diesel-guard 0.10.0

Linter for dangerous Postgres migration patterns in Diesel and SQLx. Prevents downtime caused by unsafe schema changes.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128

//! Detection for TRUNCATE TABLE operations.
//!
//! This check identifies `TRUNCATE TABLE` statements, which acquire an ACCESS EXCLUSIVE
//! lock and block all operations on the table.
//!
//! TRUNCATE acquires an ACCESS EXCLUSIVE lock, blocking all reads and writes during the
//! operation. Unlike DELETE, TRUNCATE cannot be batched or throttled, making it unsuitable
//! for removing data from large tables in production.
//!
//! **When this fires legitimately:** TRUNCATE is often intentional in migrations — for
//! example, clearing a lookup/seed table before re-populating it, wiping a staging
//! environment, or truncating a table that is known to be empty or small. In those cases,
//! silence the check per-statement with a `safety-assured` block, or project-wide with
//! `warn_checks = ["TruncateTableCheck"]` (warning only) or
//! `disable_checks = ["TruncateTableCheck"]` (fully disabled).

use crate::checks::pg_helpers::{NodeEnum, range_var_name};
use crate::checks::{Check, Config, MigrationContext};
use crate::violation::Violation;

pub struct TruncateTableCheck;

impl Check for TruncateTableCheck {
    fn check(&self, node: &NodeEnum, _config: &Config, _ctx: &MigrationContext) -> Vec<Violation> {
        let NodeEnum::TruncateStmt(truncate) = node else {
            return vec![];
        };

        truncate
            .relations
            .iter()
            .filter_map(|rel_node| {
                if let Some(NodeEnum::RangeVar(rv)) = &rel_node.node {
                    let table_name_str = range_var_name(rv);

                    Some(Violation::new(
                        "TRUNCATE TABLE",
                        format!(
                            "TRUNCATE TABLE on '{table_name_str}' acquires an ACCESS EXCLUSIVE lock, blocking \
                            all reads and writes. Unlike DELETE, it cannot be batched or throttled. \
                            This is safe for empty/small tables or non-production environments, but \
                            dangerous on large production tables."
                        ),
                        format!(
                            r#"If this table can be large in production, prefer batched DELETE:

1. Delete rows in small batches:
   DELETE FROM {table_name_str} WHERE id IN (
     SELECT id FROM {table_name_str} LIMIT 1000
   );

2. Repeat until all rows are removed.

3. (Optional) Reset sequences:
   ALTER SEQUENCE {table_name_str}_id_seq RESTART WITH 1;

4. (Optional) Reclaim space:
   VACUUM {table_name_str};

If TRUNCATE is intentional (e.g. lookup table, test/staging environment,
or table is known to be small), silence this check:

  Per-statement — wrap in a safety-assured block:
    -- safety-assured:start
    -- Safe because: lookup table, always small
    TRUNCATE TABLE {table_name_str};
    -- safety-assured:end

  Project-wide as a warning (reported but non-blocking):
    # diesel-guard.toml
    warn_checks = ["TruncateTableCheck"]

  Project-wide silenced:
    # diesel-guard.toml
    disable_checks = ["TruncateTableCheck"]"#
                        ),
                    ))
                } else {
                    None
                }
            })
            .collect()
    }
}

#[cfg(test)]
mod tests {
    use super::*;
    use crate::{assert_allows, assert_detects_n_violations, assert_detects_violation};

    #[test]
    fn test_detects_truncate_table() {
        assert_detects_violation!(
            TruncateTableCheck,
            "TRUNCATE TABLE users;",
            "TRUNCATE TABLE"
        );
    }

    #[test]
    fn test_detects_truncate_multiple_tables() {
        assert_detects_n_violations!(
            TruncateTableCheck,
            "TRUNCATE TABLE users, orders;",
            2,
            "TRUNCATE TABLE"
        );
    }

    #[test]
    fn test_detects_truncate_with_cascade() {
        assert_detects_violation!(
            TruncateTableCheck,
            "TRUNCATE TABLE users CASCADE;",
            "TRUNCATE TABLE"
        );
    }

    #[test]
    fn test_ignores_delete_statement() {
        assert_allows!(TruncateTableCheck, "DELETE FROM users;");
    }

    #[test]
    fn test_ignores_drop_table() {
        assert_allows!(TruncateTableCheck, "DROP TABLE users;");
    }
}