Skip to content

Validate Timestamp values are within spec's range#3550

Merged
oldergod merged 1 commit intomasterfrom
bquenaudon.2026-03-18.timestamprange
Mar 23, 2026
Merged

Validate Timestamp values are within spec's range#3550
oldergod merged 1 commit intomasterfrom
bquenaudon.2026-03-18.timestamprange

Conversation

@oldergod
Copy link
Member

@oldergod oldergod commented Mar 18, 2026

Fixes #3548

@oldergod oldergod force-pushed the bquenaudon.2026-03-18.timestamprange branch from c4c820e to 840d114 Compare March 18, 2026 12:41
@oldergod oldergod marked this pull request as ready for review March 18, 2026 12:41
@oldergod oldergod force-pushed the bquenaudon.2026-03-18.timestamprange branch from 840d114 to ee58484 Compare March 18, 2026 13:02
oldergod
oldergod commented Mar 18, 2026
View reviewed changes
...oc-compatibility-tests/src/test/java/com/squareup/wire/Proto3WireProtocCompatibilityTests.kt
.setOrderedAt(
Timestamp.newBuilder()
.setSeconds(-631152000000L) // 1950-01-01T00:00:00.250Z.
.setSeconds(-631152000L) // 1950-01-01T00:00:00.250Z.
Copy link
Member Author

@oldergod oldergod Mar 18, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

we were passing ms... instead of s !

Copy link
Member Author

@oldergod oldergod Mar 18, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

interestingly, protoc didn't throw though?

JakeWharton
JakeWharton approved these changes Mar 19, 2026
View reviewed changes
Copy link
Collaborator

@JakeWharton JakeWharton left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I have no real opinion on this. Is the adapter's encode functions the right places to throw, or should it be validated once in the constructor of the message?

@oldergod
Copy link
Member Author

oldergod commented Mar 19, 2026

Hmmm, I was matching protoc behavior but being able to instantiate an invalid object is definitely weird... I'll think a bit

@mdub
Copy link

mdub commented Mar 20, 2026
edited
Loading

I looked for other range-checking code (in Wire), but couldn't find any. Makes me wonder whether lack of validation was a deliberate design decision?

@oldergod
Copy link
Member Author

oldergod commented Mar 20, 2026

@mdub I don't think that this is deliberate, no.

@oldergod
Copy link
Member Author

oldergod commented Mar 23, 2026

Not sure how we would gracefully validate that on creation since we're typealiasing to java.time.Instant on the JVM.
Let's go with the serialisation for now

@oldergod oldergod merged commit 0fa1a7b into master Mar 23, 2026
17 checks passed
@oldergod oldergod deleted the bquenaudon.2026-03-18.timestamprange branch March 23, 2026 11:57
@JakeWharton
Copy link
Collaborator

JakeWharton commented Mar 23, 2026

You'd validate in each constructor of a message containing the value

@oldergod
Copy link
Member Author

oldergod commented Mar 23, 2026

I thought of it but say the request/response type of an RPC is timestamp?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@JakeWharton JakeWharton JakeWharton approved these changes

@swankjesse swankjesse Awaiting requested review from swankjesse

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Timestamp ProtoAdapter silently encodes out-of-range Instant values

3 participants

@oldergod @mdub @JakeWharton