You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Currently, the validateEmail() function returns an error with an error message that includes the actual email value passed as the argument. The error generated is a simple wrapError, making it impossible to handle this error using errors.As() or errors.Is() to distinguish it from other potential errors.
In my country, Japan, email addresses are considered personal information, and we are prohibited from logging them without user confirmation. Additionally, for security reasons, we do not want to log any personal information. I believe that similar restrictions apply in other countries as well.
func validateEmail(email string) error {
if email == "" {
return fmt.Errorf("email must be a non-empty string")
}
if parts := strings.Split(email, "@"); len(parts) != 2 || parts[0] == "" || parts[1] == "" {
return fmt.Errorf("malformed email string: %q", email) // the actual email value is included in the error message
}
return nil
}
Suggestions:
(1) Simply remove the actual email value from the error message:
func validateEmail(email string) error {
if email == "" {
return fmt.Errorf("email must be a non-empty string")
}
if parts := strings.Split(email, "@"); len(parts) != 2 || parts[0] == "" || parts[1] == "" {
return fmt.Errorf("malformed email string) // remove the email value from the error message
}
return nil
}
For instance, the validatePassword() function does not include the actual password value in its error message.
func validatePassword(val string) error {
if len(val) < 6 {
return fmt.Errorf("password must be a string at least 6 characters long")
}
return nil
}
This is because passwords are considered personal and highly sensitive information. Following the same logic, we can remove the actual email value from the error message.
(2) Define a specific error and make it handleable with errors.Is() or errors.As():
var ErrMalformedEmailFormat = errors.New("malformed email string")
func validateEmail(email string) error {
if email == "" {
return fmt.Errorf("email must be a non-empty string")
}
if parts := strings.Split(email, "@"); len(parts) != 2 || parts[0] == "" || parts[1] == "" {
return ErrMalformedEmailFormat
}
return nil
}
In the above example code, I didn't include the actual email value in the defined ErrMalformedEmailFormat. Therefore, we need to modify the code. Nevertheless, I believe that, at least, I can convey the essence of my suggestion.
Steps to reproduce:
Pass an invalid email value to CreateUser() function. I added the code to reproduce below.
Relevant Code:
package main
import (
"context"
"log"
firebase "firebase.google.com/go"
"firebase.google.com/go/auth"
"google.golang.org/api/option"
)
func main() {
ctx := context.Background()
opt := option.WithCredentialsFile("serviceAccountKey.json")
app, err := firebase.NewApp(ctx, nil, opt)
if err != nil {
panic(err)
}
authClient, err := app.Auth(ctx)
if err != nil {
panic(err)
}
param := &auth.UserToCreate{}
param.Email("foo@example.com") // this is malformed email address. Fullwidth form `@` is used, not halfwidth `@`.
_, err = authClient.CreateUser(ctx, param)
log.Printf("%#v", err) // malformed email string: "foo@example.com"
}
The text was updated successfully, but these errors were encountered:
[REQUIRED] Step 2: Describe your environment
[REQUIRED] Step 3: Describe the problem
Currently, the
validateEmail()
function returns an error with an error message that includes the actual email value passed as the argument. The error generated is a simplewrapError
, making it impossible to handle this error usingerrors.As()
orerrors.Is()
to distinguish it from other potential errors.In my country, Japan, email addresses are considered personal information, and we are prohibited from logging them without user confirmation. Additionally, for security reasons, we do not want to log any personal information. I believe that similar restrictions apply in other countries as well.
Suggestions:
(1) Simply remove the actual email value from the error message:
For instance, the
validatePassword()
function does not include the actual password value in its error message.This is because passwords are considered personal and highly sensitive information. Following the same logic, we can remove the actual email value from the error message.
(2) Define a specific error and make it handleable with
errors.Is()
orerrors.As()
:In the above example code, I didn't include the actual email value in the defined
ErrMalformedEmailFormat
. Therefore, we need to modify the code. Nevertheless, I believe that, at least, I can convey the essence of my suggestion.Steps to reproduce:
Pass an invalid email value to
CreateUser()
function. I added the code to reproduce below.Relevant Code:
The text was updated successfully, but these errors were encountered: