Skip to content

fix: disallow undefined where clause #21062

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
wants to merge 11 commits into
base: main
Choose a base branch
from
Draft

fix: disallow undefined where clause #21062

wants to merge 11 commits into from
+176 −111

Conversation

anikdhabal
Copy link
Contributor

@anikdhabal anikdhabal commented May 1, 2025
edited
Loading

What does this PR do?

Summary by mrge

Disallowed undefined, empty object, and empty array values in Prisma where clauses to prevent invalid queries.

  • Bug Fixes
    • Added validation to throw errors if a where clause is undefined, empty, or contains undefined fields.
    • Updated extension to cover findMany, updateMany, and deleteMany queries.

@anikdhabal anikdhabal requested a review from a team as a code owner May 1, 2025 17:19
@vercel Vercel
Copy link

vercel bot commented May 1, 2025
edited
Loading

The latest updates on your projects. Learn more about Vercel for Git ↗︎

3 Skipped Deployments
Name Status Preview Comments Updated (UTC)
cal ⬜️ Ignored (Inspect) Visit Preview Jun 16, 2025 1:27pm
cal-eu ⬜️ Ignored (Inspect) Jun 16, 2025 1:27pm
calcom-web-canary ⬜️ Ignored (Inspect) Visit Preview Jun 16, 2025 1:27pm

@graphite-app graphite-app bot requested a review from a team May 1, 2025 17:19
@keithwillcode keithwillcode added the core area: core, team members only label May 1, 2025
@graphite-app Graphite App
Copy link

graphite-app bot commented May 1, 2025

Graphite Automations

"Add consumer team as reviewer" took an action on this PR • (05/01/25)

1 reviewer was added to this PR based on Keith Williams's automation.

cubic-dev-ai[bot]
cubic-dev-ai bot reviewed May 1, 2025
View reviewed changes
Copy link
Contributor

@cubic-dev-ai cubic-dev-ai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

mrge found 1 issue across 3 files. View it in mrge.io

anikdhabal
anikdhabal commented May 1, 2025
View reviewed changes
packages/prisma/extensions/disallow-undefined-where-clause.ts Outdated
Comment on lines 45 to 56
$allModels: {
async deleteMany({ args, query }) {
checkUndefinedInValue(args.where);
validateWhereClause(args.where);
return query(args);
},
async updateMany({ args, query }) {
checkUndefinedInValue(args.where);
validateWhereClause(args.where);
return query(args);
},
async findMany({ args, query }) {
validateWhereClause(args.where);
return query(args);
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Currently, we have this guard for these operations. Do we need to add more operations here?

@anikdhabal anikdhabal requested a review from keithwillcode May 1, 2025 17:27
anikdhabal
anikdhabal commented May 2, 2025
View reviewed changes
packages/prisma/extensions/disallow-undefined-where-clause.test.ts
Comment on lines +62 to +91
it("validateWhereClause should throw exception when the where object is undefined", async () => {
const where = undefined;

expect(() => validateWhereClause(where)).toThrowError('The "where" clause cannot be undefined.');
});

it("validateWhereClause should throw exception when the where object is {}", async () => {
const where = {};

expect(() => validateWhereClause(where)).toThrowError('The "where" clause cannot be an empty object {}.');
});

it("validateWhereClause should throw exception when the where object is []", async () => {
const where = [];

expect(() => validateWhereClause(where)).toThrowError('The "where" clause cannot be an empty array [].');
});

it("validateWhereClause should throw exception when the 'in' field of where object is []", async () => {
const where = {
id: {
in: [],
},
};

expect(() => validateWhereClause(where)).toThrowError(
'The "in" value for the field "id" cannot be an empty array [].'
);
});
});
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Added new test

@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented May 2, 2025
edited
Loading

E2E results are ready!

Udit-takkar
Udit-takkar requested changes May 8, 2025
View reviewed changes
Copy link
Contributor

@Udit-takkar Udit-takkar left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

All E2E tests are failing

@github-actions github-actions bot marked this pull request as draft May 8, 2025 11:54
@vercel vercel bot temporarily deployed to Preview – api May 16, 2025 05:07 Inactive
@anikdhabal anikdhabal marked this pull request as ready for review May 16, 2025 05:08
@dosubot dosubot bot added the 🐛 bug Something isn't working label May 16, 2025
cubic-dev-ai[bot]
cubic-dev-ai bot reviewed May 16, 2025
View reviewed changes
Copy link
Contributor

@cubic-dev-ai cubic-dev-ai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

mrge found 2 issues across 4 files. Review them in mrge.io

packages/prisma/extensions/disallow-undefined-where-clause.test.ts
);
});

it("validateWhereClause should throw exception when the where object is undefined", async () => {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Unnecessary async keyword in test function that doesn't use await

packages/prisma/extensions/disallow-undefined-where-clause.ts
@@ -0,0 +1,66 @@
import { Prisma } from "@prisma/client";

export const validateWhereClause = (where: any) => {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Using 'any' type reduces type safety and prevents TypeScript from providing helpful errors

@anikdhabal anikdhabal marked this pull request as draft May 16, 2025 13:30
@github-actions GitHub Actions
Copy link
Contributor

This PR is being marked as stale due to inactivity.

@github-actions github-actions bot added the Stale label May 31, 2025
@github-actions github-actions bot removed the Stale label Jun 17, 2025
@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Jul 1, 2025

This PR is being marked as stale due to inactivity.

@github-actions github-actions bot added the Stale label Jul 1, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cubic-dev-ai cubic-dev-ai[bot] cubic-dev-ai[bot] left review comments

@Udit-takkar Udit-takkar Udit-takkar requested changes

@keithwillcode keithwillcode Awaiting requested review from keithwillcode

Requested changes must be addressed to merge this pull request.

Assignees
No one assigned
Labels
🐛 bug Something isn't working core area: core, team members only ready-for-e2e Stale
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@anikdhabal @Udit-takkar @keithwillcode @hbjORbj