Update to sqlx 0.9#1992
Merged
Merged
Conversation
Highlights:
- sqlx no longer allows non-static `String`s to be used in queries, due
to the possibility of injection attacks. `&'static str` is ok, but any
String we want to pass to a query needs to be adorned in
sqlx::AssertSqlSafe(s) to assert that it is not vulnerable to
injection. I tried to use &'static str wherever it was reasonable
(there were plenty of cases of simple concatenation that could be
moved to the concat!() macro), in other cases I switched to using a
QueryBuilder (which returns a SqlString, which is marked as safe), and
where it was less feasible I added AssertSqlSafe.
- Change from passing the machine validation context as a String to
passing it as a strongly-typed enum, so that we can be sure of its
provenance, that it didn't come from user input.
- sqlx now generates the PgHasArrayType impl when using
`#[derive(sqlx::Type)]`, so there are a couple of manual sqlx::Type
impls we can now derive automatically.
- Modify db::machine_validation and db::machine_validation_result's
find_by methods to use ObjectColumnFilter instead of ObjectFilter,
which gives us the query building for free. This was because I was
hitting an issue using .push_bind() to pass a String to the query,
since the actual columns are a UUID, and binding a string to the
parameter fails. The old code was raw string-interpolating via
`format!("WHERE id = '{}'")`, which avoids binding altogether but is a
huge injection risk, so do it the "right" way via ObjectColumnFilter
(which allows strongly-typed ID types, as well as not requring callers
to pass the correct column name, which is also an injection risk.)
poroh
approved these changes
May 28, 2026
Contributor
poroh
left a comment
poroh
left a comment
There was a problem hiding this comment.
It would be better if this PR was split to simpler uniform parts.
The new sqlx version depends on a "whoami" crate to determine the default username if none is provided, but with default_features = false, which falls back on a stub backend that defaults to a username of "anonymous", causing failed database authentication. Change the CI database url to be explicit about the username (root) and database name (also root) to make tests pass.
chet
approved these changes
Jun 2, 2026
ajf
approved these changes
Jun 2, 2026
ajf
approved these changes
Jun 2, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
Update the sqlx crate to 0.9.
Highlights:
sqlx no longer allows non-static
Strings to be used in queries, due to the possibility of injection attacks.&'static stris ok, but any String we want to pass to a query needs to be adorned in sqlx::AssertSqlSafe(s) to assert that it is not vulnerable to injection. I tried to use &'static str wherever it was reasonable (there were plenty of cases of simple concatenation that could be moved to the concat!() macro), in other cases I switched to using a QueryBuilder (which returns a SqlString, which is marked as safe), and where it was less feasible I added AssertSqlSafe.Change from passing the machine validation context as a String to passing it as a strongly-typed enum, so that we can be sure of its provenance, that it didn't come from user input.
sqlx now generates the PgHasArrayType impl when using
#[derive(sqlx::Type)], so there are a couple of manual sqlx::Type impls we can now derive automatically.Modify db::machine_validation and db::machine_validation_result's find_by methods to use ObjectColumnFilter instead of ObjectFilter, which gives us the query building for free. This was because I was hitting an issue using .push_bind() to pass a String to the query, since the actual columns are a UUID, and binding a string to the parameter fails. The old code was raw string-interpolating via
format!("WHERE id = '{}'"), which avoids binding altogether but is a huge injection risk, so do it the "right" way via ObjectColumnFilter (which allows strongly-typed ID types, as well as not requring callers to pass the correct column name, which is also an injection risk.)Type of Change
Breaking Changes
Testing
Additional Notes