cossacklabs/acra

[ISSUE] Acra replaces null values by an empty string when using prepared statements

Machado117 opened this issue · 3 comments

Machado117 commented

Describe the bug
When an INSERT is executed on a table using encryption, if the query explicitly sets a value to NULL, and is executed using a prepared statement, Acra replaces the NULL value by an empty string.

To Reproduce
Steps to reproduce the behavior:

  1. Run the following java code:
import java.sql.*;

public class AcraTest {

    public static void main(String[] args) throws Exception {
        Class.forName("org.postgresql.Driver");
        String url = "jdbc:postgresql://localhost:9393/testdb";
        Connection conn = DriverManager.getConnection(url, "postgres", "postgres");
        final Statement statement = conn.createStatement();

        statement.execute("CREATE TABLE mytable (name bytea, age text)");

        // Execute INSERT directly
        statement.execute("INSERT INTO mytable (name, age) values ('John', NULL)");

        // Execute INSERT with a prepared statement
        PreparedStatement st = conn.prepareStatement("INSERT INTO mytable (name, age) values (?, ?)");
        st.setString(1, "Peter");
        st.setString(2, null);
        st.execute();
        st.close();

        // Check values inserted
        final ResultSet resultSet = statement.executeQuery("SELECT * FROM mytable");
        while (resultSet.next()) {
            System.out.println(String.format(
                    "Name: %s | Age: %s | Null: %s",
                    resultSet.getString("name"),
                    resultSet.getString("age"),
                    resultSet.getString("age") == null
            ));
        }
        conn.close();
    }
}

Output:
Name: John | Age: null | Null: true
Name: Peter | Age: | Null: false

Expected behavior
Acra should have the same behavior whether the INSERT is executed on a prepared statement or not and should not replace null values.

Acra configuration files
For AcraServer:
- [ ] encryptor_config.yaml

- table: mytable
  columns:
    - name
    - age
  encrypted:
    - column: name
      data_type: str

Environment:

  • Acra version: 2ff0799
  • Database server and its version: PostgreSQL 9.6.10
  • Installed components:
    • AcraServer
  • Data-in-transit encryption between Acra and the client-side application:
    • no transport encryption
  • Installation way:
    • via Docker

Additional context
Add any other context about the problem here.

Lagovas commented

@Machado117 nice catch, thank you for your instructions on how to reproduce it. We fixed it and it will be merged to master soon.

Lagovas commented

Oh, I accidentally closed it when merge PR that should fix it. Please, try now with a fresh state of the master branch and re-open if it didn't fix your problem.

Machado117 commented

It's fixed, thanks!