Add a whitelist for info keys on var metadata #74
Conversation
|
@bbatsov do all those apply to clojure vars? |
|
cljs-tooling also emits |
|
@cichli This specific whitelist is only applied to clojure vars, iiuc. |
|
You are, of course, correct. |
|
@hugoduncan The build is failing. @jeffvalk @gtrak What do you think? Personally I don't like having both this and the existing blacklist; seems a bit confusing this way. |
|
Perhaps I haven't followed this issue closely enough... I understand that anything hypothetically could be populated with an unsupported value type, but which metadata attributes have we actually seen cause an issue other than the blacklisted |
|
@jeffvalk We use |
|
@bbatsov the existing blacklist seemed to be a bit of a sledgehammer, being applied to metadata whatever the source. I felt that having a black/whitelist per metadata source makes more sense - clojurescript functions already have an implicit whitelist in the code. |
|
@hugoduncan Understood. That definitely adds context. @bbatsov Agreed --if we're using a whitelist, the blacklist isn't helpful. And a whitelist still doesn't guarantee its attributes' data types (I think @gtrak pointed this out on a related thread) -- If someone sticks unserializable data in |
|
I'm still playing catch up on this, so I may be oversimplifying... My understanding is the core of this issue is that bencode dictionary keys must be strings. If so, what cases would just stringifying the key not let us accommodate? |
|
I tried the patch in the above gist with the |
Pretty much - yes. I'm not sure if you've read the discussion in #61. There stringifying the keys was also mentioned. |
|
Ah, ok. Hadn't read that in detail. Is there a drawback to that approach? It should be safer than either a blacklist or whitelist. |
|
Not sure. Haven't given that much thought after the whitelist idea was originally presented a while back. After all, as we know what data is required by cider, it seems wasteful to bloat the responses unnecessary (especially given the fact we have to occasionally read them :-) ). As it stands we're quite certain about the structure of all required attributes (unless I'm missing something), except the |
|
Completely agree that limiting metadata returned by |
|
Sure. But this is only a problem with collection types (maps or collections with maps in them). If some metadata value is not a collection there's no chance anything in it will be encoded as a dictionary. |
When generating a map for info on a var, whitelist the keys that may appear. Address cider clojure-emacs#588
|
Right, but the whitelist alone doesn't guarantee the data type of those metadata properties. If I use one of the whitelisted keys to point to some arbitrarily nested collection (say I think |
|
You're correct, but consider this as well - if the data that's fed to CIDER doesn't have the format it expects there'll be a client-side error anyways. In other terms, CIDER might expect the contents of a string in a response to be some number, but they might be something else - I don't think there's a sane way to handle that. I understand our problem, but I can't think of a real solution. Converting to strings would suppress the decode errors, but will still leave us vulnerable to problems. |
|
That's certainly true. But decoding errors are quite opaque, and I think we should be keen to eliminate them wherever possible. An error at a higher level is still an error, but it's likely to be more specific and easier to diagnose. IMO, calling |
|
@jeffvalk OK, I'm sold. :-) Please, go ahead and make the necessary changes. |
Add a whitelist for info keys on var metadata
|
@hugoduncan Thanks! 👍 |
When generating a map for info on a var, whitelist the keys that may appear.
Address cider #588