Throw on unsupported types in src gen #58775
Conversation
|
Note regarding the This serves as a reminder for when your PR is modifying a ref *.cs file and adding/modifying public APIs, to please make sure the API implementation in the src *.cs file is documented with triple slash comments, so the PR reviewers can sign off that change. |
ghost
added
|
Tagging subscribers to this area: @eiriktsarpalis, @layomia Issue DetailsAddresses #58221 for main. This PR is expected to be ported to 6.0. Note that there is a single public API method addition for interop between generated code and STJ. This API is not expected to be controversial since it is not used by consumers and is consistent with other interop methods in the same location. It will be covered by @layomia in the next API review. Also addresses:
The existing "disallowed" tests that only ran on the serializer were converted to also run on source gen. The tests were expanded to:
The exception thrown is the same as what the serializer throws. E.g.: |
layomia
left a comment
layomia
left a comment
There was a problem hiding this comment.
LGTM with minor questions
src/libraries/System.Text.Json/gen/JsonSourceGenerator.Parser.cs
Outdated
Show resolved
Hide resolved
| { | ||
| // If a value type is added, also add a test that | ||
| // shows NSE is thrown when Nullable<T> is (de)serialized. | ||
| // If a type is added, also add to the souce-gen project. |
There was a problem hiding this comment.
I think we should update the exception message since not all these types have security issues & could be supported in the future.
There was a problem hiding this comment.
BTW, that message is maybe weasel words? eg "since they can lead to security issues" --> "because it is insecure"
There was a problem hiding this comment.
Agree with Layomi we should remove references to security from the exception message, since this class has evolved into a general-purpose converter for unsupported types. We might consider special casing the error message for System.Type and SerializationInfo (e.g. by injecting a reason string to the constructed converter) but this is likely overkill.
There was a problem hiding this comment.
Removing the last section works for me:
from
"Serialization and deserialization of '{0}' instances are not supported and should be avoided since they can lead to security issues."
to
"Serialization and deserialization of '{0}' instances are not supported."
There was a problem hiding this comment.
We might consider special casing the error message for System.Type and SerializationInfo (e.g. by injecting a reason string to the constructed converter) but this is likely overkill.
FWIW there was a discussion on how to scale these exception messages (#42605 (comment), #42605 (comment)). Another approach to consider in the future is to add a JsonTypeDisallowReason enum which is passed to a new converter ctor overload, which would determine what exception message is shown.
There was a problem hiding this comment.
add a JsonTypeDisallowReason enum
Unless there is a requirement for the "security issue" in the message, I think this is overkill. It would also require 2 converter instances and add code\tests to separate the unsupported types into "security" and "non security".
There was a problem hiding this comment.
src/libraries/System.Text.Json/tests/Common/UnsupportedTypesTests.cs
Outdated
Show resolved
Hide resolved
...ries/System.Text.Json/tests/System.Text.Json.SourceGeneration.Tests/RealWorldContextTests.cs
Show resolved
Hide resolved
| } | ||
|
|
||
| [Fact] | ||
| public async Task CompileTimeConverterIsSupported() |
There was a problem hiding this comment.
Would it be possible to also cover the IAsyncEnumerable case in this test? Ditto for runtime converter case.
There was a problem hiding this comment.
I'll add a test to ensure the converter gets called and doesn't throw NSE, but I think it's outside the scope here to verify actual IAsyncEnumerable semantics of serializer\deserialize; not sure if you wanted that as well.
|
@layomia please merge when API approved and green. |
|
@layomia should be ready to merge, can you take another look? |
layomia
left a comment
layomia
left a comment
There was a problem hiding this comment.
LGTM, merging to avoid conflicts with other PRs. Offline API review still pending.
|
/backport to release/6.0 |
|
Started backporting to release/6.0: https://github.com/dotnet/runtime/actions/runs/1224251530 |
4 participants
Addresses #58221 for main. This PR is expected to be ported to 6.0.
Note that there is a single public API method addition for interop between generated code and STJ. This API is not expected to be controversial since it is not used by consumers and is consistent with other interop methods in the same location. It will be covered by @layomia in the next API review.
Also addresses:
IAsyncEnumerable, we also throw on other known invalid types (that the serializer also throws on) includingDateOnly,TimeOnlyIntPtr,UIntPtr,Type, andSerializationInfo.The existing "disallowed" tests that only ran on the serializer were converted to also run on source gen. The tests were expanded to:
IAsyncEnumerablefor source-gen tests.NotSupportedException.Nullable<T>semantics are correct for the unsupported types that are value types.The exception thrown is the same as what the serializer throws. E.g.: