[Avo v2] Add regex pattern validation for Inspector v2

packages/destination-actions/src/destinations/avo-v2/index.ts

@@ -22,7 +22,7 @@ const destination: DestinationDefinition<Settings> = {
       publicEncryptionKey: {
         label: 'Avo Inspector Public Encryption Key',
         description:
-          'Optional. Enables verification of the property values against your Tracking Plan (e.g. allowed values, min/max constraints). Values are end-to-end encrypted and Avo can not decrypt them. Read more: https://www.avo.app/docs/inspector/connect-inspector-to-segment#property-value-validation-optional',
+          'Optional. Enables verification of the property values against your Tracking Plan (e.g. allowed values, regex patterns, min/max constraints). Values are end-to-end encrypted and Avo can not decrypt them. Read more: https://www.avo.app/docs/inspector/connect-inspector-to-segment#property-value-validation-optional',
         type: 'string',
         required: false
       },

packages/destination-actions/src/destinations/avo-v2/sendSchemaToInspector/__tests__/EventValidator.test.ts

@@ -40,7 +40,7 @@ describe('EventValidator', () => {
               id: {
                 type: 'string',
                 required: true,
-                pinnedValues: { id_1: ['evt_1'] }
+                regexPatterns: { '^id_': ['evt_1'] }
               }
             }
           }
@@ -74,7 +74,7 @@ describe('EventValidator', () => {
   })
 
   it('validates list of objects', () => {
-    const result = validateEvent({ listObjProp: [{ id: 'id_1' }, { id: 'id_1' }] }, mockSpec)
+    const result = validateEvent({ listObjProp: [{ id: 'id_1' }, { id: 'id_2' }] }, mockSpec)
     expect(result.propertyResults.listObjProp).toEqual({}) // Pass
 
