You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
In oxidecomputer/omicron#1210 I saw a case where we had multiple Rust types with the same name (well, in different modules) -- one was used as an input type and one as an output type. Only one of these made it into the OpenAPI spec. It seems like this could result in all kinds of bad behavior. For example, suppose type A is used in the spec where type B was meant. At best, if B is an input type, and the types are totally different, then every request that used type B as input would probably fail validation and there'd be no way to call them (using a spec-generated client). At worst, if the types are similar but type B has an optional field that's not in type A, dropshot would be silently corrupting data on input (silently deleting a field from the struct). I think you could have the same thing on output.
The text was updated successfully, but these errors were encountered:
In oxidecomputer/omicron#1210 I saw a case where we had multiple Rust types with the same name (well, in different modules) -- one was used as an input type and one as an output type. Only one of these made it into the OpenAPI spec. It seems like this could result in all kinds of bad behavior. For example, suppose type A is used in the spec where type B was meant. At best, if B is an input type, and the types are totally different, then every request that used type B as input would probably fail validation and there'd be no way to call them (using a spec-generated client). At worst, if the types are similar but type B has an optional field that's not in type A, dropshot would be silently corrupting data on input (silently deleting a field from the struct). I think you could have the same thing on output.
The text was updated successfully, but these errors were encountered: