Re: JSON Marshal vs Decode


Whoops – It’s always good to commit one’s changes, not simply add them. They’re there now. Thanks for the catch, Lenny.




From: Goodell, Leonard <leonard.goodell@...>
Sent: Thursday, March 7, 2019 2:01 PM
To: Conn, Trevor; edgex-tsc-core@...; EdgeX-GoLang@...
Subject: RE: JSON Marshal vs Decode



Hi Trevor,

  Not seeing your changes. Did you push them to your branches. i.e. “This branch is even with edgexfoundry:master.” 😉





From: EdgeX-TSC-Core@... <EdgeX-TSC-Core@...> On Behalf Of Trevor.Conn@...
Sent: Thursday, March 07, 2019 11:43 AM
To: edgex-tsc-core@...; EdgeX-GoLang@...
Subject: [Edgex-tsc-core] JSON Marshal vs Decode


Hi all – I’m sending this email out as a follow up to today’s Core WG call. The recording of the call can be found on the wiki page and discussion pertinent to this topic starts at about the 30 minute mark.


The issue in a nutshell is that in large measure throughout the EdgeX Go services, we ingest and deserialize JSON requests in the following manner:


var e models.Event

dec := json.NewDecoder(r.Body)

err := dec.Decode(&e)


Or, alternatively stated


var pw models.ProvisionWatcher


The mechanism used here to decode the request body from a stream containing JSON into a given type does NOT cause the custom unmarshaling logic present in many contracts to be called. This was proven and demo’ed on the call. In essence, this means we have an issue guaranteeing the integrity of requests received by all services in edgex-go that utilize the above pattern.


I presented a solution to this problem on the call. The depth to which we embrace the solution and the associated timeframe is TBD. If you wish to more closely review the code that I showed during the call, I have made that available via the following feature branches.


If you are interested in this topic, I am happy to take any questions/comments via this email thread or Slack. Thanks.


Trevor Conn

Senior Principal Software Engineer

Dell Technologies | IoT DellTech


Round Rock, TX USA


Join to automatically receive all group messages.