Ktorfit icon indicating copy to clipboard operation
Ktorfit copied to clipboard

Published 20 hours ago verified publisher icon Foso

Obfuscation issue with "qualifiedTypename"

Open Monabr opened this issue 3 months ago • 3 comments

Ktorfit version

1.12.0

What happened and how can we reproduce this issue?

After creating a request, for example Get, the generated class will have a field qualifiedTypename which will contain the full path to the response model from the request.

What did you expect to happen?

I understand that this name is possibly used to assign a key to this model. But this violates the principles of obfuscation! I would expect that I would be able to set such a name myself (I would enter some unique random string) or the code would do it itself, but would not store the full name of the model class.

Is there anything else we need to know about?

I would like to see this behavior corrected as quickly as possible. I want to use this library, but this issue makes me worry about attackers learning more about the project structure due to this obfuscation issue.

Monabr avatar Mar 29 '24 01:03 Monabr