     const resultFail = validateEvent({ listObjProp: [{ id: 'id_1' }, { id: 'wrong' }] }, mockSpec)
@@ -187,4 +187,169 @@ describe('EventValidator', () => {
     const resultInvalid = validateEvent({ optionalProp: 'invalid' }, optionalSpec)
     expect(resultInvalid.propertyResults.optionalProp.failedEventIds).toEqual(['evt_1'])
   })
+
+  it('handles unsupported RE2 patterns gracefully across invocations', () => {
+    const spec: EventSpec = {
+      metadata: { schemaId: 'schema_1', branchId: 'main', latestActionId: 'action_1' },
+      events: [
+        {
+          branchId: 'main',
+          baseEventId: 'evt_1',
+          variantIds: [],
+          props: {
+            regexProp: {
+              type: 'string',
+              required: true,
+              regexPatterns: {
+                '^(?=a)a$': ['evt_1'], // Lookahead is unsupported by RE2 and should be skipped
+                '^a$': ['evt_1'] // Supported pattern should still be evaluated
+              }
+            }
+          }
+        }
+      ]
+    }
+
+    const resultPass = validateEvent({ regexProp: 'a' }, spec)
+    expect(resultPass.propertyResults.regexProp).toEqual({})
+
+    const resultFail = validateEvent({ regexProp: 'b' }, spec)
+    expect(resultFail.propertyResults.regexProp.failedEventIds).toEqual(['evt_1'])
+  })
+
+  it('handles ReDoS: nested quantifiers (a+)+', () => {
+    const spec: EventSpec = {
+      metadata: { schemaId: 'schema_1', branchId: 'main', latestActionId: 'action_1' },
+      events: [
+        {
+          branchId: 'main',
+          baseEventId: 'evt_1',
+          variantIds: [],
+          props: {
+            regexProp: {
+              type: 'string',
+              required: true,
+              regexPatterns: {
+                // Classic catastrophic-backtracking pattern in JS RegExp.
+                // With RE2, evaluation remains safe/linear.
+                '^(a+)+$': ['evt_1']
+              }
+            }
+          }
+        }
+      ]
+    }
+
+    const evilInput = `${'a'.repeat(20000)}!`
+    const result = validateEvent({ regexProp: evilInput }, spec)
+    expect(result.propertyResults.regexProp.failedEventIds).toEqual(['evt_1'])
+  })
+
+  it('handles ReDoS: overlapping alternation (a|a)*', () => {
+    const spec: EventSpec = {
+      metadata: { schemaId: 'schema_1', branchId: 'main', latestActionId: 'action_1' },
+      events: [
+        {
+          branchId: 'main',
+          baseEventId: 'evt_1',
+          variantIds: [],
+          props: {
+            regexProp: {
+              type: 'string',
+              required: true,
+              regexPatterns: {
+                // Overlapping alternation causes exponential backtracking in JS.
+                '^(a|a)*$': ['evt_1']
+              }
+            }
+          }
+        }
+      ]
+    }
+
+    const evilInput = `${'a'.repeat(20000)}!`
+    const result = validateEvent({ regexProp: evilInput }, spec)
+    expect(result.propertyResults.regexProp.failedEventIds).toEqual(['evt_1'])
+  })
+
+  it('handles ReDoS: nested repetition with wildcard (.*a){x}', () => {
+    const spec: EventSpec = {
+      metadata: { schemaId: 'schema_1', branchId: 'main', latestActionId: 'action_1' },
+      events: [
+        {
+          branchId: 'main',
+          baseEventId: 'evt_1',
+          variantIds: [],
+          props: {
+            regexProp: {
+              type: 'string',
+              required: true,
+              regexPatterns: {
+                // Nested repetition with wildcard — exponential in backtracking engines.
+                '^(.*a){20}$': ['evt_1']
+              }
+            }
+          }
+        }
+      ]
+    }
+
+    const evilInput = `${'a'.repeat(20)}b`
+    const result = validateEvent({ regexProp: evilInput }, spec)
+    expect(result.propertyResults.regexProp.failedEventIds).toEqual(['evt_1'])
+  })
+
+  it('handles ReDoS: polynomial backtracking with character classes ([a-zA-Z]+)*', () => {
+    const spec: EventSpec = {
+      metadata: { schemaId: 'schema_1', branchId: 'main', latestActionId: 'action_1' },
+      events: [
+        {
+          branchId: 'main',
+          baseEventId: 'evt_1',
+          variantIds: [],
+          props: {
+            regexProp: {
+              type: 'string',
+              required: true,
+              regexPatterns: {
+                // Quantified group with overlapping character class.
+                '^([a-zA-Z]+)*$': ['evt_1']
+              }
+            }
+          }
+        }
+      ]
+    }
+
+    const evilInput = `${'a'.repeat(20000)}1`
+    const result = validateEvent({ regexProp: evilInput }, spec)
+    expect(result.propertyResults.regexProp.failedEventIds).toEqual(['evt_1'])
+  })
+
+  it('handles ReDoS: email-like pattern with backtracking', () => {
+    const spec: EventSpec = {
+      metadata: { schemaId: 'schema_1', branchId: 'main', latestActionId: 'action_1' },
+      events: [
+        {
+          branchId: 'main',
+          baseEventId: 'evt_1',
+          variantIds: [],
+          props: {
+            regexProp: {
+              type: 'string',
+              required: true,
+              regexPatterns: {
+                // Naive email regex known for catastrophic backtracking.
+                '^([a-zA-Z0-9._-]+)*@([a-zA-Z0-9._-]+)*\\.([a-zA-Z0-9._-]+)*$': ['evt_1']
+              }
+            }
+          }
+        }
+      ]
+    }
+
+    const evilInput = `${'a'.repeat(50000)}`
+    const result = validateEvent({ regexProp: evilInput }, spec)
+    expect(result.propertyResults.regexProp.failedEventIds).toEqual(['evt_1'])
+  })
 })

packages/destination-actions/src/destinations/avo-v2/sendSchemaToInspector/__tests__/avo.test.ts

