Improper type assignation - Dart

Improper type assignation - Dart

Need

Enforce proper type assignment in the source code

Context

  • Usage of Dart for building cross-platform mobile, web, and desktop applications
  • Usage of Shelf for managing and organizing data in Node.js applications

Description

Non compliant code

        import 'package:shelf/shelf.dart' as shelf;

shelf.Response handleRequest(shelf.Request request) {
  var id = request.url.queryParameters['id'];
  var name = request.url.queryParameters['name'];
  
  // ... more code
}

In the above Dart code, the handleRequest function receives a shelf.Request object and retrieves parameters from the request URL. The id and name variables are declared using var, which means they are dynamically typed.

Dart is a statically typed language, but it allows dynamic typing with the var keyword. The type of var is determined at runtime, which can lead to inefficiencies because the Dart VM has to determine the type of the variable each time it's used. This can also lead to bugs if the variable is expected to be of a certain type but is assigned a value of a different type at runtime.

In this context, id and name are expected to be strings since they are retrieved from the URL parameters. However, since they are declared with var, they could potentially hold values of any type, leading to potential type errors later in the code.

Steps

  • Declare the specific type for each variable instead of using 'var'.
  • For 'id', if it is expected to be a string, declare it as 'String id'.
  • For 'name', if it is expected to be a string, declare it as 'String name'.
  • This will ensure that the variables are always of the expected type, reducing the need for type checking and casting in the rest of the code.

Compliant code

        import 'package:shelf/shelf.dart' as shelf;

shelf.Response handleRequest(shelf.Request request) {
  String id = request.url.queryParameters['id'];
  String name = request.url.queryParameters['name'];
  
  // ... more code
}

The original code had a vulnerability due to improper type assignation. The variables id and name were declared using var, which means that their type is determined by the first value that gets assigned to them. This can lead to inefficiencies and potential bugs, as the type of these variables could change throughout the code, leading to unexpected behavior.

The fixed code declares id and name as String. This ensures that these variables can only hold string values, preventing potential type-related bugs. This also improves the efficiency of the code, as Dart can now optimize for these specific types, and there is no need for additional type checking or casting when these variables are used later in the code.

By explicitly declaring the type of your variables, you make your code safer, more efficient, and easier to understand.

References