Ticket #2 (new defect)
Opened 10 years ago
Make Unsafe<T> safer
Reported by: | smagi | Owned by: | smagi |
---|---|---|---|
Priority: | minor | Component: | clavis |
Version: | Keywords: | ||
Cc: |
Description
Unsafe<T> currently exposes a Value property, which makes it very easy to use in an unsafe context:
string sql = "SELECT * FROM Foo WHERE " .. Unsafe<string> someProp; if (this.TryParse0(out someProp)) sql += " SomeProp = '" + someProp + "' AND "; ...
I want to discourage such horrible implementations by making it difficult to extract and use possibly unsafe values. It's not clear how to do this however. Even a TryGetValue?-type interface, while more annoying, is still easy enough to circumvent:
string sql = "SELECT * FROM Foo WHERE " .. Unsafe<string> somePropUnsafe; string someProp if (this.TryParse0(out somePropUnsafe) && somePropUnsafe.TryGetValue(out someProp)) sql += " SomeProp = '" + someProp + "' AND "; ...
Perhaps we could attach some sort of validator to an unsafe value's TryGetValue?:
string sql = "SELECT * FROM Foo WHERE " .. Unsafe<string> somePropUnsafe; if (this.TryParse0(out somePropUnsafe, Sql.StringValidator)) sql += " SomeProp = '" + someProp + "' AND "; ...
This would work for simple values, but the SQL example clearly shows that you have to be able to parse full SQL to ascertain whether the string is actually safe. This doesn't seem reasonable.