading is recommended nonetheless.

Added
  • [#​3421]: correct spelling of MySqlConnectOptions::no_engine_substitution() [[@​kolinfluence]]
    • Deprecates MySqlConnectOptions::no_engine_subsitution() (oops) in favor of the correctly spelled version.
Changed
  • [#​3376]: doc: hide spec_error module [[@​abonander]]
    • This is a helper module for the macros and was not meant to be exposed.
    • It is not expected to receive any breaking changes for the 0.8.x release, but is not designed as a public API.
      Use at your own risk.
  • [#​3382]: feat: bumped to libsqlite3-sys=0.30.1 to support sqlite 3.46 [[@​CommanderStorm]]
  • [#​3385]: chore(examples):Migrated the pg-chat example to ratatui [[@​CommanderStorm]]
  • [#​3399]: Upgrade to rustls 0.23 [[@​djc]]
    • RusTLS now has pluggable cryptography providers: ring (the existing implementation),
      and aws-lc-rs which has optional FIPS certification.
    • The existing features activating RusTLS (runtime-tokio-rustls, runtime-async-std-rustls, tls-rustls)
      enable the ring provider of RusTLS to match the existing behavior so this should not be a breaking change.
    • Switch to the tls-rustls-aws-lc-rs feature to use the aws-lc-rs provider.
      • If using runtime-tokio-rustls or runtime-async-std-rustls,
        this will necessitate switching to the appropriate non-legacy runtime feature:
        runtime-tokio or runtime-async-std
    • See the RusTLS README for more details: https://github.com/rustls/rustls?tab=readme-ov-file#cryptography-providers
Fixed

v0.8.0

Compare Source

70 pull requests were merged this release cycle.

#​2697 was merged the same day as release 0.7.4 and so was missed by the automatic CHANGELOG generation.

Breaking
  • [#​2697]: fix(macros): only enable chrono when time is disabled [[@​saiintbrisson]]
  • [#​2973]: Generic Associated Types in Database, replacing HasValueRef, HasArguments, HasStatement [[@​nitn3lav]]
  • [#​2482]: chore: bump syn to 2.0 [[@​saiintbrisson]]
    • Deprecated type ascription syntax in the query macros was removed.
  • [#​2736]: Fix describe on PostgreSQL views with rules [[@​tsing]]
    • Potentially breaking: nullability inference changes for Postgres.
  • [#​2869]: Implement PgHasArrayType for all references [[@​tylerhawkes]]
    • Conflicts with existing manual implementations.
  • [#​2940]: fix: Decode and Encode derives (#​1031) [[@​benluelo]]
    • Changes lifetime obligations for field types.
  • [#​3064]: Sqlite explain graph [[@​tyrelr]]
    • Potentially breaking: nullability inference changes for SQLite.
  • [#​3123]: Reorder attrs in sqlx::test macro [[@​bobozaur]]
    • Potentially breaking: attributes on #[sqlx::test] usages are applied in the correct order now.
  • [#​3126]: Make Encode return a result [[@​FSMaxB]]
  • [#​3130]: Add version information for failed cli migration (#​3129) [[@​FlakM]]
    • Breaking changes to MigrateError.
  • [#​3181]: feat: no tx migration [[@​cleverjam]]
    • (Postgres only) migrations that should not run in a transaction can be flagged by adding -- no-transaction to the beginning.
    • Breaking change: added field to Migration
  • [#​3184]: [BREAKING} fix(sqlite): always use i64 as intermediate when decoding [[@​abonander]]
    • integer decoding will now loudly error on overflow instead of silently truncating.
    • some usages of the query!() macros might change an i32 to an i64.
  • [#​3252]: fix #[derive(sqlx::Type)] in Postgres [[@​abonander]]
    • Manual implementations of PgHasArrayType for enums will conflict with the generated one. Delete the manual impl or add #[sqlx(no_pg_array)] where conflicts occur.
    • Type equality for PgTypeInfo is now schema-aware.
  • [#​3329]: fix: correct handling of arrays of custom types in Postgres [[@​abonander]]
    • Potential breaking change: PgTypeInfo::with_name() infers types that start with _ to be arrays of the un-prefixed type. Wrap type names in quotes to bypass this behavior.
  • [#​3356]: breaking: fix name collision in FromRow, return Error::ColumnDecode for TryFrom errors [[@​abonander]]
    • Breaking behavior change: errors with #[sqlx(try_from = "T")] now return Error::ColumnDecode instead of Error::ColumnNotFound.
    • Breaking because #[sqlx(default)] on an individual field or the struct itself would have previously suppressed the error.
      This doesn't seem like good behavior as it could result in some potentially very difficult bugs.
      • Instead, create a wrapper implementing From and apply the default explicitly.
  • [#​3337]: allow rename with rename_all (close #​2896) [[@​DirectorX]]
    • Changes the precedence of #[sqlx(rename)] and #[sqlx(rename_all)] to match the expected behavior (rename wins).
  • [#​3285]: fix: use correct names for sslmode options [[@​lily-mosquitoes]]
    • Changes the output of ConnectOptions::to_url_lossy() to match what parsing expects.
Added
Changed
Fixed

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@geofmureithi geofmureithi changed the base branch from master to chore/v0.6.0 August 28, 2024 14:25
@renovate Renovate
Copy link
Contributor Author

renovate bot commented Aug 28, 2024

Edited/Blocked Notification

Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR.

