graphql-phoenix-rethinkdb icon indicating copy to clipboard operation
graphql-phoenix-rethinkdb copied to clipboard

Published 20 hours ago verified publisher icon graphql-elixir

to_atom

Open note89 opened this issue 8 years ago • 1 comments

in database.ex for {key, val} <- doc, into: %{}, do: {String.to_atom(key), val}

https://elixir-lang.slack.com/team/hamiltop explained that this was not a very good idea in elixir and could lead to a malicious attacker crashing ones servers. instead to_existing_atom should be used

note89 avatar Apr 16 '16 15:04 note89

@note89 I agree but in this case wouldn't it be possible that those keys were never defined beforehand, making it crash because they're not existing yet? (example being that the DB data doesn't match the schema exactly) Or perhaps they would from the schema definition?

I think the bigger issue is that it's needed in the first place to go from String -> Symbol -> String for the response.

AdamBrodzinski avatar Apr 16 '16 21:04 AdamBrodzinski