0

I have a simple code for an input model:

public class MyClass
{
    [Required]
    public MyEnum? Type { get; set; }
}

Now if I do not send Type as a part of json to the request, I get this error from Web.Api:

"The JSON value could not be converted to System.Nullable`1[MyNamespace.MyClass]. Path: $.type | LineNumber: 2 | BytePositionInLine: 16."

This really looks like information exposure to me, though I cannot see any real danger in exactly this information, but still, more that nothing.

Is it of any real concern or is it just fine?

schroeder
  • 123,438
  • 55
  • 284
  • 319
Ilya Chernomordik
  • 2,197
  • 1
  • 21
  • 36
  • ... that's why you implement error handling so that users do not get that info but what they need ... – schroeder Feb 14 '20 at 13:45
  • Well, it works just fine for all other cases usually, so I'd like not to reinvent the wheel if the framework already does it for me – Ilya Chernomordik Feb 14 '20 at 13:46
  • This is not a problem that is limited to asp.net. Every language will provide as much info as possible so that the *developer* can fix it. – schroeder Feb 14 '20 at 13:47
  • If you click on the `error-handling` tag, you will see a variety of other questions that deal with this. – schroeder Feb 14 '20 at 13:48
  • I think they have improved that bit quite a lot in asp .net core and all 400 attribute validation have been rather good for the user of the api, i.e. does not disclose too much and says where is the problem. This one looks like an exception to me rather than a rule – Ilya Chernomordik Feb 14 '20 at 13:49
  • The principle is the same: use error handling so that you know what's exposed. – schroeder Feb 14 '20 at 13:51

0 Answers0