Skip to content

ignore the new restrict/unrestric postgresql command #325

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: development
Choose a base branch
from
Open

ignore the new restrict/unrestric postgresql command #325

wants to merge 1 commit into from

Conversation

@rbngzlv
Copy link
Contributor

@rbngzlv rbngzlv commented Aug 28, 2025

This patch updates Apartment's PostgresqlSchemaAdapter to ignore the new \restrict and \unrestrict meta-commands introduced in pg_dump as part of the fix for [CVE-2025-8714](https://www.postgresql.org/support/security/CVE-2025-8714/).

These meta-commands are specific to the psql client (https://www.postgresql.org/docs/current/app-psql.html#APP-PSQL-META-COMMANDS). Since Apartment restores schema SQL directly via ActiveRecord (not through psql), any psql-specific meta-commands present in the dump would result in errors like:

ERROR: syntax error at or near "\" at character XX

An example of this error can be seen in the project's test suite:
image

I was not entirely comfortable with that approach and proposed switching to psql to load the SQL generated by pg_dump (thus avoiding the need to explicitly filter out this meta-commands) in PR #324. But proved incompatible with transactional schema creation.

I'd like confirmation from other reviewers that ignoring this is safe within the context of Apartment by my understanding that any meta-command present in the dump would manifest as the described error.

Fixes #322

@rbngzlv
ignore the new restrict/unrestric postgresql command
4afaf70 
This patch updates Apartment's `PostgresqlSchemaAdapter` to ignore the new `\restrict` and `\unrestrict` meta-commands issued in pg_dump as part of the fix for CVE-2025-8714 (see: https://www.postgresql.org/support/security/CVE-2025-8714/).

These meta-commands are specific to the `psql` client (https://www.postgresql.org/docs/current/app-psql.html#APP-PSQL-META-COMMANDS).

Becuase Apartment executes schema SQL restores directly through ActiveRecord, any `psql`-specific meta-commands will cause errors, such as:
`ERROR: syntax error at or near "\" at character XX`.

By ignoring these meta-commands, this patch ensures compatibility when loading database dumps generated by versions of `pg_dump` that include them.
@codecov
Copy link

codecov bot commented Aug 28, 2025
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 74.88%. Comparing base (755a9a9) to head (4afaf70).

Additional details and impacted files 
@@               Coverage Diff               @@
##           development     #325      +/-   ##
===============================================
- Coverage        75.11%   74.88%   -0.23%     
===============================================
  Files               35       35              
  Lines              892      892              
===============================================
- Hits               670      668       -2     
- Misses             222      224       +2

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@rbngzlv rbngzlv mentioned this pull request Aug 28, 2025
Closed
@mpetrowi
Copy link

mpetrowi commented Aug 29, 2025

I think this is safe. All '\restrict' does is stop psql from processing meta commands, but none of those will be processed by postgres anyways.

@mnovelo
Copy link
Collaborator

mnovelo commented Sep 22, 2025
edited
Loading

Just got back from sabbatical; I'll have to think about this a bit more. In particular whether this needs to be fixed for the current v3 (seems like it does) and whether it'll even be valid for v4

@github-actions
Copy link

github-actions bot commented Oct 23, 2025

This pull request has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs.

@github-actions github-actions bot added the stale label Oct 23, 2025
@rbngzlv
Copy link
Contributor Author

rbngzlv commented Oct 23, 2025

Remove the stale label, @mnovelo is thinking about this.

@mnovelo mnovelo removed the stale label Oct 23, 2025
@jrramon
Copy link

jrramon commented Oct 25, 2025

I implemented it directly in my app because Heroku must have changed pg version without warning and it was failing :(
It works! :) I saw Rails is using same approach at rails/rails#55510
Thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Postgresql 17.6 adds \restrict and \unrestrict statements to dump that need to be blacklisted

4 participants

@rbngzlv @mpetrowi @mnovelo @jrramon