[shared_preferences] update List<String> encode/decode #8335
Conversation
|
@stuartmorgan ready for review here as well |
...ndroid/src/main/java/io/flutter/plugins/sharedpreferences/LegacySharedPreferencesPlugin.java
Outdated
Show resolved
Hide resolved
...ndroid/src/main/java/io/flutter/plugins/sharedpreferences/LegacySharedPreferencesPlugin.java
Show resolved
Hide resolved
| for (String key : allPrefs.keySet()) { | ||
| if (key.startsWith(prefix) && (allowList == null || allowList.contains(key))) { | ||
| filteredPrefs.put(key, transformPref(key, allPrefs.get(key))); | ||
| filteredPrefs.put(key, transformPref(key, Objects.requireNonNull(allPrefs.get(key)))); |
There was a problem hiding this comment.
What was requireNonNull needed here? Also this code is getting a bit difficult to parse. (A loop with a conditional that sets some transformed filtered data) Consider breaking parts out into methods or adding comments.
There was a problem hiding this comment.
It's a change suggested by a warning I was getting in Android Studio. Since the method being called requires nonnull arguments and getting a value from a map doesn't programmatically guarantee a value. In this context, there would always be a value though.
| if (value instanceof String) { | ||
| String stringValue = (String) value; | ||
| if (stringValue.startsWith(LIST_IDENTIFIER)) { | ||
| if (stringValue.startsWith(JSON_LIST_IDENTIFIER)) { |
There was a problem hiding this comment.
I think this is where having the keys be similar starts to be important. That said from reading the code the reader does not know the keys are overlapping and it would seem safe in code review to swap the order of these if statements.
Consider making the keys independent so that you are not relying on the contents of the keys. If that is too much code change then consider making a "LIST_PREFIX" that can be checked so that it is at least clear in code what the relationship is.
If you want further reading see
https://www.16elt.com/2024/09/25/first-book-of-byte-sized-tech/
I think the first example explains the principal I am applying.
There was a problem hiding this comment.
Consider making the keys independent so that you are not relying on the contents of the keys.
This is something Tarrin and I had discussed offline; making it a prefix avoids this being a potentially (very unlikely, but still possible) breaking change, by using our already-reserved space.
I would strongly prefer we keep that, and adjust the code to make it explicit to readers.
There was a problem hiding this comment.
Ok I can understand that fear and why it might fail. Thank you for being open to structuring the code differently so that the overlap is easier to follow for future maintainers.
...ndroid/src/main/java/io/flutter/plugins/sharedpreferences/LegacySharedPreferencesPlugin.java
Show resolved
Hide resolved
...preferences/shared_preferences_android/example/integration_test/shared_preferences_test.dart
Outdated
Show resolved
Hide resolved
| @@ -1,3 +1,9 @@ | |||
| ## 3.0.0 | |||
There was a problem hiding this comment.
Are the breaking changes required? if not consider fixing/mitigating the security issue independent of the breaking changes. It makes it more likely for them to be adopted.
There was a problem hiding this comment.
Breaking changes to shared_preferences have the potential to be quite disruptive to the ecosystem; I would strongly prefer we keep the legacy type support around to making a breaking change.
There was a problem hiding this comment.
Fair enough. I originally expected this change was going to end up being "technically" breaking due to the new prefix (before we discussed the prefix extension plan) so I wanted to wrap these long awaited breaking changes in as well. I'll revert them.
There was a problem hiding this comment.
Breaking changes to
shared_preferenceshave the potential to be quite disruptive to the ecosystem; I would strongly prefer we keep the legacy type support around to making a breaking change.
Should I revert the error handling changes as well?
There was a problem hiding this comment.
Should I revert the error handling changes as well?
I did this.
packages/shared_preferences/shared_preferences_android/lib/src/strings.dart
Outdated
Show resolved
Hide resolved
packages/shared_preferences/shared_preferences_android/lib/src/shared_preferences_android.dart
Outdated
Show resolved
Hide resolved
| case 'String': | ||
| return _api.setString(key, value as String); | ||
| value as String; | ||
| if (value.startsWith(listPrefix) || |
There was a problem hiding this comment.
Will this list grow? if so consider making a set of prefixes to check.
There was a problem hiding this comment.
We don't generally add types to shared_preferences since anything that all platforms don't support ends up with unpleasant complexity like the List<String> mess we are currently dealing with.
| @@ -1,3 +1,9 @@ | |||
| ## 3.0.0 | |||
There was a problem hiding this comment.
Breaking changes to shared_preferences have the potential to be quite disruptive to the ecosystem; I would strongly prefer we keep the legacy type support around to making a breaking change.
...roid/android/src/main/kotlin/io/flutter/plugins/sharedpreferences/SharedPreferencesPlugin.kt
Outdated
Show resolved
Hide resolved
| case 'String': | ||
| return _api.setString(key, value as String); | ||
| value as String; | ||
| if (value.startsWith(listPrefix) || |
There was a problem hiding this comment.
We don't generally add types to shared_preferences since anything that all platforms don't support ends up with unpleasant complexity like the List<String> mess we are currently dealing with.