You can manually request rebase by checking the rebase/retry box above.

⚠️ Warning: custom changes will be lost.

@geofmureithi geofmureithi merged commit 6b85ac4 into chore/v0.6.0 Sep 2, 2024
4 of 5 checks passed
@zakstucke zakstucke mentioned this pull request Nov 5, 2024
Closed
geofmureithi added a commit that referenced this pull request Nov 28, 2024
@geofmureithi @renovate
@jayvdb @mlafeldt @zakstucke
[bump] introduce new version: 0.6 (#459)
6d6ed27 
* fix: improve external api for redis

* fix: improve exports for redis

* fix: expose redis codec

* Feature: v0.6.0-alpha.0 version of apalis

Breaking Changes:
- Dropped traits Job and Message, please use namespace

* fix: minor fixes on some failures

* lint: cargo fmt

* fix: remove Job impl

* lint: cargo fmt

* bench: improve polling

* fix: introduce namespace and codec config (#339)

* fix: introduce namespace and codec config

* fix: missing apis

* Version: 0.6.0-alpha.1 (#342)

* api: for redis and sqlite

* Version: 0.6.0-alpha.1

Changelog:
- Redis storage doesnt require pool to be clone. Allows use of deadpool-redis among others.
- Namespace is picked by default for `new` methods.

* fix: docs and tests

* lint: cargo clippy and fmt

* postgres: add a listener example

* bump: to v0.6.0-alpha.1 (#343)

* api: for redis and sqlite

* Version: 0.6.0-alpha.1

Changelog:
- Redis storage doesnt require pool to be clone. Allows use of deadpool-redis among others.
- Namespace is picked by default for `new` methods.

* fix: docs and tests

* lint: cargo clippy and fmt

* postgres: add a listener example

* bump: to v0.6.0-alpha.1

* fix: allow cd for prereleases (#349)

* Remove `Clone` constraints and buffer the service (#348)

* feat: remove the `Clone` requirements for services

* test save

* fix: get buffered layer working

* update: remove clone & update api

* fix: tests and api

* lint: clippy fixes

* lint: cargo fmt

* bump: to 0.6.0-rc.1 (#350)

* feat: add rsmq example (#353)

* Fix: load layer from poller (#354)

* fix: backend layers were not loaded

* fix: handle clone

* Fix: mq example (#355)

* fix: mq ack

* lint: fmt

* fix: handle unwraps in storages (#356)

* fix: handle unwraps in storages

* fix: ensure no unwrap

* fix: better apalis deps allowing tree shaking for backends (#357)

* fix: better apalis deps allowing tree shaking for backends

* fix: remove backend features in the root crate

* standardize backend for storage and mq (#358)

* fix: standardize backend for storage and mq

* fix: minor fixes

* feat: standardize cron as backend (#359)

* fix: remove non-working restapi example (#360)

* fix: expose the missing apis (#361)

* bump: to new version (#362)

* Make Config accessible publicly (#364)

* fix: add missing exposed config

* fix: add getters

* fix: die if retries is zero (#365)

* Feature: Add a layer that catches panics (#366)

* Feature: Add a layer that catches panics

This allows preventing job execution from killing workers and returns an error containing the backtrace

* fix: backtrace as it may be different

* add: example for catch-panic

* fix: make  not default

* Feature: Save results for storages (#369)

* Feature: Save results for storages

Currently just the status is stored, this PR adds the ability to save the result

* fix: result from storage

* fix: kill and abort issue

* Bump: to 0.6.0-rc.3 (#370)

* fix: serde for sql request (#371)

* fix: serde for sql request

* fix: serde for attempts

* lint: fmt

* fix: handle attempts in storages (#373)

* fix: handle attempts in storages

* fix: chrono serialization

* fix: tests failing because of tests

* add: test utils that allow backend polling during tests (#374)

* add: test utils that allow backend polling during tests

* fix: introduce testwrapper and add more tests

* fix: add sample for testing

* fix: more fixes and actions fixes

* fix: more fixes on vacuuming

* tests: improve cleanup and generic testing

* fix: improve testing and fix some found bugs

* fix: postgres query and remove incompatible tests

* fix: remove redis incompatible check

* fix: minor fixes

* fix: postgres json elements

* bump: to 0.6.0-rc.4 (#377)

* fix: handle 0 retries (#378)

* fix: ack api to allow backend to handle differently (#383)

* fix: ack api to allow backend to handle differently

* fix: related to storage tests

* fix: calculate status for postgres

* fix(deps): update rust crate sqlx to 0.8.0 (#380)

