fix(sea): input validation — empty-string metadata coercion + bind-time param guards#405
Open
msrathore-db wants to merge 1 commit into
Open
Conversation
…me param guards Three SEA-adapter input-validation fixes from the jira-candidate triage, all in the node layer (no kernel change), all parity-preserving vs the Thrift backend: - Metadata empty-string args (jira #2026-05-22-sea-rejects-empty-string-args): the kernel's Identifier/LikePattern reject "" with InvalidArgument while Thrift treats "" as "unspecified" (match-all/default). getSchemas/getTables/ getColumns/getFunctions now coerce "" -> undefined before the napi call (emptyToUndefined), restoring Thrift parity. Live: getSchemas(catalog="") now returns rows instead of throwing ParameterError. - Array/object param values (jira #2026-05-25-thrift-array-ordinal-hangs): an array bound as a parameter stringified to "1,2,3" and the operation never returned to FINISHED (DoS). Reject array/object values at bind time (assertBindableValue) on both positional and named paths; Date/Int64/ scalars/DBSQLParameter are allowed. - Ordinal arity (jira #2026-05-25-thrift-ordinal-excess-silent): excess ordinal params were silently dropped server-side (data-correctness footgun). Validate positionalParams.length === '?' marker count, with a quote/comment- aware scanner mirroring the kernel's count_parameter_markers. 214 sea unit tests pass; all three fixes verified live against a warehouse. Co-authored-by: Isaac Signed-off-by: Madhavendra Rathore <madhavendra.rathore@databricks.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Three SEA-adapter input-validation fixes from the jira-candidate triage. All node-layer, no kernel change, each restores parity with the Thrift backend. Stacked on #403 (where the touched files live).
1. Empty-string metadata args → coerced (parity)
(jira:
2026-05-22-sea-rejects-empty-string-args) — the kernel'sIdentifier/LikePatternreject""withInvalidArgument, while Thrift treats""as "unspecified" (match-all / session default). This diverged ~1400 metadata cases in the comparator.getSchemas/getTables/getColumns/getFunctionsnowemptyToUndefined("")before the napi call.Live:
getSchemas({catalogName: ''})→ returns rows (previouslyParameterError).2. Array/object param values → rejected at bind time (DoS guard)
(jira:
2026-05-25-thrift-array-ordinal-hangs) — an array bound as a parameter stringified to"1,2,3"; the server couldn't coerce it and the operation never returned to FINISHED (a denial-of-service hazard).assertBindableValuenow rejects array/object values up front on both positional and named paths; scalars,Date,Int64, andDBSQLParameterare allowed.Live: array ordinal →
ParameterError, no hang.3. Ordinal arity check (data-correctness)
(jira:
2026-05-25-thrift-ordinal-excess-silent) — excess ordinal params were silently dropped server-side (SELECT ? AS onlywith[1,2]returned{only:1}, second param lost). NowpositionalParams.lengthmust equal the?marker count, via a quote/comment-aware scanner (countParameterMarkers) mirroring the kernel'scount_parameter_markers(so markers inside string literals / comments aren't counted).Live: count mismatch →
ParameterError.New module
lib/sea/SeaInputValidation.ts—emptyToUndefined,countParameterMarkers,assertBindableValue.Tests
214 sea unit tests pass. New
inputValidation.test.ts(marker scanning incl. quotes/comments/escapes, bindable-value matrix) + behavior tests inexecution.test.ts(empty-string coercion, array rejection, arity mismatch). All three verified live against a warehouse.Triage note
Two other HIGH jira-candidates were validated as not real this pass and should be closed:
2026-05-20-create-schema-throws-on-sea(actuallyPERMISSION_DENIEDon the test catalog — DDL/DML are identical on a permissioned warehouse) and2026-05-22-list-tables-sigsegv(was the comparator's own JS stack-overflow, fixed in driver-test #420 — the kernel ran 5000+ list_tables cases clean).This pull request and its description were written by Isaac.