Hi all – I’m sending this email out as a follow up to today’s Core WG call. The recording of the call can be found on the wiki page and discussion pertinent to this topic starts at about the 30 minute mark.
The issue in a nutshell is that in large measure throughout the EdgeX Go services, we ingest and deserialize JSON requests in the following manner:
var e models.Event
dec := json.NewDecoder(r.Body)
err := dec.Decode(&e)
Or, alternatively stated
var pw models.ProvisionWatcher
The mechanism used here to decode the request body from a stream containing JSON into a given type does NOT cause the custom unmarshaling logic present in many contracts to be called. This was proven and demo’ed on the call. In essence, this means we have an issue guaranteeing the integrity of requests received by all services in edgex-go that utilize the above pattern.
I presented a solution to this problem on the call. The depth to which we embrace the solution and the associated timeframe is TBD. If you wish to more closely review the code that I showed during the call, I have made that available via the following feature branches.
If you are interested in this topic, I am happy to take any questions/comments via this email thread or Slack. Thanks.
Senior Principal Software Engineer
Dell Technologies | IoT DellTech
Round Rock, TX USA