当所有参数都被检查时,为什么audit-argument-checks会引发异常? [英] Why does audit-argument-checks raise an exception when all arguments seem checked?
问题描述
给定以下方法定义,
Meteor.methods({
myMethod : function(foo) {
//Checking the only argument
check(foo, String)
return true
}
})
该方法非常简单但有时会失败:
The method is very simple but it will sometimes fail:
Meteor.call('myMethod', 'foo', 'bar') //Exception : did not check all arguments
发生了什么事?
推荐答案
audit-argument-checks 不确定你有检查 ed你已定义的所有参数,它确保你有检查 ed 所有传递的参数。 1
audit-argument-checks does not make sure that you have checked all arguments that you have defined, it makes sure that you have checked all arguments that were passed.1
请考虑以下示例:
Meteor.methods({
whale : function(foo) {
return 'Hello ground!'
}
})
如果来自cl我们称之为方法,这是服务器上发生的事情:
If from the client we call this method, here is what happens on the server:
Meteor.call('whale') //Nothing happens
Meteor.call('whale', 'foo') //Exception
传递否参数意味着如果没有写入 check ,将会出现 audit-argument-checks 的异常。
Passing no parameters means that no exception of audit-argument-checks will ever appear if no check has been written.
但是,这也意味着传递太多参数会使你的方法抛出。
However, this also means that passing too many parameters will make your method throw.
Meteor.methods({
ground : function(whale) {
check(whale, Patterns.cetacea)
answerTo(whale)
}
})
Meteor.call('ground', MobyDick) //All is fine
Meteor.call('ground', MobyDick, true) //Exception
如果您遇到此问题,则意味着您的错误:客户端正在传递您不知道的参数。如果它在开发期间发生,则意味着您不知道哪些参数传递给您的方法可能是个问题。
If you are having an issue with this it means you are doing your stuff wrong: The client is passing arguments you are not aware of. If it happens during development it means that you don't know which arguments are being passed to your methods which could be an issue.
安装的软件包也可能发生使用参数多于预期的方法。请参阅各自的文档以确切了解传递的参数(或者只写 console.log(arguments)),以便确保编写正确的安全代码。 > 2
It can also happen that installed packages use methods with more parameters than expected. Refer to their respective documentations to know exactly what parameters are passed (or just write console.log(arguments)) so that you can make sure to write proper secure code.2
1 :参见 https://github.com/meteor/meteor/blob/devel/packages/ddp -server / livedata_server.js#L1686
2 :或者只是写脏的不安全代码 - check(arguments,[Match.any] )根据文档
1 : See https://github.com/meteor/meteor/blob/devel/packages/ddp-server/livedata_server.js#L1686
2 : Or just write dirty insecure code - check(arguments, [Match.any]) as per the docs
这篇关于当所有参数都被检查时,为什么audit-argument-checks会引发异常?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