* chore: fix typos (#346)

* chore: Add repository to metadata (#345)

* fix(deps): update rust crate sqlx to 0.8.0

* fix: sqlite example

---------

Co-authored-by: John Vandenberg <jayvdb@gmail.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: geofmureithi <mureithinjuguna@gmail.com>
Co-authored-by: Geoffrey Mureithi <95377562+geofmureithi@users.noreply.github.com>

* bump: to v0.6.0-rc.5 (#385)

* chore: standardize codec usage (#388)

* bump: to v0.6.0-rc.5

* fix: standardize codec usage

* lint: cargo fmt

* Chore/more examples (#389)

* add: catch-panic example

* add: graceful shutdown example

* add: unmonitored example

* add: arguments example

* fix: minor updates

* fix: sql tests

* fix: minor updates

* fix: improve on benches (#379)

* fix: improve on benches

* fix: bench trigger

* fix: include tokio for sqlx

* fix: improve the benching approach

* fix: mysql api

* fix: redis api

* fix: improve bench approach, remove counter

* remove: setup

* remove: pg

* fix: pg

* fix: pg

* fix(deps): update rust crate sqlx to 0.8.1 [security] (#400)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Geoffrey Mureithi <95377562+geofmureithi@users.noreply.github.com>

* fix: add some missing data required for dependency injection (#409)

* fix: add some missing data required for dependency injection

* lint: clippy and fmt

* remove: benchmarks (#410)

They will be moved to https://github.com/geofmureithi/apalis-benchmarks

* bump: to 0.6.0-rc.6 (#412)

* Update async-std to 1.13 (#413)

* Feature: Introducing Request Context (#416)

* wip: introduce context to request

* fix: get request context working

* lint: cargo fmt

* fix: get tests compiling

* add: push_request and shedule_request

* fix: task_id for Testwrapper

* fix: minor checks and fixes on postgres tests

* fix: bug on postgres fetch_next

* bump: to 0.6.0-rc.7 (#418)

* fix: apply `FromRequest` for items in `Parts` (#425)

Problem: We are missing crucial `FromRequest` impls for:
- TaskId
- Attempt
- Namespace

Also removed `Context<E>`

Solution: Implement `FromRequest` for these Types.

* fix:[bug] include backend provided layer in service layers. (#426)

* fix:[bug] include backend provided layer in service layers.

Problem:
The current worker logic is missing an implementation where the backend provided layer should be added to the service's layer.
This is a critical issue that affects all v0.6.0-rc-7 users and they should update as soon as a new release is done.

Solution:
- Add backend layers to service's layer.
- Add worker_consume tests on the storages to prevent regression on this.

* chore: comment an enforcement rule not yet followed by redis

* chore: bump to 0.6.0-rc.8 (#430)

* fix: apply max_attempts set via SqlContext (#447)

So that a custom number of attempts can be configured:

  let mut ctx = SqlContext::new();
  ctx.set_max_attempts(2);
  let req = Request::new_with_ctx(job, ctx);
  storage.push_request(req).await.unwrap();

While the default is still to try up to 25 times:

  storage.push(job).await.unwrap();

* Bump redis (#442)

* feat: re-export sqlx (#451)

Making sqlx accessible to users of apalis without requiring them to
explicitly add it as a dependency.

* feat: Improve Worker management and drop Executor  (#428)

* feat: introducing WorkerBuilderExt which makes the work of building a new worker way easier.

* improve: worker api almost there

* fix: radical improvements and updates. Removed executor and got graceful shutdown working

* chore: deprecate register with count and force builder order

* chore: more improvements on the worker

* fix: allow DI for Worker

* add: get the task count by a worker

* lint: fmt and clippy

* fix: allow worker stopping

* Chore/better api (#452)

* fix: relax the api provided for sqlx req

* lint: clippy and fmt

* feat: add recovery of abandoned jobs to backend heartbeats (#453)

* feat: add recovery of abandoned jobs to backend heartbeats

* lint: fmt

* fix: attempt to get tests passing

* fix: attempt to get tests passing

* fix: minor fix typo

* fix: minor different solutions

* fix: better handle attempts

* handle postgres edge case

* fix: better handling

* feat: allow backends to emit errors (#454)

* feat: allow backends to emit errors

* lint: fmt

* fix: pass in a reference to prevent mutation

* Feat: Introduce simple ability to pipe cron jobs to any backend (#455)

* Feat: Introduce simple ability to pipe cron jobs to any backend

This feature allows you to quickly persist cron jobs guaranteeing they will be run and can be distributed

* lint: cargo fmt

* chore/dev-branch

* feat: return of exposing backends to help in building apis (#457) (#458)

* fmt: Cargo.toml

* fix: removed features

* fix: run only specific tests

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: John Vandenberg <jayvdb@gmail.com>
Co-authored-by: Mathias Lafeldt <mathias.lafeldt@gmail.com>
Co-authored-by: zakstucke <44890343+zakstucke@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@geofmureithi