passing a Buffer to waterline-sequel generates an incorrect query

[kevinburkeshyp]

Same issue text as #61, which was closed. Steps to reproduce:

• Create a column with type BYTEA in Postgres, say, passwordHash
• You can't set it to type: 'bytea'in Waterline; it fails anchor validation in Waterline. Instead you have to use type: 'binary'
• You can't pass strings as the value, even 'binary' encoded ones. it fails anchor validation with the cryptic string '[object Object]'
• Anyway you finally manage to write data by passing a Buffer as the column value - {passwordHash: new Buffer('foo bar') }. The data looks like it got written properly!
• you try to retrieve that data using Users.find({passwordHash: new Buffer('foo bar')});
• Waterline-sequel (specifically, a call to _.cloneDeep) transforms this Buffer into a dictionary with many keys. I've reproduced this behavior in a gist here: https://gist.github.com/kevinburkeshyp/c45a344a15e040ec6f0e

Sorry I don't have time to find out exactly what's breaking - decided to bail on this and just use base64 and text instead.

[sailsbot]

Thanks for posting, @kevinburkeshyp. I'm a repo bot-- nice to meet you!

It has been 30 days since there have been any updates or new comments on this page. If this issue has been resolved, feel free to disregard the rest of this message. On the other hand, if you are still waiting on a patch, please:

• review our contribution guide to make sure this submission meets our criteria (only verified bugs with documented features, please; no questions, commentary, or bug reports about undocumented features or unofficial plugins)
• create a new issue with the latest information, including updated version details with error messages, failing tests, and a link back to the original issue. This allows GitHub to automatically create a back-reference for future visitors arriving from search engines.

Thanks so much for your help!

[devinivy]

Active bug.

[tjwebb]

@kevinburkeshyp related to https://github.com/balderdashy/sails-postgresql/issues/194? a dupe?

[kevinburkeshyp]

Hey I haven't done a full investigation but I believe the issue is more likely to be here than there. Although any place that calls cloneDeep on input will be vulnerable so it might be this repo and that one.

-kevin

On Oct 24, 2015, at 19:55, Travis Webb [email protected] wrote:

@kevinburkeshyp related to balderdashy/sails-postgresql#194? a dupe?

—
Reply to this email directly or view it on GitHub.

[tjwebb]

Any help in eradicating cloneDeep is appreciated. It'll be a couple weeks before I'll be able to dig into this.