Closed DavidDuwaer closed 6 years ago
This is not a vulnerability or even a bug. Those lists are free to get manipulated after they leave buffer
. Imagine you can even add new events in doOnNext
! You can wrap them into immutable datastructures after as you see fit via map
.
Also there are the window
operators already that return Flux<Flux<T>>
.
Vulnerability
When using batching operators, e.g.
buffer
andbufferTimeout
, that return aFlux<List<T>>
, put events in lists (not sure if I'm following the correct lingo here, but when I write "event" I mean the object of type "T
" in aFlux<T>
). In subsequent operators (e.g..map
or.onNext
), elements can be removed from the list, leading to loss of events. While one should be free to passLists
throughFluxes
andMonos
as if theList
is the type of the event itself, havingbuffer
andbufferTimeout
return theList
type encourages putting seperate events into lists.Solution suggestion
buffer
andbufferTimeout
return aFlux<Flux<T>>
leverages the design ofFlux
operators that allow events to only be dropped either explicitly with.filter
, or when an exception is thrown.buffer
andbufferTimeout
return anImmutableList
. This makes sure subsequent.onNext
operators can't touch it, but subsequent.map
operators can still return a list that has implicitly dropped events.