Waterline incorrectly sees search for as value of 'OR' as the 'OR' operator in some cases.

[jpnarkinsky]

Node version: 12.16.1
Sails version (sails): 1.2.4
ORM hook version (sails-hook-orm): 2.1.1
Sockets hook version (sails-hook-sockets): n/a
Organics hook version (sails-hook-organics): n/a
Grunt hook version (sails-hook-grunt): n/a
Uploads hook version (sails-hook-uploads): n/a
DB adapter & version (e.g. sails-mysql@5.55.5): sails-postgres@1.0.2
Skipper adapter & version (e.g. skipper-s3@5.55.5): n/a

---

There appears to be a bug in waterline that can in some cases cause it to misinterpret an 'OR' in a value as an operator.

patrick@admin:~/src/caremesh-directory$ yarn console-inspect --dontLift
yarn run v1.22.4
$ ./bin/console-inspect --dontLift
Debugger listening on ws://127.0.0.1:9229/1b139055-4650-4d0e-9ca9-46c8a481d044
For help, see: https://nodejs.org/en/docs/inspector

 info: Loading app in interactive mode...
 info: Sails is not listening for requests (since `dontLift` was enabled).
 info: You still have access to your models, helpers, and `sails`.

Debugger attached.
 info: Welcome to the Sails console.
 info: ( to exit, type <CTRL>+<C> )

(node:25985) [DEP0124] DeprecationWarning: REPLServer.rli is deprecated
sails> Address.count({city: 'PORTLAND', state: 'OR'}).log()Running with `.log()`...

- - - - - - - - - - - - - - - - - - - - - - - -
An error occurred:

Error [AdapterError]: Unexpected error from database adapter: The operator "undefined" is not permitted
    at repl:1:9
    at Script.runInThisContext (vm.js:120:20)
    at REPLServer.defaultEval (repl.js:430:29)
    at bound (domain.js:426:14)
    at REPLServer.runBound [as eval] (domain.js:439:12)
    at REPLServer.onLine (repl.js:758:10)
    at REPLServer.emit (events.js:323:22)
    at REPLServer.EventEmitter.emit (domain.js:482:12)
    at REPLServer.Interface._onLine (readline.js:322:10)
    at REPLServer.Interface._line (readline.js:699:8)
    at REPLServer.Interface._ttyWrite (readline.js:1025:14)
    at REPLServer.self._ttyWrite (repl.js:835:7)
    at ReadStream.onkeypress (readline.js:198:10)
    at ReadStream.emit (events.js:311:20)
    at ReadStream.EventEmitter.emit (domain.js:482:12)
    at emitKeys (internal/readline/utils.js:438:14)
    at emitKeys.next (<anonymous>)
    at ReadStream.onData (readline.js:1160:36)
    at ReadStream.emit (events.js:311:20)
    at ReadStream.EventEmitter.emit (domain.js:482:12)
    at addChunk (_stream_readable.js:294:12)
    at readableAddChunk (_stream_readable.js:275:11)
    at ReadStream.Readable.push (_stream_readable.js:209:10)
    at TTY.onStreamRead (internal/stream_base_commons.js:186:23) {
  name: 'AdapterError',
  adapterMethodName: 'find',
  modelIdentity: 'address',
  raw: TypeError: The operator "undefined" is not permitted
      at Formatter.operator (/home/patrick/src/caremesh-directory/node_modules/knex/lib/formatter.js:138:13)
      at QueryCompiler_PG.whereBasic (/home/patrick/src/caremesh-directory/node_modules/knex/lib/query/compiler.js:525:100)
      at QueryCompiler_PG.where (/home/patrick/src/caremesh-directory/node_modules/knex/lib/query/compiler.js:314:32)
      at /home/patrick/src/caremesh-directory/node_modules/knex/lib/query/compiler.js:147:30
      at Array.map (<anonymous>)
      at QueryCompiler_PG.select (/home/patrick/src/caremesh-directory/node_modules/knex/lib/query/compiler.js:146:33)
      at QueryCompiler_PG.toSQL (/home/patrick/src/caremesh-directory/node_modules/knex/lib/query/compiler.js:108:27)
      at Builder.toSQL (/home/patrick/src/caremesh-directory/node_modules/knex/lib/query/builder.js:111:44)
      at sequelizer (/home/patrick/src/caremesh-directory/node_modules/waterline-sql-builder/lib/sequelizer.js:1223:24)
      at Object.generate (/home/patrick/src/caremesh-directory/node_modules/waterline-sql-builder/index.js:49:17)
      at Object.compileStatement (/home/patrick/src/caremesh-directory/node_modules/machinepack-postgresql/machines/compile-statement.js:91:40)
      at wrapper (/home/patrick/src/caremesh-directory/node_modules/@sailshq/lodash/lib/index.js:3282:19)
      at Deferred.parley.retry [as _handleExec] (/home/patrick/src/caremesh-directory/node_modules/machine/lib/private/help-build-machine.js:1076:19)
      at Deferred.exec (/home/patrick/src/caremesh-directory/node_modules/parley/lib/private/Deferred.js:286:10)
      at Deferred.now (/home/patrick/src/caremesh-directory/node_modules/parley/lib/private/Deferred.js:592:8)
      at Deferred.now (/home/patrick/src/caremesh-directory/node_modules/machine/lib/private/help-build-machine.js:1317:51)
      at Deferred.execSync (/home/patrick/src/caremesh-directory/node_modules/machine/lib/private/help-build-machine.js:1530:23)
      at Object.compileStatement (/home/patrick/src/caremesh-directory/node_modules/sails-postgresql/helpers/private/query/compile-statement.js:22:6)
      at Object.select (/home/patrick/src/caremesh-directory/node_modules/sails-postgresql/helpers/select.js:127:37)
      at wrapper (/home/patrick/src/caremesh-directory/node_modules/@sailshq/lodash/lib/index.js:3282:19)
      at Deferred.parley.retry [as _handleExec] (/home/patrick/src/caremesh-directory/node_modules/machine/lib/private/help-build-machine.js:1076:19)
      at Deferred.exec (/home/patrick/src/caremesh-directory/node_modules/parley/lib/private/Deferred.js:286:10)
      at Deferred.switch (/home/patrick/src/caremesh-directory/node_modules/machine/lib/private/help-build-machine.js:1469:16)
      at Object.find (/home/patrick/src/caremesh-directory/node_modules/sails-postgresql/lib/adapter.js:187:16)
      at _getPopulatedRecords (/home/patrick/src/caremesh-directory/node_modules/waterline/lib/waterline/utils/query/help-find.js:145:21)
      at helpFind (/home/patrick/src/caremesh-directory/node_modules/waterline/lib/waterline/utils/query/help-find.js:582:6)
      at _afterPotentiallyRunningBeforeLC (/home/patrick/src/caremesh-directory/node_modules/waterline/lib/waterline/methods/find.js:258:9)
      at _maybeRunBeforeLC (/home/patrick/src/caremesh-directory/node_modules/waterline/lib/waterline/methods/find.js:232:16)
      at Deferred._.extend._WLModel [as _handleExec] (/home/patrick/src/caremesh-directory/node_modules/waterline/lib/waterline/methods/find.js:234:9)
      at Deferred.exec (/home/patrick/src/caremesh-directory/node_modules/parley/lib/private/Deferred.js:286:10)
      at Deferred.log (/home/patrick/src/caremesh-directory/node_modules/parley/lib/private/Deferred.js:652:8)
      at repl:1:47
      at Script.runInThisContext (vm.js:120:20)
      at REPLServer.defaultEval (repl.js:430:29)
}
- - - - - - - - - - - - - - - - - - - - - - - -


