Improper type assignation
Need
Enforce proper type assignment in the source code
Context
- Usage of Dart for building cross-platform mobile, web, and desktop applications
- Usage of Shelf for managing and organizing data in Node.js applications
Description
Non compliant code
import 'package:shelf/shelf.dart' as shelf;
shelf.Response handleRequest(shelf.Request request) {
var id = request.url.queryParameters['id'];
var name = request.url.queryParameters['name'];
// ... more code
}
In the above Dart code, the handleRequest
function receives a shelf.Request
object and retrieves parameters from the request URL. The id
and name
variables are declared using var
, which means they are dynamically typed.
Dart is a statically typed language, but it allows dynamic typing with the var
keyword. The type of var
is determined at runtime, which can lead to inefficiencies because the Dart VM has to determine the type of the variable each time it's used. This can also lead to bugs if the variable is expected to be of a certain type but is assigned a value of a different type at runtime.
In this context, id
and name
are expected to be strings since they are retrieved from the URL parameters. However, since they are declared with var
, they could potentially hold values of any type, leading to potential type errors later in the code.
Steps
- Declare the specific type for each variable instead of using 'var'.
- For 'id', if it is expected to be a string, declare it as 'String id'.
- For 'name', if it is expected to be a string, declare it as 'String name'.
- This will ensure that the variables are always of the expected type, reducing the need for type checking and casting in the rest of the code.
Compliant code
import 'package:shelf/shelf.dart' as shelf;
shelf.Response handleRequest(shelf.Request request) {
String id = request.url.queryParameters['id'];
String name = request.url.queryParameters['name'];
// ... more code
}
The original code had a vulnerability due to improper type assignation. The variables id
and name
were declared using var
, which means that their type is determined by the first value that gets assigned to them. This can lead to inefficiencies and potential bugs, as the type of these variables could change throughout the code, leading to unexpected behavior.
The fixed code declares id
and name
as String
. This ensures that these variables can only hold string values, preventing potential type-related bugs. This also improves the efficiency of the code, as Dart can now optimize for these specific types, and there is no need for additional type checking or casting when these variables are used later in the code.
By explicitly declaring the type of your variables, you make your code safer, more efficient, and easier to understand.