fix(dev-env): avoid false use matches in SQL imports#2863
Merged
sjinks merged 1 commit intoJun 3, 2026
Merged
Conversation
## Purpose and Context Dev-env SQL validation could treat UTF-8 line-separator bytes inside SQL data as a JavaScript line break. When the following text began with `Use `, the existing `USE` statement check reported a false positive for an exported dump that did not contain a real database selection statement. Refs PLTFRM-2430. ## Key Changes - Read validation input with binary line decoding so U+2028 bytes inside SQL values do not create synthetic validation lines. - Wait for the read interface to close before running SQL post-validation summaries. - Add a regression test covering raw `E2 80 A8` bytes followed by `Use Cases` inside an INSERT value. ## Impact and Considerations Real standalone `USE ...` statements remain rejected by the dev-env SQL validation checks. The change keeps validation local to the existing reader and SQL validation paths. ## Testing and Validation Added SQL validation regression coverage for the U+2028 false-positive case and preserved the existing standalone `USE` rejection coverage. Ran `npm run jest -- --runTestsByPath __tests__/lib/validations/sql.js`. Pre-commit evidence already completed: - Targeted Jest passed fresh: 1 suite, 17 tests. - adversary-agent verdict CLEAN, no findings. - contextual review no issues. - independent review no confirmed bugs; integrator reconciled non-blocking partial-status due separate staged-diff evidence.
Contributor
Dependency Review✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.Scanned FilesNone |
|
Contributor
There was a problem hiding this comment.
Pull request overview
Fixes a false‑positive in dev‑env SQL import validation where UTF‑8 bytes for U+2028 (E2 80 A8) inside string data were decoded by Node's readline as line separators, causing the next characters (e.g. Use Cases…) to be treated as a new line that triggered the ^USE check. The fix switches the shared line reader to FileHandle.readLines({ encoding: 'binary' }), so only \n/\r\n split lines and the embedded U+2028 bytes remain inside the value. It also simplifies the close‑awaiting with once(readInterface, 'close').
Changes:
- Replace
createReadStream+readline.createInterfacewithFileHandle.readLines({ encoding: 'binary' })ingetReadInterface. - Use
await once(readInterface, 'close')in bothfileLineValidationsandvalidateinstead of the manual promise+close pattern. - Add a regression test that writes raw
E2 80 A8bytes inside an INSERT value followed byUse Casesand asserts noUSE <DATABASE_NAME>error.
Reviewed changes
Copilot reviewed 3 out of 3 changed files in this pull request and generated no comments.
| File | Description |
|---|---|
| src/lib/validations/line-by-line.ts | Switches reader to binary readLines() so U+2028/U+2029 bytes are not treated as line breaks; uses once() for close. |
| src/lib/validations/sql.ts | Uses once(readInterface, 'close') to await stream completion. |
| tests/lib/validations/sql.js | Adds regression test verifying dev‑env validation does not flag text following raw U+2028 bytes as a USE statement. |
rebeccahum
approved these changes
Jun 3, 2026
sjinks
deleted the
pltfrm-2430-potential-false-positive-string-match-during-dev-env-sql
branch
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
Fixes a false positive in dev-env SQL validation where UTF-8 bytes for U+2028 inside SQL data could be decoded as line separators. When the following string content started with
Use, the existingUSEstatement check saw a synthetic line and rejected the import.The validator now reads SQL input with binary line decoding and waits for the reader close event before post-validation summaries. Related: PLTFRM-2430.
Changelog Description
Fixed
Pull request checklist
New release checklist
Steps to Test
npm run jest -- --runTestsByPath __tests__/lib/validations/sql.js.E2 80 A8bytes followed byUse Casesinside an INSERT value.