undefined
sails> 

This code works as expected when searching with only the state.

sails> Address.count({state: 'OR'}).log()
Running with `.log()`...
undefined
sails> 
- - - - - - - - - - - - - - - - - - - - - - - -
Finished successfully.

Result:

41467
- - - - - - - - - - - - - - - - - - - - - - - -

It also works as expected when the state is not 'OR':

sails> Address.count({city: 'PORTLAND', state: 'ME'}).log()Running with `.log()`...

undefined
sails> 
- - - - - - - - - - - - - - - - - - - - - - - -
Finished successfully.

Result:

1558
- - - - - - - - - - - - - - - - - - - - - - - -


sails> 

I believe the problem is to be found in sequelizer.js, and might have something to do with options.strip, but I couldn't find anything describing how to use those parameters so I didn't want to go any further with it than that since I've never used knex directly.

[sailsbot]

@jpnarkinsky Thanks for posting! We'll take a look as soon as possible.

In the mean time, there are a few ways you can help speed things along:

• look for a workaround. (Even if it's just temporary, sharing your solution can save someone else a lot of time and effort.)
• tell us why this issue is important to you and your team. What are you trying to accomplish? (Submissions with a little bit of human context tend to be easier to understand and faster to resolve.)
• make sure you've provided clear instructions on how to reproduce the bug from a clean install.
• double-check that you've provided all of the requested version and dependency information. (Some of this info might seem irrelevant at first, like which database adapter you're using, but we ask that you include it anyway. Oftentimes an issue is caused by a confluence of unexpected factors, and it can save everybody a ton of time to know all the details up front.)
• read the code of conduct.
• if appropriate, ask your business to sponsor your issue. (Open source is our passion, and our core maintainers volunteer many of their nights and weekends working on Sails. But you only get so many nights and weekends in life, and stuff gets done a lot faster when you can work on it during normal daylight hours.)
• let us know if you are using a 3rd party plugin; whether that's a database adapter, a non-standard view engine, or any other dependency maintained by someone other than our core team. (Besides the name of the 3rd party package, it helps to include the exact version you're using. If you're unsure, check out this list of all the core packages we maintain.)

---

Please remember: never post in a public forum if you believe you've found a genuine security vulnerability. Instead, disclose it responsibly.

For help with questions about Sails, click here.

[johnabrams7]

@jpnarkinsky Many thanks for taking the time to report this - could you link us to a minimal repo that reproduces this error? Appreciate the fine details 👍 We'll have it examined further.

[pineconesundae]

@johnabrams7 @jpnarkinsky I, too, have hit this issue today and boy was I glad to see this post to let me know I wasn't going crazy. An additional observation/workaround I discovered: it is case-sensitive. So while something like

Consumer.findOne({ acronym: 'AND' });

will throw the The operator "undefined" is not permitted error, changing it to

Consumer.findOne({ acronym: 'and' });

will allow it to succeed. I use the sails-mysql adapter and MySQL queries are not case-sensitive, so this workaround is an easy path forward for me.

[eashaw]

I was able to reproduce this on the latest version on sails-postgres

[eashaw]

A workaround for this issue is wrapping the criteria in an array (e.g. Address.find({city: 'Portland' , state: ['OR']}) will return the expected results.)

[tunicwriter]

I'm still experiencing this issue with sails-postgresql@2.0.0, which should include the linked fix (correct me if I'm wrong). Specifically, we are experiencing this with IN; I have not tested with AND, OR, etc.

[eashaw]

Hi @tunicwriter, the changes in linked pull request are in sails-postgresql@v3.0.0.

[tunicwriter]

@eashaw Looks like the issue has been corrected. Thank you!