-
-
Notifications
You must be signed in to change notification settings - Fork 774
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Struct with named fields can be deserialized from sequence #1587
Comments
Do we have any solution for this yet? I also landed into this problem today where by my json is getting wrongly deserialized. I have 2 types of values in a Container enum. The first is a struct containing String as field and the second is a Vector of String values.
While deserializing Here is the code link: Playground |
Would a Fwiw, there's nothing stopping you from writing a Deserialize implementation that does this yourself: https://play.rust-lang.org/?version=stable&mode=debug&edition=2018&gist=dc9fbffd94d47da2153a6308a30f5c88 |
Is there any way to enforce this without giving up |
I implemented the |
… struct variants from a sequence BREAKING CHANGE: This breaks previously established (wrong) behaviour on which some dependencies might depend.
This only has an effect on struct variants.
…eserialize_in_place
When I derive
Deserialize
for a struct containing named fields, I expect that in any format that has a way of expressing named fields (i.e. pretty much every ordinary format except Bincode), it will always be expressed as a map containing named fields. To my surprise, it can also be deserialized from a sequence of field values without field names, even in formats where this is not correct, such as JSON and YAML.Accepting invalid data is a security risk as well as risk of causing people to rely on an unintended implementation details. This also risks having different implementations that differ in what data they accept, which is also a security risk. Further it bloats programs with visitor methods for parsing invalid data, which would otherwise automatically be removed by the compiler.
In this example, I'd like deserialization to fail, but it incorrectly parses invalid data into a structure. (Playground)
Maybe this is due to implementations of various formats not taking proper care in what data they accept after
deserialize_struct
is called, or maybe it is because of Serde itself having an ambiguous purpose of thevisit_seq
method, and there needs to be a different visitor method that is used only for formats that don't use field names (e.g. Bincode), with a default implementation that delegates tovisit_seq
. DerivingDeserialize
for structs would then implement this method, but not thevisit_seq
method which also applies to JSON sequences.The text was updated successfully, but these errors were encountered: