Skip to content

Commit

Permalink
Validate static command argument type before deserialization
Browse files Browse the repository at this point in the history
  • Loading branch information
exyi committed Oct 22, 2023
1 parent 09d893c commit 38e1983
Showing 1 changed file with 14 additions and 1 deletion.
15 changes: 14 additions & 1 deletion src/Framework/Framework/Hosting/StaticCommandExecutor.cs
Original file line number Diff line number Diff line change
Expand Up @@ -60,13 +60,26 @@ IDotvvmRequestContext context
IDotvvmRequestContext context
)
{
var parameters = plan.Method.GetParameters();
object? DeserializeArgument(Type type, int index)
{
var parameterType =
plan.Method.IsStatic ? parameters[index].ParameterType :
index == 0 ? plan.Method.DeclaringType :
parameters[index - 1].ParameterType;
if (!parameterType!.IsAssignableFrom(type))
throw new Exception($"Argument {index} has an invalid type");
var arg = arguments.Dequeue();
return arg.ToObject(type, this.jsonDeserializer);
}
var methodArgs = new List<object?>();
var methodArgsPaths = argumentValidationPaths is null ? null : new List<string?>();
foreach (var a in plan.Arguments)
{
var index = methodArgs.Count;
var (value, path) = a.Type switch {
StaticCommandParameterType.Argument =>
((object?)arguments.Dequeue().ToObject((Type)a.Arg!, this.jsonDeserializer), argumentValidationPaths?.Dequeue()),
(DeserializeArgument((Type)a.Arg!, index), argumentValidationPaths?.Dequeue()),
StaticCommandParameterType.Constant or StaticCommandParameterType.DefaultValue =>
(a.Arg, null),
StaticCommandParameterType.Inject =>
Expand Down

0 comments on commit 38e1983

Please sign in to comment.