Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

PostgreSQL: transaction() doesn't guarantee use of a database transaction #7068

Open
alxndrsn opened this issue Nov 11, 2020 · 6 comments · May be fixed by balderdashy/sails-hook-orm#22
Open
Labels
what do you think? Community feedback requested

Comments

@alxndrsn
Copy link

Node version: 14.15.0
Sails version (sails): 1.4.0
ORM hook version (sails-hook-orm): 2.1.1
DB adapter & version (e.g. [email protected]): [email protected]


Observed

Calling datastore.transaction(during) when using the sails-postgresql adapter for Waterline doesn't guarantee that during will be run inside a database transaction.

If there is no transaction-specific code in the executed SQL, the during code will complete without error, so the user may not be aware that their query or queries were not transactional.

Steps to recreate

Example project: https://github.com/alxndrsn/sailsjs-postgres-transactions-maybe


Maybe related to #7017.

@sailsbot
Copy link

@alxndrsn Thanks for posting! We'll take a look as soon as possible.

In the mean time, there are a few ways you can help speed things along:

  • look for a workaround. (Even if it's just temporary, sharing your solution can save someone else a lot of time and effort.)
  • tell us why this issue is important to you and your team. What are you trying to accomplish? (Submissions with a little bit of human context tend to be easier to understand and faster to resolve.)
  • make sure you've provided clear instructions on how to reproduce the bug from a clean install.
  • double-check that you've provided all of the requested version and dependency information. (Some of this info might seem irrelevant at first, like which database adapter you're using, but we ask that you include it anyway. Oftentimes an issue is caused by a confluence of unexpected factors, and it can save everybody a ton of time to know all the details up front.)
  • read the code of conduct.
  • if appropriate, ask your business to sponsor your issue. (Open source is our passion, and our core maintainers volunteer many of their nights and weekends working on Sails. But you only get so many nights and weekends in life, and stuff gets done a lot faster when you can work on it during normal daylight hours.)
  • let us know if you are using a 3rd party plugin; whether that's a database adapter, a non-standard view engine, or any other dependency maintained by someone other than our core team. (Besides the name of the 3rd party package, it helps to include the exact version you're using. If you're unsure, check out this list of all the core packages we maintain.)

Please remember: never post in a public forum if you believe you've found a genuine security vulnerability. Instead, disclose it responsibly.

For help with questions about Sails, click here.

@alxndrsn
Copy link
Author

I've opened a PR to fix this at balderdashy/sails-hook-orm#22, but there are other instances of the same/similar technique in:

This suggests there might be surprising behaviour in other places than just datastore.transaction().

I'd be happy to provide PRs for some of these other packages if balderdashy/sails-hook-orm#22 is accepted.

@eashaw
Copy link
Member

eashaw commented Nov 18, 2020

Hi @alxndrsn, the code in the files you link is to determine whether or not a function is async. Due to the ad hoc way Sails sniffs async functions and function arguments, it doesn't support certain shorthand for passing in functions.
Would you mind explaining how these files relate to this issue, and are you running into issues with this when you use documented syntax?

@alxndrsn
Copy link
Author

it doesn't support certain shorthand for passing in functions

@eashaw 👍 that's the cause of the reported bug, which is fixed in my PR

@alxndrsn
Copy link
Author

alxndrsn commented Dec 7, 2020

Hi @eashaw, just revisiting this.

Given the expectations around transactional guarantees when working with databases, I think it's dangerously misleading that during may be silently executed outside a database transaction.

It would be great if either a fix can be applied, or the documentation can be updated to warn about this possibility.

I suspect the sails-mysql adapter is also affected by this, although I haven't had a chance to test this yet.

@eashaw eashaw added the what do you think? Community feedback requested label Jan 27, 2021
@alxndrsn
Copy link
Author

Related: brianc/node-postgres#2561

@sailsbot sailsbot removed the what do you think? Community feedback requested label Jun 28, 2021
@eashaw eashaw added the what do you think? Community feedback requested label Jun 29, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
what do you think? Community feedback requested
Development

Successfully merging a pull request may close this issue.

3 participants