Replies: 1 comment 1 reply
-
|
The validator doesn't have any built in protections. You should see Security Considerations if you are accepting schemas that are not trusted. For regex you can register the |
Beta Was this translation helpful? Give feedback.
1 reply
-
|
Thank you! Not quite the "set allowDoSAttack=false" I was hoping for, but that does give me a hook and a path forward. |
Beta Was this translation helpful? Give feedback.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
I started to use your json-schema-validator to meet a customer requirement. A little bit of a learning curve, but -- so far -- the results are delightful! Really impressive! The only hiccup is a security concern about overly-complex and/or malicious regular expressions. Are there any built-in constraints or safe-guards on regex size, complexity, or processing time?
Example of the type of thing I want to avoid or flag -- instead of hanging/crashing:
{ "type" : "string", "pattern" : "^([\\w\\-\\.\\&\\,]+[\\s]*)+" }In general: How to avoid or limit stuff like this: https://www.regular-expressions.info/catastrophic.html
Any help greatly appreciated!
Beta Was this translation helpful? Give feedback.
All reactions