Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[release/9.0] Harden parsing of [Range] attribute values #59077

Merged
merged 1 commit into from
Nov 27, 2024
Merged

[release/9.0] Harden parsing of [Range] attribute values #59077

merged 1 commit into from
Nov 27, 2024
+77 −2

Conversation

github-actions[bot]
Copy link
Contributor

@github-actions github-actions bot commented Nov 20, 2024
edited by captainsafia
Loading

Backport of #59043 to release/9.0

/cc @captainsafia

Description

This change hardens the parsing logic for [Range] attributes to handle:

  • Values that cannot be mapped to a decimal as is required by the minimum and maximum keywords in the OpenAPI schema, like DateTime.
  • Handling for InvariantCulture as is set in RangeAttribute.ParseLimitsInInvariantCulture.

For scenarios where the range value is too large to be represented as a decimal, this implementation will no-op and not set the corresponding minimum or maximum in the OpenAPI document.

Fixes #57390

Customer Impact

Prevents unhandled exceptions when customers use the Range(object, object) overloads of the Range attribute instead of those that take a double/integer. There's no immediate workarounds for this bug outside of removing the attribute.

Regression?

  • Yes
  • No

Risk

  • High
  • Medium
  • Low

Change localized to Range attribute handling in OpenAPI package.

Verification

  • Manual (required)
  • Automated

Packaging changes reviewed?

  • Yes
  • No
  • N/A

Sorry, something went wrong.

@captainsafia
Harden parsing of [Range] attribute values

Verified

This commit was signed with the committer’s verified signature. The key has expired.
dargmuesli Jonas Thelemann
GPG key ID: 35F7DE95B70E1EAC
Expired
Verified
Learn about vigilant mode
Loading
Loading status checks…
3f8407b
@github-actions github-actions bot requested review from captainsafia and a team as code owners November 20, 2024 16:30
@dotnet-issue-labeler dotnet-issue-labeler bot added the area-mvc Includes: MVC, Actions and Controllers, Localization, CORS, most templates label Nov 20, 2024
@dotnet-policy-service dotnet-policy-service bot added this to the 9.0.x milestone Nov 20, 2024
captainsafia
captainsafia approved these changes Nov 27, 2024
View reviewed changes
Copy link
Member

@captainsafia captainsafia left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good bot! 🤖

@captainsafia captainsafia added Servicing-consider Shiproom approval is required for the issue Servicing-approved Shiproom has approved the issue and removed Servicing-consider Shiproom approval is required for the issue labels Nov 27, 2024
@captainsafia
Copy link
Member

Approved via email.

@wtgodbe wtgodbe merged commit 198cf83 into release/9.0 Nov 27, 2024
25 checks passed
@wtgodbe wtgodbe deleted the backport/pr-59043-to-release/9.0 branch November 27, 2024 20:30
@dotnet-policy-service dotnet-policy-service bot modified the milestones: 9.0.x, 9.0.1 Nov 27, 2024
This was referenced Jan 15, 2025
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mitchdenny mitchdenny

@captainsafia captainsafia

Assignees
No one assigned
Labels
area-mvc Includes: MVC, Actions and Controllers, Localization, CORS, most templates Servicing-approved Shiproom has approved the issue
Projects
None yet
Milestone
9.0.1
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@captainsafia @mitchdenny @wtgodbe