mirror of
https://github.com/we-promise/sure.git
synced 2026-07-11 20:35:17 +00:00
* fix(backfill): stop backfill_encryption double-encoding json/jsonb columns security:backfill_encryption's plaintext fallback reads jsonb columns via read_attribute_before_type_cast, which returns the JSON text; assigning that String to the encrypted setter encrypts the text itself, so the column thereafter decrypts to a String instead of the original Array/Hash. Parse the raw value for json/jsonb columns before handing it to the encryptor. Adds a regression test that fails on main. Fixes #2611 * fix(backfill): gate backfill on nil-ness so empty values get encrypted Addresses the Codex review comment on #2615: empty values ({}, [], \"\") are plaintext that needs encrypting, but the present? gates skipped them, leaving data the encrypted getters raise on once keys are live. Several payload columns default to {}. Also applies the same nil-gate to backfill_sessions user_agent (same idiom; precautionary). Regression test added. * docs(security): scope note - backfill doesn't fix any existing double-encoding Per review: rows corrupted by the pre-fix task decrypt successfully to a String, so this task cannot distinguish them from legitimately stored strings; auto-repair would risk mangling valid data for a bounded, shrinking cohort. Document the limitation and point affected operators at the manual recovery script in #2611. Also adopt column.type over sql_type substring matching (review nitpick); behaviour unchanged.