Comments (8)
Not sure this is something I'd want to solve at the language level.
You have something which is not just a string, it's a password.
As @jakemac53 suggests, wrapping it in a class would avoid accidentally treating it as just any other string.
The problem here is that you both want to convert it to JSON, but also don't want to convert it to a string, but JSON is a text format.
Maybe you can choose to have the toJson
function return something still containing to Password
object, have Password.toString()
return "<Redacted>"
and pass a toEncodable
function to jsonEncode
that converts Password
to Password.text
(the real text). Then anyone accidentally printing the password, or the JSON-like map structure, will not see the password, but actually converting using jsonEncode
(perhaps even directly to UTF-8) will contain the password.
from language.
I would suggest just using a wrapper class here:
class Private<T> {
final T privateValueWhichShouldNotEscape;
Private(this.privateValueWhichShouldNotEscape);
}
That should send the right signal to anybody using the value, that it shouldn't be printed, assigned to other variables, etc.
from language.
You could possibly even do this as an extension type to make it zero cost.
from language.
The default behavior for classes would print something like Instance of Credentials
. Anything else is coming from some code generator or other similar feature, which is giving you a toString
based on the fields.
This is probably an issue for whatever package it is that is giving you that customized toString
method, and could be solved however that package accepts configuration (probably an annotation).
from language.
My apologies, I erroneously omitted the .toJson
and .toString
methods that I had included from my previous issue. I have updated the example code to include those.
from language.
I wouldn't get too hung up on the fact that my example is a password or uses .toJson - these are just examples. It could very well be something like a social security number, or some other private item. The idea here is that it would function as normal, but using any print
, debugPrint
, or log
statement would print out some sort of "redacted" message. Notably, this would not prevent you from, say, splitting the value into a list of glyphs and printing those out. My idea is that it's a simple safety check to prevent ham-fisted and careless spilling of secrets by using debug logging.
from language.
I wouldn't get too hung up on the fact that my example is a password or uses .toJson
The advice above isn't specific to passwords, which is why I suggested a generic class.
The methods you describe all just call toString()
on anything they are given, so a simple wrapper type which has a custom toString()
which prints nothing is a very simple and reasonable way to prevent this information from being accidentally surfaced by things.
By naming the actual member to access the real value something scary, it should make it easy in code reviews to know when the real, unredacted version is being accessed so that such access can be carefully assessed.
from language.
I wouldn't get too hung up on the fact that my example is a password or uses .toJson
The advice above isn't specific to passwords, which is why I suggested a generic class.
The methods you describe all just call
toString()
on anything they are given, so a simple wrapper type which has a customtoString()
which prints nothing is a very simple and reasonable way to prevent this information from being accidentally surfaced by things.By naming the actual member to access the real value something scary, it should make it easy in code reviews to know when the real, unredacted version is being accessed so that such access can be carefully assessed.
That's a valid and fair point.
from language.
Related Issues (20)
- Consider moving _macros/macros into _fe_analyzer_shared for breaking changes HOT 11
- Static type metadata guided shorthands and features HOT 4
- No macro.TypeDeclarationImpl for `dynamic` HOT 4
- Adoption of functional programming in the Dart language HOT 2
- Enhancing `library` and `part of` Declarations in Dart HOT 1
- Create the type `Monad` HOT 4
- Allow `import` and `part` to have wildcard path to import every lib in specific directory HOT 1
- Adding conditional imports/parts with macros. HOT 2
- Consider changing the context for the operand of `throw` to `Object`. HOT 3
- Allow statically known class fields to be used in switch statements HOT 4
- could support static extension? HOT 2
- Macro - Augment class with generic HOT 7
- Macro annotation information in yaml files next steps HOT 2
- Network paths don't work anymore with version 3.4.0 HOT 2
- "Merge to source" for macros that only need Phase 3 HOT 21
- Follow up on "spawn isolate from kernel blob" implementation
- Allow pattern `case` conditions in `while` statements. HOT 2
- Unable to call super method on an object. HOT 2
- Add syntactic sugar for package imports HOT 2
- Allow recursive extension type
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from language.