Files
sure/test/lib/tasks
Stephen Jolly 27aa222ed3 Stop backfill_encryption double-encoding json/jsonb columns (#2615)
* fix(backfill): stop backfill_encryption double-encoding json/jsonb columns

security:backfill_encryption's plaintext fallback reads jsonb columns via
read_attribute_before_type_cast, which returns the JSON text; assigning
that String to the encrypted setter encrypts the text itself, so the
column thereafter decrypts to a String instead of the original
Array/Hash. Parse the raw value for json/jsonb columns before handing it
to the encryptor. Adds a regression test that fails on main.

Fixes #2611

* fix(backfill): gate backfill on nil-ness so empty values get encrypted

Addresses the Codex review comment on #2615: empty values ({}, [], \"\")
are plaintext that needs encrypting, but the present? gates skipped them,
leaving data the encrypted getters raise on once keys are live. Several
payload columns default to {}. Also applies the same nil-gate to
backfill_sessions user_agent (same idiom; precautionary). Regression
test added.

* docs(security): scope note - backfill doesn't fix any existing double-encoding

Per review: rows corrupted by the pre-fix task decrypt successfully to a
String, so this task cannot distinguish them from legitimately stored
strings; auto-repair would risk mangling valid data for a bounded, shrinking
cohort. Document the limitation and point affected operators at the manual
recovery script in #2611. Also adopt column.type over sql_type substring
matching (review nitpick); behaviour unchanged.
2026-07-08 08:05:49 +02:00
..