SShortSingh.
Back to feed

Advanced C# Generics: How Covariance and Contravariance Work in Practice

0
·1 views

A follow-up to an introductory post on C# generics, this piece addresses reader feedback requesting more senior-level content and a contravariant collection base class example. The article draws a clear distinction between merely using generics and intentionally designing with them. It explains that generics are invariant by default, meaning a List<string> cannot be assigned to a List<object>, even though string derives from object. Covariance, marked with the 'out' keyword, is safe when a type only produces values of T, while contravariance, marked with 'in', is safe when a type only consumes T. The post includes complete working code examples to illustrate each concept, including custom covariant and contravariant interfaces.

Read the full story at DEV Community

This is an AI-generated summary. ShortSingh links to the original source for the complete article.

Discussion (0)

Log in to join the discussion and vote.

Log in

Related stories

0
ProgrammingDEV Community ·

Researchers Warn AI Coding Agents Are Being Hijacked via Fake Bug Reports

Security researchers have identified a scalable attack technique called 'Agentjacking,' in which malicious actors embed hidden instructions inside fake bug reports submitted to AI coding agents. Because these agents are built to read and act on issue content, they execute the injected commands as if they were legitimate tasks. The attack requires minimal effort — a convincing bug report with a concealed directive is enough — and works across common intake channels like GitHub Issues, Jira tickets, and support emails. Once triggered, the injected instructions run with the full permissions granted to the agent, including file system access, API keys, and network capabilities. Conventional defenses such as web application firewalls and input sanitization are ineffective because the attack exploits the semantic meaning of text rather than structural vulnerabilities in data.

0
ProgrammingDEV Community ·

282 of 444 iOS AI Chatbot Apps Found Leaking API Keys in Network Traffic

A study of 444 iOS AI chatbot apps found that 282 of them are exposing API keys or tokens through plaintext network traffic, with some backends requiring no authentication at all. The primary risk is financial: stolen API keys allow attackers to run up large bills on a developer's LLM account, potentially costing thousands of dollars before any anomaly is detected. Researchers note that apps with completely unauthenticated backends present an even greater threat than leaked keys, as they function as open proxies usable by anyone who discovers the endpoint. Security experts say the root cause is a widespread practice of building mobile apps that directly hold API credentials for paid upstream services, rather than routing requests through a secure, developer-controlled backend. The recommended fix — having the app authenticate to a developer's own backend, which then holds and uses the upstream key — is well-established but is evidently not being widely adopted in the current wave of AI app development.

0
ProgrammingDEV Community ·

How a Developer-Focused Password Manager Can Secure SSH Keys and API Tokens

A developer writing for DEV Community argues that switching to a developer-first password manager like 1Password transformed their workflow beyond simple login storage. The tool manages SSH keys, API tokens, and database URLs, with an SSH agent that keeps private keys off disk entirely. Using the CLI tool 'op run', environment files store only vault references rather than real credentials, which are injected at runtime and discarded when the process ends. The setup also enables Git commit signing via SSH keys already stored in the vault, requiring just three shell commands. The author notes a security benefit: malicious npm post-install scripts that scan for plaintext credentials in common directories would find nothing, eliminating one of the most common attack vectors.

0
ProgrammingDEV Community ·

How to Fix Symfony Messenger's Dual-Write Problem Using a Transactional Outbox

The dual-write problem occurs when an application writes to a database and a message broker separately, with no shared transaction guaranteeing both succeed or fail together. In Symfony Messenger, using DispatchAfterCurrentBusStamp with the doctrine_transaction middleware prevents ghost events but still leaves a gap where a committed order may never notify downstream systems if the broker is unavailable. The true fix is a transactional outbox pattern, where the event record is inserted into the database within the same transaction as the business data. Symfony Messenger's Doctrine transport acts as a database table, meaning routing messages to it causes a plain SQL INSERT that can participate in an open transaction. By wiring the dispatch to a Doctrine transport without deferring it past the commit, both the order and the outbox event are saved atomically, closing the reliability gap entirely.

Advanced C# Generics: How Covariance and Contravariance Work in Practice · ShortSingh