Hi!
On Thu, Mar 29, 2018 at 04:29:09AM -0700, gary.willoug...@victoriaplumb.com
wrote:
> Thanks for the all the responses but I was after a more dynamic solution
> where you don't need to 'register' the types or select them using a switch
> but that it just works.
I believe this is just a wrong way to Go.
If you'll make it possible to create new instances of any type which name
was mentioned in JSON you'll open door for RCE security issue.
If you'll limit this to types which has some "mark" (like StrPtr field in
your example) and implement auto-detection of these, then you just
exchange one obvious `register(instance)` line to one subtle `StrPtr
*string` line. This not only make code less clear, but it also open door
for security issue in case you've imported some other package which also
has own types with StrPtr but you didn't supposed to automatically allow
unmarshalling of that package's types in your app.
Even in case you've dozens of types you need to receive from JSON and
you're lazy enough to write one switch statement enumerating all of them,
then usual Go solution for such cases is to use code generation - i.e.
write a tool which will scan your sources and autogenerate .go file with
that switch, and put it call into //go:generate comment.
--
WBR, Alex.
--
You received this message because you are subscribed to the Google Groups
"golang-nuts" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to golang-nuts+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
