Open alundiak opened 10 months ago
Hey @alundiak, whoa yeah that's weird. That binary sounds like a prisma binary. Do the other prisma commands work like yarn rw prisma migrate dev
?
I'm on MacOS Ventura (13) and can't reproduce this but I'm overdue for an upgrade and could try reproducing again after upgrading my OS version.
@jtoar yes, similar:
yarn rw prisma migrate dev
Running Prisma CLI...
$ yarn prisma migrate dev --schema /Users/lund/projects/sandbox_backend/RedwoodJS/my-redwood-project-2023/api/db/schema.prisma
Environment variables loaded from .env
Prisma schema loaded from api/db/schema.prisma
Datasource "db": SQLite database "dev.db" at "file:./dev.db"
SQLite database dev.db created at file:./dev.db
Error: SQLite database error
attempt to write a readonly database
0: sql_schema_connector::sql_migration_persistence::initialize
with namespaces=None
at schema-engine/connectors/sql-schema-connector/src/sql_migration_persistence.rs:14
1: schema_core::state::ApplyMigrations
at schema-engine/core/src/state.rs:201
plus a notification from security.antivirus software:
PS. I assume that MAYBE my Poland ISP TOYA has some rules too strict and maybe treats access to folder by ANY executable on Mac OS / Darwin / M1 CPU in some other ways as maybe other softwares...
More info here: https://toya.net.pl/strona/bezpieczny-internet (web page in Polish language only)
UPD: prisma@npm:5.7.0 (looked up in yarn.lock). And I see that almost latest: https://github.com/prisma/prisma/releases
✨ In this release, we improved the SQL queries Prisma Client generates for you with two new Preview features, the driver adapters, and support for the database drivers we currently support. 5.7.0 will be the last release of the year. Stay tuned for the next one in January! ✨
Maybe some breaking changes were introduced in 5.6.0?
Hi @alundiak I'll mention this issue to Prisma, but from what I've read, your DeepGuard software is letting you know that Prisma needs access to the "projects" folder -- since it reads the schema and will write to the folder when making migration files.
To me, this is just informative and it's letting you choose to allow that to happen or not. But, if you deny it, then Prisma may not work properly since -- it can't creator schema migration files.
Running yarn rw test
accesses Prisma to create a test database (create a .sql or .db file), reset it, set data via scenarios, and then reset back to a known state with each test case. Therefore, it is not unreasonable for it to ask Prisma for permissions to access the project folder.
Question:
> Datasource "db": SQLite database "test.db" at "file:/Users/lund/projects/sandbox_backend/RedwoodJS/my-redwood-project-2023/.redwood/test.db"
The SQLite database "test.db" at "file:/Users/lund/projects/sandbox_backend/RedwoodJS/my-redwood-project-2023/.redwood/test.db" was successfully reset.
Error: SQLite database error
attempt to write a readonly database
Did you deny access and then got that message?
Yes, I did deny because I wanted to see the RedwoodJS/Prisma behavior.
I wouldn't expect that access to folder / files is matter of any DeepGuard/SecurityMalware software.
Besides, on the very similar conditions I have a setup of Nest JS with SQLite and I have file nestjs.db
a database file, which NestJS creates, recreates, deletes and I have no warnings about access to folder or file removal from DeepGuard software.
By saying this, I think Prisma executable does something, which is treated as potential risky (or suspicious) behavior. Although I know it's not. It's just matter of surprise.
y saying this, I think Prisma executable does something
I mentioned this behavior to Prisma and will report back what they say might cause this.
Hey @prisma here 👋
db push
indeed writes into your dev.db
in your projects
folder, and it seems this "DeepGuard" somehow sees this as problematic. It is not. When you use SQLite directly via Nest JS the request just comes from the Node process itself, while with Prisma it comes via our Schema Engine.
You can totally approve that file access, and potentially give the provider of that software feedback that it is being overly cautious.
In which folder are you running the commands?
@janpio In folder ~/projects/sandbox_backend/RedwoodJS/my-redwood-project-2023
:)
Interesting, I would have expected the tool to understand that running a CLI in that project is expected to run executables from that project to also modify files from that project - it is not a very uncommon case I would say.
If you allow DeepGuard's prompt to access the projects folder, everything works as expected?
@janpio Yes.
These worked OK before (meaning commands were not causing DeepGuard to interrupt):
yarn rw dev
yarn rw setup ui tailwindcss
yarn rw storybook
This causes DeepGuard to interrupt, but after "Allow" I have results
yarn rw test
=> PASS api api/src/directives/requireAuth/requireAuth.test.ts
PASS api api/src/directives/skipAuth/skipAuth.test.ts
Test Suites: 2 passed, 2 total
Tests: 3 passed, 3 total
Snapshots: 0 total
Time: 1.735 s
We didn't really change anything in how our Engine works.
Does it work again if you go back to an older version of Prisma that used to work in the past?
@janpio I didn't have time to revert. I specifically upgrade my 2022 codebase setup with belief that it will behave the same or better :) But I started using DeepGuard some time recently just before I've upgraded my educational codebase to Redwood.JS v.6.x. anyway.
Ok. Then I would say you just found a slightly inconvenient feature of DeepGuard. We @prisma will not treat this as something to further investigate, unless you find something not working even when access is allowed.
What's not working?
I expected
yarn rw test
to not cause any security, virus or malware warnings what so ever.How do we reproduce the bug?
yarn create redwood-app my-redwood-project-2023 --typescript
on Mac OS Sonoma when you have pre-installed some Antivirus-like software on Mac OS.yarn install
works (after play withcorepack
)yarn redwood dev
works OK (http://localhost:8910 is available/reachable).yarn rw storybook
works.yarn rw test
seems to be working but causing Antivirus software to warn me aboutschema-engine-darwin-arm64
vianode
is trying to access my custom folderprojects
.Here is rest of output:
What's your environment? (If it applies)
PS.
Note. Maybe not related but while
yarn rw dev
is running, I have these error and warning:Are you interested in working on this?