Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add option to ParsingConfig to allow the Equals and ToString methods on object #875

Merged
merged 6 commits into from
Jan 24, 2025

Conversation

StefH
Copy link
Collaborator

@StefH StefH commented Jan 23, 2025

No description provided.

@StefH StefH added the feature label Jan 23, 2025
@StefH StefH self-assigned this Jan 23, 2025
@StefH
Copy link
Collaborator Author

StefH commented Jan 23, 2025

@Tasteful

I used your idea for allowing the Equals and ToString methods with a config setting.

Note that for security reasons, it's not allowed by default.

@StefH StefH merged commit 1934a14 into master Jan 24, 2025
4 checks passed
@StefH StefH deleted the stef_objectEquals_objectToString branch January 24, 2025 17:11
@ChrisGilbertInfor
Copy link

Hi, @StefH.

I wondered whether it would be possible for you to comment on the potential security implications of enabling this?

We are using the library to call .ToString on an Int32 but it is calling object's implementation of that method, rather than the Int32 override. This is obviously erroring unless we turn on this config setting.

Appreciate the help,
Chris

@StefH
Copy link
Collaborator Author

StefH commented Jan 29, 2025

Hello @ChrisGilbertInfor,

Sorry, I cannot comment on the security implications of enabling this setting for your applications.

About int.ToString(), I think it's possible and also safe to allow ToString and Equals on these types:

typeof(bool)
typeof(char)
typeof(string)
typeof(sbyte)
typeof(byte)
typeof(short)
typeof(ushort)
typeof(int)
typeof(uint)
typeof(long)
typeof(ulong)
typeof(float)
typeof(double)
typeof(decimal)
typeof(DateTime)
typeof(DateTimeOffset)
typeof(TimeSpan)
typeof(Guid)
typeof(Uri)
typeof(DateOnly)
typeof(TimeOnly)

I'll think about this.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Development

Successfully merging this pull request may close these issues.

2 participants