You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
What happened and how can we reproduce this issue?
After creating a request, for example Get, the generated class will have a field qualifiedTypename which will contain the full path to the response model from the request.
What did you expect to happen?
I understand that this name is possibly used to assign a key to this model. But this violates the principles of obfuscation! I would expect that I would be able to set such a name myself (I would enter some unique random string) or the code would do it itself, but would not store the full name of the model class.
Is there anything else we need to know about?
I would like to see this behavior corrected as quickly as possible. I want to use this library, but this issue makes me worry about attackers learning more about the project structure due to this obfuscation issue.
The text was updated successfully, but these errors were encountered:
Hi @Monabr the idea behind qualifiedTypename was to have a way to get access to the full path from inside a ConverterFactory for non-JVM targets, because there you only get the class name by reflection.
I think i can add a option to keep the value empty. When none of your converters use qualifiedTypename it should work without any problems
Ktorfit version
1.12.0
What happened and how can we reproduce this issue?
After creating a request, for example
Get
, the generated class will have a fieldqualifiedTypename
which will contain the full path to the response model from the request.What did you expect to happen?
I understand that this name is possibly used to assign a key to this model. But this violates the principles of obfuscation! I would expect that I would be able to set such a name myself (I would enter some unique random string) or the code would do it itself, but would not store the full name of the model class.
Is there anything else we need to know about?
I would like to see this behavior corrected as quickly as possible. I want to use this library, but this issue makes me worry about attackers learning more about the project structure due to this obfuscation issue.
The text was updated successfully, but these errors were encountered: