Include property name when serialization fails #300
Conversation
In my opinion, no! Don't put the property value in the error message. It is sufficient to put only the property name (with class name) in the error message! It would also be a security risk to add the value in the log.. |
|
yea I think you're right @nimo23, it could be a security risk, or the value could be very large. As long as Yasson says what property/class is failing to serialize, then the developer should be able to add print statements to determine the value if necessary. |
aguibert
changed the title
aguibert
changed the title
|
|
||
| import javax.json.bind.JsonbException; | ||
|
|
||
| public class Assertions { |
There was a problem hiding this comment.
@aguibert I am thinking about updating JUnit to version 5 instead of adding this class. As far as I know JUnit 5 could be able to handle this. What do you think? It might be some work to do, but I would say it is worth it. (I am not saying that you should update it by yourself.)
There was a problem hiding this comment.
@Verdent yea I'm all for JUnit 5, it's actually what inspired this helper class for now. Lets handle that separately from this PR though.
I assume you have no other objections to this PR and it's good to merge?
There was a problem hiding this comment.
Yes, I would say it looks good.
Fixes #297
I added an error message that includes:
ThetoString()value of the property we were trying to serialize.@m0mus / @Verdent I am not sure whether or not it is safe to be including the property value in the error message. For example, it could be an extremely large value (e.g. byte array). Also, are there any security reasons why we have not included property values in error messages in the past?EDIT: nvm, decided to not include property value in error messages