fix(cli): add public schema existence check and null byte test

claude · claude · commit fd00960452fb · 2026-01-08T18:26:06.000Z
- Add existence check for public schema before has_schema_privilege
  (prevents error if public schema is dropped)
- Add test for null byte rejection in escapeLiteral via database name
diff --git a/cli/lib/supabase.ts b/cli/lib/supabase.ts
@@ -616,13 +616,21 @@ export async function verifyInitSetupViaSupabase(params: {
     }
   }
 
-  // Check USAGE on public schema
-  const schemaUsageRes = await params.client.query(
-    `SELECT has_schema_privilege('${escapeLiteral(role)}', 'public', 'USAGE') as ok`,
+  // Check USAGE on public schema (check existence first to avoid has_schema_privilege throwing)
+  const publicSchemaExistsRes = await params.client.query(
+    "SELECT nspname FROM pg_namespace WHERE nspname = 'public'",
     true
   );
-  if (!schemaUsageRes.rows?.[0]?.ok) {
-    missingRequired.push("USAGE on schema public");
+  if (publicSchemaExistsRes.rowCount === 0) {
+    missingRequired.push("schema public exists");
+  } else {
+    const schemaUsageRes = await params.client.query(
+      `SELECT has_schema_privilege('${escapeLiteral(role)}', 'public', 'USAGE') as ok`,
+      true
+    );
+    if (!schemaUsageRes.rows?.[0]?.ok) {
+      missingRequired.push("USAGE on schema public");
+    }
   }
 
   // Check search_path
diff --git a/cli/test/supabase.test.ts b/cli/test/supabase.test.ts
@@ -521,6 +521,29 @@ describe("Supabase module", () => {
       }
     });
 
+    test("throws error for database name with null bytes (SQL injection prevention)", async () => {
+      globalThis.fetch = mock(() =>
+        Promise.resolve(new Response(JSON.stringify([{ rolname: "postgres_ai_mon" }]), { status: 200 }))
+      ) as unknown as typeof fetch;
+
+      const client = new SupabaseClient({
+        projectRef: VALID_PROJECT_REF,
+        accessToken: "mytoken",
+      });
+
+      try {
+        await verifyInitSetupViaSupabase({
+          client,
+          database: "test\0db", // null byte should be rejected
+          monitoringUser: "postgres_ai_mon",
+          includeOptionalPermissions: false,
+        });
+        throw new Error("Expected to throw");
+      } catch (e) {
+        expect((e as Error).message).toContain("null bytes");
+      }
+    });
+
     test("returns missing role when role does not exist", async () => {
       globalThis.fetch = mock(() =>
         Promise.resolve(new Response(JSON.stringify([]), { status: 200 }))
