Deserialization should be more strict

Question

Deserialization should be more strict

evaporei opened this issue 4 years ago · 3 comments

If you deserialize a struct like this:

use edn_derive::Deserialize;

#[derive(Derive)]
struct A {
    amount: usize,
}

let a: A = edn_rs::from_str("{ :amount -10 }").unwrap(); // A { amount: 18446744073709551606 }
let a: A = edn_rs::from_str("{ :amount "123" }").unwrap(); // A { amount: 123 }

The second one is more acceptable, but IMO we should be strict about deserialization conversions.

Maybe we can offer a loose one and a strict one.

naomijub commented 4 years ago

#49

Answer 1 · 2020-09-12T15:41:01.000Z

We should stop using the to_ conversions like this one on Deserialization:https://github.com/naomijub/edn-rs/blob/1090f2601f3275e3a9a8b7efcdd958a95888af8c/src/edn/mod.rs#L358

They have a different purpose.

Answer 2 · 2020-09-12T19:07:06.000Z

I don't agree that this is a problem let a: A = edn_rs::from_str("{ :amount "123" }").unwrap(); // A { amount: 123 }. How ever, the solution to this is to remove these lines:
https://github.com/naomijub/edn-rs/blob/master/src/edn/mod.rs#L360
https://github.com/naomijub/edn-rs/blob/master/src/edn/mod.rs#L349
https://github.com/naomijub/edn-rs/blob/master/src/edn/mod.rs#L324