[jboss-jira] [JBoss JIRA] (AS7-6139) ModelTypeValidator is overly lenient about numeric types

Jason Greene (JIRA) jira-events at lists.jboss.org
Fri Jan 4 13:03:08 EST 2013 

    [ https://issues.jboss.org/browse/AS7-6139?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12743602#comment-12743602 ] 

Jason Greene commented on AS7-6139:
-----------------------------------

you can call getType() on any ModelNode, and then do if/else with instanceof.

The rules I am thinking of that make the most sense are:

long|bigint|*bigdec|*double -> int (check range)
bigint|*bigdec|*double -> long (check range)
int|long|bigint|*bigdec -> double (allow)
int -> long (allow)
*bigdec -> bigint (allow)

string -> int|long|bigint|bigdec|double (verify parse)

* = we could theoretically verify no fractional values when going from double|bigdec to an integral value. I think that we really should not.
                
> ModelTypeValidator is overly lenient about numeric types
> --------------------------------------------------------
>
>                 Key: AS7-6139
>                 URL: https://issues.jboss.org/browse/AS7-6139
>             Project: Application Server 7
>          Issue Type: Bug
>          Components: Domain Management
>    Affects Versions: 7.1.3.Final (EAP)
>            Reporter: Brian Stansberry
>            Assignee: Chao Wang
>            Priority: Minor
>         Attachments: AS7-6139.patch
>
>
> ModelTypeValidator does some conversion checks to see if a passed in ModelNode meets the requirements of the valid type. These checks are overly lenient when it comes to numeric types as they rely only on the ModelNode.asXXX() methods not failing. But those methods don't fail even if the conversion involves a narrowing.
> For example, calling new ModelNode(Long.MAX_LONG).asInt() will not fail, but if the user passed in such a value for use in an attribute of type INT the stored value would not be what was expected.
> Note this is minor as in many, many cases ModelTypeValidator subclasses like IntRangeValidator are used, and those subclasses enforce ranges.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the jboss-jira mailing list