You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Bind() should ignore attempts to bind a method that is not actually in the set of methods. It should probably issue a warning when it detects this situation.
Consider a .proto which says that foo() is a test method. That method may be implemented in some service (say bar) but not intended for use in prod. A nefarious person could try to bind foo() and then invoke it, which would be bad if the author of foo() expected it to only exist in a test situation.
This problem is really nasty because the decision of "is foo a test method()" is made at the time the code is generated and (intentionally) does not distinguish between test and normal methods so the tests can "work normally" without a bunch of shenanigans. The problem is that we would need to have a way to know when a bind is issued if it is legal or not, which at some level is going to need the .proto definition.
The text was updated successfully, but these errors were encountered:
Bind() should ignore attempts to bind a method that is not actually in the set of methods. It should probably issue a warning when it detects this situation.
Consider a .proto which says that foo() is a test method. That method may be implemented in some service (say bar) but not intended for use in prod. A nefarious person could try to bind foo() and then invoke it, which would be bad if the author of foo() expected it to only exist in a test situation.
This problem is really nasty because the decision of "is foo a test method()" is made at the time the code is generated and (intentionally) does not distinguish between test and normal methods so the tests can "work normally" without a bunch of shenanigans. The problem is that we would need to have a way to know when a bind is issued if it is legal or not, which at some level is going to need the .proto definition.
The text was updated successfully, but these errors were encountered: