codecov[bot]
commented
3 months ago Codecov Report
Attention: Patch coverage is 94.44444% with 1 line in your changes missing coverage. Please review.
Project coverage is 91.26%. Comparing base (
b3e84a2) to head (3ac52ed).
| Files | Patch % | Lines |
|---|---|---|
| Sources/ParseSwift/Types/ParseFile.swift | 90.00% | 1 Missing :warning: |
Additional details and impacted files
```diff @@ Coverage Diff @@ ## main #176 +/- ## ========================================== + Coverage 91.09% 91.26% +0.16% ========================================== Files 178 178 Lines 12050 12073 +23 ========================================== + Hits 10977 11018 +41 + Misses 1073 1055 -18 ```:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.
New Pull Request Checklist
Issue Description
ParseObjectsare using a custom hashing method that depended onobjectId,createdAt, andupdatedAtto determine if a hash was equal. This was a fairly weak implementation and only protected against values provided from the server. If a property on aParseObjectthat wasn'tobjectId,createdAt, andupdatedAtwas changed locally, it would still hash to the same value.For ParseFile, the type currently uses a custom function for
Equatable.Approach
Remove all custom hashing methods for
ParseObjectsand use the compiler level hasher which will hash all properties on an ParseObject assuming all of those objects areHashable(which they should be). This moves in the direction of guaranteeing that collision attacks won't be possible (see discussion for details).If a developer decides to add their own implementation of the hashing function they are doing so at their own risk and risking collision attacks. In addition, if their
ParseObjectsare used in SwiftUI views they may see unexpected behavior as SwiftUI heavily depends onIdentifiable,Hashable, andEquatableto determine when a view should be updated.For ParseFile, conforming to
Equatableis improved by checking all properties are equal.TODOs before merging