Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

prisma-field-encryption fails with large strings due to RangeError: Maximum call stack size exceeded #122

Closed
aloisklink opened this issue Sep 24, 2024 · 0 comments · Fixed by #123
Closed

prisma-field-encryption fails with large strings due to RangeError: Maximum call stack size exceeded #122

aloisklink opened this issue Sep 24, 2024 · 0 comments · Fixed by #123

Comments

@aloisklink
Copy link
Contributor

Issue

Trying to query a large field (approx 4 MiB or larger) fails with the following error:

[prisma-field-encryption] Error: decryption error(s) encountered in operation findFirst:
  Decryption error for TABLE.COLUMN at TABLE.0.COLUMN: RangeError: Maximum call stack size exceeded

This is due to the cloakedStringRegex in @47ng/cloak failing on large strings, due to limitations in V8's regex engine.

Potential fix

I've got a PR fixing this in 47ng/cloak#411, but once it's merged and released, we'd also have to update

prisma-field-encryption/src/encryption.ts

Line 179 in c17354c

if (!cloakedStringRegex.test(cipherText)) {
to something like:

diff --git a/package.json b/package.json
index 1d25e97..c6ee11c 100644
--- a/package.json
+++ b/package.json
@@ -45,7 +45,7 @@
     "migrate": "ts-node ./src/tests/migrate.ts"
   },
   "dependencies": {
-    "@47ng/cloak": "^1.1.0",
+    "@47ng/cloak": "^1.2.0",
     "@prisma/generator-helper": "^5.9.1",
     "debug": "^4.3.4",
     "immer": "^10.0.3",
diff --git a/src/encryption.ts b/src/encryption.ts
index 8ba0fea..7472382 100644
--- a/src/encryption.ts
+++ b/src/encryption.ts
@@ -1,11 +1,11 @@
 import {
-  cloakedStringRegex,
   CloakKeychain,
   decryptStringSync,
   encryptStringSync,
   findKeyForMessage,
   makeKeychainSync,
   ParsedCloakKey,
+  parseCloakedString,
   parseKeySync
 } from '@47ng/cloak'
 import { Draft, produce } from 'immer'
@@ -176,7 +176,7 @@ export function decryptOnRead<Models extends string, Actions extends string>(
       field
     }) {
       try {
-        if (!cloakedStringRegex.test(cipherText)) {
+        if (!parseCloakedString(cipherText)) {
           return
         }
         const decryptionKey = findKeyForMessage(cipherText, keys.keychain)
@aloisklink aloisklink mentioned this issue Sep 24, 2024
Merged
aloisklink added a commit to aloisklink/prisma-field-encryption that referenced this issue Sep 24, 2024
@aloisklink
fix: support decrypting strings larger than 4 MiB
0dfd597 
The `cloakedStringRegex` regex fails on ciphertexts larger than 4 MiB.
The new `parseCloakedString` in [`@47ng/[email protected]`][1] doesn't have
this limitation.

[1]: https://github.com/47ng/cloak/releases/tag/v1.2.0

Fixes: 47ng#122
@aloisklink aloisklink mentioned this issue Sep 24, 2024
Merged
franky47 pushed a commit that referenced this issue Sep 24, 2024
@aloisklink
fix: support decrypting strings larger than 4 MiB (#123)
8380200 
The `cloakedStringRegex` regex fails on ciphertexts larger than 4 MiB.
The new `parseCloakedString` in [`@47ng/[email protected]`][1] doesn't have
this limitation.

[1]: https://github.com/47ng/cloak/releases/tag/v1.2.0

Fixes: #122
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix: support decrypting strings larger than 4 MiB aloisklink/prisma-field-encryption
1 participant
@aloisklink