Skip to content

refactor: add type-safe BSON helpers in writer_security#6

Closed
retran wants to merge 1 commit intopr2-reader-migrationfrom
pr3-type-assertion-hardening
Closed

refactor: add type-safe BSON helpers in writer_security#6
retran wants to merge 1 commit intopr2-reader-migrationfrom
pr3-type-assertion-hardening

Conversation

@retran
Copy link
Copy Markdown
Owner

@retran retran commented Apr 23, 2026
edited
Loading

Why

writer_security.go contains ~26 type assertions on BSON interface values. Silent comma-ok patterns (v, _ = f.Value.(string)) swallow unexpected types and produce zero-value strings/bools that corrupt security data without any diagnostic. Bare assertions (ref = mf.Value.(string)) panic at runtime on type mismatches. Both patterns make debugging serialization issues extremely difficult. Centralizing these into typed helpers adds diagnostic logging and eliminates the entire class of silent-corruption and panic-crash bugs.

Summary

  • Add bsonString and bsonBool helper functions that extract typed values from BSON interface fields with diagnostic logging for unexpected types
  • Replace all 20 silent comma-ok type assertions (v, _ = f.Value.(string)) and 6 bare panic-risk assertions (ref = mf.Value.(string)) with helper calls
  • Zero silent comma-ok primitive assertions remain in writer_security.go (bson.D/bson.A assertions with proper if !ok guards left unchanged)

Stacked on

Test

make build && make test && make lint-go — all pass

Copilot AI review requested due to automatic review settings April 23, 2026 15:20
Copilot AI reviewed Apr 23, 2026
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Refactors sdk/mpr/writer_security.go to centralize BSON primitive type extraction into small helpers, eliminating silent comma-ok assertions and panic-prone type assertions while adding diagnostics for unexpected BSON value types.

Changes:

  • Added bsonString / bsonBool helpers to safely extract typed values from BSON fields with logging on type mismatches.
  • Replaced multiple silent v, _ := ... assertions and bare .(type) assertions with helper calls across security-writer mutations/merges.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread sdk/mpr/writer_security.go
Comment thread sdk/mpr/writer_security.go Outdated
Comment thread sdk/mpr/writer_security.go Outdated
@retran retran mentioned this pull request Apr 23, 2026
Closed
@retran retran force-pushed the pr2-reader-migration branch from 5e49429 to b2c99ab Compare April 23, 2026 19:42
@retran retran force-pushed the pr3-type-assertion-hardening branch from 231606c to fd6530f Compare April 23, 2026 19:42
@retran retran requested a review from Copilot April 23, 2026 19:42
Copilot AI reviewed Apr 23, 2026
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 1 out of 1 changed files in this pull request and generated 3 comments.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread sdk/mpr/writer_security.go
Comment thread sdk/mpr/writer_security.go Outdated
Comment thread sdk/mpr/writer_security.go
@retran retran force-pushed the pr2-reader-migration branch from b2c99ab to dcf76c0 Compare April 23, 2026 20:10
@retran retran force-pushed the pr3-type-assertion-hardening branch from fd6530f to a1e8dad Compare April 23, 2026 20:11
@retran retran force-pushed the pr2-reader-migration branch from dcf76c0 to 0091e56 Compare April 23, 2026 20:27
@retran retran force-pushed the pr3-type-assertion-hardening branch from a1e8dad to fd9950e Compare April 23, 2026 20:28
@retran retran force-pushed the pr2-reader-migration branch from 0091e56 to a94b326 Compare April 24, 2026 08:24
@retran retran force-pushed the pr3-type-assertion-hardening branch from fd9950e to 778f837 Compare April 24, 2026 08:34
@retran retran force-pushed the pr2-reader-migration branch from a94b326 to d7f88c1 Compare April 24, 2026 08:34
@retran retran force-pushed the pr3-type-assertion-hardening branch from 778f837 to 6ef29ce Compare April 24, 2026 08:41
@retran retran force-pushed the pr2-reader-migration branch from d7f88c1 to 1d67cb5 Compare April 24, 2026 08:41
@retran retran force-pushed the pr3-type-assertion-hardening branch from 6ef29ce to c4e3655 Compare April 24, 2026 08:43
@retran retran requested a review from Copilot April 24, 2026 08:51
Copilot AI reviewed Apr 24, 2026
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 2 out of 2 changed files in this pull request and generated 3 comments.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread sdk/mpr/writer_security_test.go
Comment thread sdk/mpr/writer_security_test.go
Comment thread sdk/mpr/writer_security_test.go Outdated
@retran retran force-pushed the pr3-type-assertion-hardening branch 2 times, most recently from 058d9e1 to 3b527e0 Compare April 24, 2026 09:02
@retran retran requested a review from Copilot April 24, 2026 09:03
Copilot AI reviewed Apr 24, 2026
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 2 out of 2 changed files in this pull request and generated 2 comments.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread sdk/mpr/writer_security_test.go Outdated
Comment thread sdk/mpr/writer_security_test.go Outdated
@retran retran force-pushed the pr3-type-assertion-hardening branch from 3b527e0 to fac524a Compare April 24, 2026 09:20
@retran retran requested a review from Copilot April 24, 2026 09:30
Copilot AI reviewed Apr 24, 2026
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 2 out of 2 changed files in this pull request and generated 2 comments.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread sdk/mpr/writer_security.go Outdated
Comment thread sdk/mpr/writer_security_test.go
@retran retran force-pushed the pr3-type-assertion-hardening branch from fac524a to 72a49c8 Compare April 24, 2026 09:37
@retran retran requested a review from Copilot April 24, 2026 09:47
Copilot AI reviewed Apr 24, 2026
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 2 out of 2 changed files in this pull request and generated no new comments.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@retran
Copy link
Copy Markdown
Owner Author

retran commented Apr 24, 2026

Superseded by upstream PR mendixlabs#297

@retran retran closed this Apr 24, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@retran