Validate data['id'] field early in dev #238
Conversation
There was a problem hiding this comment.
Thanks for the contribution!
In my opinion, we should add explicit casts to all our JSON-deserializing constructors (and also enable strict casts to check this).
dart2js with -O3 or -O4 can omit implicit casts such as the ones in our fromRow methods, which leads to unsound code when the type in the JSON value is not what we expect (it leads to num values creeping into String fields, possibly breaking type safety everywhere).
The general advice is to not compile with -O3 without carefully checking for implicit casts, but:
- We compile our web workers with
-O4. - All Flutter web apps are compiled with
-O4(a very dangerous decision by Flutter, but we have to deal with that).
So ideally, CrudEntry.fromRow should look like this:
final data = jsonDecode(row['data'] as String);
return CrudEntry(
row['id'] as int,
UpdateType.fromJsonChecked(data['op'] as String),
data['type'] as String,
data['id'] as String,
row['tx_id'] a String,
data['data'],
);There are a few methods affected by this which should all be fixed. That will be a bigger change, so you can leave that to us if you don't want to patch them all :D
|
@simolus3 Thank you for the insight! I'm renaming the branch to reflect the new changes so expect a new PR soon ;) |
Implements change proposed in #137.