Obfuscation issue with "qualifiedTypename"

[Monabr]

Ktorfit version

1.12.0

What happened and how can we reproduce this issue?

After creating a request, for example Get, the generated class will have a field qualifiedTypename which will contain the full path to the response model from the request.

What did you expect to happen?

I understand that this name is possibly used to assign a key to this model. But this violates the principles of obfuscation! I would expect that I would be able to set such a name myself (I would enter some unique random string) or the code would do it itself, but would not store the full name of the model class.

Is there anything else we need to know about?

I would like to see this behavior corrected as quickly as possible. I want to use this library, but this issue makes me worry about attackers learning more about the project structure due to this obfuscation issue.

[Foso]

Hi @Monabr the idea behind qualifiedTypename was to have a way to get access to the full path from inside a ConverterFactory for non-JVM targets, because there you only get the class name by reflection.
I think i can add a option to keep the value empty. When none of your converters use qualifiedTypename it should work without any problems

[Monabr]

@Foso Hi. Is the option already implemented? Want to try it.

[Foso]

Yes, you can try 2.0.0-beta1 https://foso.github.io/Ktorfit/CHANGELOG/#qualifiedtypename-in-ktorfit

[Foso]

It's implemented with 2.0.0