Headline
CVE-2017-20166: Add support for clauses with nil values in `Repo.get_by(!)/2` by tlux · Pull Request #2125 · elixir-ecto/ecto
Ecto 2.2.0 lacks a certain protection mechanism associated with the interaction between is_nil and raise.
Hello Everyone!
I’ve just been trying to use Repo.get_by/2 with a nil value in one of the clauses and encountered the following error:
Repo.get_by(Price, %{organization_id: nil, type: "default"})
** (ArgumentError) nil given for :organization_id. Comparison with nil is forbidden as it is unsafe. Instead write a query with is_nil/1, for example: is_nil(s.organization_id)
However, this PR solves the issue. Any feedback appreciated! Thanks for all the great work with Ecto! 👍
Related news
GHSA-4r2f-6fm9-2qgh: Ecto lacks a protection mechanism
Ecto 2.2.0 lacks a certain protection mechanism associated with the interaction between `is_nil` and `raise`.