Skip to content

fix: escape backslashes in SQL literals (poisoned-buffer on common payloads) + fallback hardening#35

Merged
vigneshnarayanaswamy merged 1 commit into
mainfrom
fix/esc-backslash-escaping
Jul 10, 2026
Merged

fix: escape backslashes in SQL literals (poisoned-buffer on common payloads) + fallback hardening#35
vigneshnarayanaswamy merged 1 commit into
mainfrom
fix/esc-backslash-escaping

Conversation

@vigneshnarayanaswamy

Copy link
Copy Markdown
Collaborator

An independent post-merge review of #33/#34 found their composition bug, empirically confirmed against live Snowflake: _esc did not escape backslashes, and Snowflake processes backslash escape sequences inside single-quoted string constants. Any JSON payload containing an embedded double quote (json.dumps emits \") or a backslash reached PARSE_JSON mangled — INSERT fails, the buffer never clears, and every subsequent flush-before-read 500s. That's the poisoned-buffer incident #34 fixed, reintroduced on common data, on exactly the path #34 routes non-native-transport deployments onto. (PARSE_JSON('{"a": "x \" y"}')Error parsing JSON: missing comma; doubled backslashes round-trip.)

Fix: _esc doubles backslashes before doubling quotes. Same fix covers the models fallback's METADATA column (latent since the fallback existed).

Also applied from the review:

  • Privilege denials — the expected steady state of least-privilege roles — short-circuit quietly again (no per-flush WARNING + doomed DROP round trip); unexpected failures log with exc_info
  • Failure-path cleanup DROP removed (temp tables die with the session; when the temp CREATE never ran it could target a same-named permanent table)
  • Row construction moved inside the try so serialization surprises also fall back
  • The null-payload regression test inspected the wrong side of FROM and could never fail — fixed; added quote/backslash round-trip tests (unit + end-to-end through the fallback) and the snapshots-path fallback twin

761 tests, ruff, mypy green. Version → 0.7.12.

🤖 Generated with Claude Code

Blind post-merge review of #33/#34 found the composition bug: Snowflake
processes backslash escape sequences inside single-quoted constants, and
_esc only doubled single quotes — so any JSON payload containing an
embedded double quote (serialized by json.dumps as \") or a backslash
reached PARSE_JSON mangled. On the SQL fallback path (which #34 routes
all non-native-transport deployments onto) that meant: INSERT fails,
buffer never clears, every subsequent flush-before-read 500s — the
poisoned-buffer incident, reintroduced on common data. Verified live:
PARSE_JSON('{"a": "x \" y"}') errors; the doubled form round-trips.

Also from the review: privilege denials (the expected steady state of
least-privilege roles) short-circuit quietly again instead of warning +
issuing a doomed DROP per flush; unexpected failures log with exc_info;
the failure-path cleanup DROP is gone (temp tables die with the session,
and it could target a same-named permanent table); row construction sits
inside the try; the null-payload regression test inspected the wrong
side of FROM and could never fail — fixed; snapshot-path fallback and
quote/backslash round-trip tests added. Version 0.7.12.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
@vigneshnarayanaswamy vigneshnarayanaswamy merged commit 0aff237 into main Jul 10, 2026
7 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant