Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Encode FilePath as a string or an array of code units #181

Closed
wants to merge 1 commit into from
Closed

Encode FilePath as a string or an array of code units #181

wants to merge 1 commit into from

Conversation

kateinoigakukun
Copy link
Contributor

This changes the FilePath's Codable conformance to encode and decode FilePath as a string or an array of code units instead of using the default synthesized implementation that encodes the storage directly.

Decoding data as internal storage is not user-friendly and allows to construct invalid FilePath instances (e.g. with non-null-terminated storage).

So, the new implementation tries to decode the input as a string first and then as an array of code units. If the array is not null-terminated, the decoding fails.

Close #106

@kateinoigakukun
Encode FilePath as a string or an array of code units
24c2652 
This changes the `FilePath`'s `Codable` conformance to encode and decode
`FilePath` as a string or an array of code units instead of using the
default synthesized implementation that encodes the storage directly.

Decoding data as internal storage is not user-friendly and allows to
construct invalid `FilePath` instances (e.g. with non-null-terminated
storage).

So, the new implementation tries to decode the input as a string first
and then as an array of code units. If the array is not null-terminated,
the decoding fails.
@kateinoigakukun
Copy link
Contributor Author

@swift-ci test

@kateinoigakukun
Copy link
Contributor Author

kateinoigakukun commented Jun 3, 2024
edited
Loading

Do we need to support decoding the old synthesized format? In that case, we continue exposing a way to construct an invalid FilePath, so I didn't include it in this PR. WDYT?

@MaxDesiatov MaxDesiatov requested a review from al45tair June 5, 2024 14:12
@MaxDesiatov MaxDesiatov added the bug Something isn't working label Jun 5, 2024
@al45tair
Copy link
Contributor

al45tair commented Jun 5, 2024

IMO the Codable conformance on FilePath was/is a mistake. The implementation is different for different platforms, and you can't sensibly decode a UNIX path on Windows or vice-versa.

It's also likely someone is already depending on the existing implementation (which is buggy in a way that could be a security issue), so I think while what you've done here is an improvement in many ways, it probably also needs to support the existing encoding — though we should check it carefully to make sure we don't allow the storage to be non-NUL-terminated.

@kateinoigakukun
Copy link
Contributor Author

@al45tair

IMO the Codable conformance on FilePath was/is a mistake. The implementation is different for different platforms, and you can't sensibly decode a UNIX path on Windows or vice-versa.

Yeah, it might become another security concern. I took a look at how other language ecosystems handle it:

Rust (serde) approach addresses the wrong use case you mentioned where serialization and deserialization happened on different platforms. I think it's worth doing a similar tagging when (de)serializing paths as code points.

it probably also needs to support the existing encoding — though we should check it carefully to make sure we don't allow the storage to be non-NUL-terminated.

Ok, it makes sense to me to accept the existing encoding only if the storage is valid 👍

@kateinoigakukun
Copy link
Contributor Author

Closing in favor of #189

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@glessard glessard Awaiting requested review from glessard glessard is a code owner

@lorentey lorentey Awaiting requested review from lorentey lorentey is a code owner

@milseman milseman Awaiting requested review from milseman milseman is a code owner

@al45tair al45tair Awaiting requested review from al45tair

Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

FilePath is Decodable, but not from a String
3 participants
@kateinoigakukun @al45tair @MaxDesiatov