Skip to content

Task/key name safe replacement #436

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
chwagssd merged 4 commits into from
Dec 30, 2025
Merged

Task/key name safe replacement #436

chwagssd merged 4 commits into from
Dec 30, 2025

Conversation

@chwagssd
Copy link
Collaborator

@chwagssd chwagssd commented Dec 29, 2025
edited
Loading

  • change #some-key and :some-key to take into account a string that is not allowed to be used in ExpresssionAttributeNames
    • before, this would throw an error during the DB update updateExpression({'some-key': true})
    • even though 'some-key' is valid as an attribute for a db row in dynamodb, just not as an alias
  • updated all of the paths inside of updateExpression() so that consistently makes the key name safe before using it as an alias, not just using it as-is
  • actual key is untouched and still used in the write as the attribute
//before
updateExpression({'some-var': 'some value'});
/* this would actually cause an error when executing the update because of the hyphens in #some-var and :some-var
{
            
            ExpressionAttributeNames: {
              '#some-var': 'some-var'
            },
            ExpressionAttributeValues: {
              ':some-var': 'some value'
            },
            UpdateExpression:
              'SET #some-var = :some-var',
            ReturnValues: 'ALL_NEW',
          }
*/

//after
updateExpression({'some-var': 'some value'});
/*
{
            
            ExpressionAttributeNames: {
              '#some_x2d_var': 'some-var'
            },
            ExpressionAttributeValues: {
              ':some_x2d_var': 'some value'
            },
            UpdateExpression:
              'SET #some_x2d_var = :some_x2d_var',
            ReturnValues: 'ALL_NEW',
          }
*/

Chad Wagner added 2 commits December 24, 2025 17:02
feat: prevent unsafe aliases in DynamoDB sink
692107c 
- change `:key` and `:key` to take into account a string that is not allowed to be used in ExpresssionAttributeNames
    - before, this would throw an error during the DB update `updateExpression({'a|b': true})`
    - even though 'a|b' is valid as an attribute for a db row in dynamodb, just not as an alias
- updated all of the paths inside of updateExpression() so that consistently makes the key name safe before using it as an alias, not just using it as-is
- actual key is untouched and still used in the write as the attribute
simplify alias regex and rename var for clarity ("keyNameSafe" -> "al…
279eee5 
…ias")
Prevent collisions from silently mapping to same alias
a00b29c 
- instead of using char+ -> _
- use char -> `_x${char.charCodeAt(0).toString(16)}_` (basically char code surrouned by underscores)
chwagssd
chwagssd commented Dec 29, 2025
View reviewed changes
chwagssd
chwagssd commented Dec 29, 2025
View reviewed changes
jgilbert01
jgilbert01 reviewed Dec 30, 2025
View reviewed changes
@chwagssd chwagssd merged commit a3eade1 into master Dec 30, 2025
3 checks passed
@chwagssd chwagssd deleted the task/key-name-safe-replacement branch December 30, 2025 16:25
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jgilbert01 jgilbert01 jgilbert01 approved these changes

@petermyers petermyers petermyers approved these changes

@codyjmoody codyjmoody codyjmoody approved these changes

@ja-stevenson ja-stevenson Awaiting requested review from ja-stevenson

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@chwagssd @jgilbert01 @petermyers @codyjmoody