Commit a38facd
committed
Remove DeclaredHandler to prevent accidental internal discovery
The `DeclaredHandler` has become a liability. Because class, interface, and enum
names are represented as strings, we run the risk of the library "helpfully"
identifying a piece of user input as an internal system part.
If a user happens to input a string that matches an internal class or enum name,
the stringifier would automatically confirm its existence by applying the
specialized formatting. This creates an information leakage vulnerability where
an outsider could map out our application's internal architecture simply by
guessing names.
By removing this handler, we ensure that a string is treated just as a string.
This follows our recent "secure-by-default" trend seen in the
`CallableStringifier` changes: we are prioritizing the privacy of the
application's internal blueprint over the convenience of automatic type
detection.1 parent c082c6f commit a38facd
File tree
5 files changed
+0
-134
lines changed- src/Handlers
- tests
- integration
- unit/Handlers
5 files changed
+0
-134
lines changed| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
83 | 83 | | |
84 | 84 | | |
85 | 85 | | |
86 | | - | |
87 | | - | |
88 | | - | |
89 | | - | |
90 | | - | |
91 | | - | |
92 | 86 | | |
93 | 87 | | |
94 | 88 | | |
| |||
136 | 130 | | |
137 | 131 | | |
138 | 132 | | |
139 | | - | |
140 | | - | |
141 | | - | |
142 | 133 | | |
143 | 134 | | |
144 | 135 | | |
| |||
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
41 | 41 | | |
42 | 42 | | |
43 | 43 | | |
44 | | - | |
45 | 44 | | |
46 | 45 | | |
47 | 46 | | |
| |||
This file was deleted.
This file was deleted.
This file was deleted.
0 commit comments