.../shared_preferences/shared_preferences_android/lib/src/shared_preferences_async_android.dart
Outdated
Show resolved
Hide resolved
tarrinneal
changed the title
packages/shared_preferences/shared_preferences_android/CHANGELOG.md
Outdated
Show resolved
Hide resolved
...ndroid/src/main/java/io/flutter/plugins/sharedpreferences/LegacySharedPreferencesPlugin.java
Outdated
Show resolved
Hide resolved
...roid/android/src/main/kotlin/io/flutter/plugins/sharedpreferences/SharedPreferencesPlugin.kt
Outdated
Show resolved
Hide resolved
...nces_android/android/src/main/kotlin/io/flutter/plugins/sharedpreferences/MessagesAsync.g.kt
Outdated
Show resolved
Hide resolved
...roid/android/src/main/kotlin/io/flutter/plugins/sharedpreferences/SharedPreferencesPlugin.kt
Outdated
Show resolved
Hide resolved
.../shared_preferences/shared_preferences_android/lib/src/shared_preferences_async_android.dart
Outdated
Show resolved
Hide resolved
.../shared_preferences/shared_preferences_android/lib/src/shared_preferences_async_android.dart
Show resolved
Hide resolved
.../shared_preferences/shared_preferences_android/lib/src/shared_preferences_async_android.dart
Outdated
Show resolved
Hide resolved
.../shared_preferences/shared_preferences_android/lib/src/shared_preferences_async_android.dart
Outdated
Show resolved
Hide resolved
.../shared_preferences/shared_preferences_android/lib/src/shared_preferences_async_android.dart
Outdated
Show resolved
Hide resolved
packages/shared_preferences/shared_preferences_android/pigeons/messages.dart
Outdated
Show resolved
Hide resolved
tarrinneal
added
the
autosubmit
auto-submit
bot
removed
the
autosubmit
|
autosubmit label was removed for flutter/packages/8335, because - The status or check suite Linux_android android_platform_tests_shard_1 master has failed. Please fix the issues identified (or deflake) before re-applying this label. |
tarrinneal
added
the
autosubmit
|
autosubmit label was removed for flutter/packages/8335, because - The status or check suite Linux_android android_platform_tests_shard_1 master has failed. Please fix the issues identified (or deflake) before re-applying this label. |
auto-submit
bot
removed
the
autosubmit
tarrinneal
force-pushed
the
listString-encode
branch
from
24aefc2 to
1cdce8d
Compare
tarrinneal
added
the
autosubmit
|
It looks like this may have caused OOB failure in |
flutter/packages@3d3ab7b...258f6dc 2025-01-24 [email protected] [shared_preferences] Add shared preferences devtool (flutter/packages#8494) 2025-01-24 [email protected] [shared_preferences] update List<String> encode/decode (flutter/packages#8335) 2025-01-24 [email protected] Manual roll Flutter from c1561a4 to c1ffaa9 (21 revisions) (flutter/packages#8498) 2025-01-24 [email protected] [ios_platform_images] Switch to `loadImage` (flutter/packages#8216) 2025-01-24 [email protected] [camera] Remove OCMock from CameraExposureTests and CameraFocusTests (flutter/packages#8351) 2025-01-24 [email protected] [shared_preferences] Tool for migrating from legacy shared_preferences to shared_preferences_async (flutter/packages#8229) 2025-01-23 [email protected] Revert "[shared_preferences] Add shared preferences devtool" (flutter/packages#8493) 2025-01-23 [email protected] [go_router] Fix return type of current state getter to be non-nullable (flutter/packages#8173) 2025-01-23 [email protected] Manual roll Flutter from b2f515f to c1561a4 (18 revisions) (flutter/packages#8491) 2025-01-23 [email protected] [pigeon] fixes event channel dart instance name usage and adds test (flutter/packages#8483) 2025-01-23 [email protected] [go _route] fragment parameter added (flutter/packages#8232) 2025-01-23 [email protected] [in_app_purchase] Update in_app_purchase_android version in in_app_purchase (flutter/packages#8463) 2025-01-23 [email protected] [image_picker] Reference alternate macOS implementations (flutter/packages#8487) 2025-01-23 [email protected] [rfw] Activate leak testing (flutter/packages#8370) 2025-01-23 [email protected] [video_player] Activate leak testing (flutter/packages#8379) 2025-01-23 [email protected] Manual roll Flutter from b9e86a5 to b2f515f (42 revisions) (flutter/packages#8482) 2025-01-23 [email protected] [camera] Add API support query for image streaming (app-facing) (flutter/packages#8422) 2025-01-23 [email protected] Manual roll Flutter from b9e86a5 to eb6af3d (13 revisions) (flutter/packages#8473) 2025-01-23 [email protected] [shared_preferences] Add shared preferences devtool (flutter/packages#8322) If this roll has caused a breakage, revert this CL and stop the roller using the controls here: https://autoroll.skia.org/r/flutter-packages-flutter-autoroll Please CC [email protected] on the revert to ensure that a human is aware of the problem. To file a bug in Flutter: https://github.com/flutter/flutter/issues/new/choose To report a problem with the AutoRoller itself, please file a bug: https://issues.skia.org/issues/new?component=1389291&template=1850622 Documentation for the AutoRoller is here: https://skia.googlesource.com/buildbot/+doc/main/autoroll/README.md
|
This is causing The plan is to revert. |
camsim99
added
the
revert
|
Time to revert pull request flutter/packages/8335 has elapsed. |
auto-submit
bot
removed
the
revert
Follow up to flutter#8187 Updates Android `List<String>` encoding/decoding to use JSON to avoid potential future breakages from restricted list types.
Follow up to flutter#8187 Updates Android `List<String>` encoding/decoding to use JSON to avoid potential future breakages from restricted list types.
4 participants
Follow up to #8187
Updates Android
List<String>encoding/decoding to use JSON to avoid potential future breakages from restricted list types.