@@ -270,4 +270,94 @@ describe('send', () => {
     expect(amountProp).toBeDefined()
     expect(amountProp?.propertyType).toBe('int')
   })
+
+  it('should validate regex constraints from object-map rx format', async () => {
+    const eventWithRegexProperty: Payload = {
+      ...mockEvent,
+      properties: {
+        'Shutterfly Id': 'aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa'
+      }
+    }
+
+    const eventSpecResponseWithRegexObject: EventSpecResponseWire = {
+      events: [
+        {
+          b: 'main',
+          id: 'test-event-id',
+          vids: [],
+          p: {
+            'Shutterfly Id': {
+              t: 'string',
+              r: true,
+              rx: {
+                '^(a+)+$': ['test-event-id']
+              }
+            }
+          }
+        }
+      ],
+      metadata: {
+        schemaId: 'test-schema-id',
+        branchId: 'main',
+        latestActionId: 'test-action-id',
+        sourceId: 'test-source-id'
+      }
+    }
+
+    const { request, getPostedEvent } = createRequestMock(eventSpecResponseWithRegexObject)
+    await send(request, { ...baseSettings, env: 'dev' }, [eventWithRegexProperty])
+
+    const result = getPostedEvent()
+    if (!result) {
+      throw new Error('No event was posted')
+    }
+
+    const regexProp = result.eventProperties.find((p) => p.propertyName === 'Shutterfly Id')
+    expect(regexProp).toBeDefined()
+    expect(regexProp?.failedEventIds).toBeUndefined()
+  })
+
+  it('should validate regex constraints from legacy string rx format', async () => {
+    const eventWithRegexProperty: Payload = {
+      ...mockEvent,
+      properties: {
+        'Shutterfly Id': 'aaaa'
+      }
+    }
+
+    const eventSpecResponseWithRegexString: EventSpecResponseWire = {
+      events: [
+        {
+          b: 'main',
+          id: 'test-event-id',
+          vids: [],
+          p: {
+            'Shutterfly Id': {
+              t: 'string',
+              r: true,
+              rx: '^a+$'
+            }
+          }
+        }
+      ],
+      metadata: {
+        schemaId: 'test-schema-id',
+        branchId: 'main',
+        latestActionId: 'test-action-id',
+        sourceId: 'test-source-id'
+      }
+    }
+
+    const { request, getPostedEvent } = createRequestMock(eventSpecResponseWithRegexString)
+    await send(request, { ...baseSettings, env: 'dev' }, [eventWithRegexProperty])
+
+    const result = getPostedEvent()
+    if (!result) {
+      throw new Error('No event was posted')
+    }
+
+    const regexProp = result.eventProperties.find((p) => p.propertyName === 'Shutterfly Id')
+    expect(regexProp).toBeDefined()
+    expect(regexProp?.failedEventIds).toBeUndefined()
+  })
 })

packages/destination-actions/src/destinations/avo-v2/sendSchemaToInspector/__tests__/schema-functions.test.ts

@@ -591,6 +591,30 @@ describe('validateEvent edge cases', () => {
     expect(result.propertyResults.numProp.failedEventIds).toEqual(['evt_1'])
   })
 
+  it('handles non-string values with regex patterns', () => {
+    const spec: EventSpec = {
+      metadata: { schemaId: 'schema_1', branchId: 'main', latestActionId: 'action_1' },
+      events: [
+        {
+          branchId: 'main',
+          baseEventId: 'evt_1',
+          variantIds: [],
+          props: {
+            regexProp: {
+              type: 'string',
+              required: true,
+              regexPatterns: { '^test': ['evt_1'] }
+            }
+          }
+        }
+      ]
+    }
+
+    // Number value should fail regex validation
+    const result = validateEvent({ regexProp: 123 }, spec)
+    expect(result.propertyResults.regexProp.failedEventIds).toEqual(['evt_1'])
+  })
+
   it('handles object values in pinned value comparison', () => {
     const spec: EventSpec = {
       metadata: { schemaId: 'schema_1', branchId: 'main', latestActionId: 'action_1' },
@@ -671,6 +695,37 @@ describe('validateEvent edge cases', () => {
     expect(resultFail.propertyResults.boolProp.failedEventIds).toEqual(['evt_1'])
   })
 
+  it('handles invalid regex patterns gracefully', () => {
+    const spec: EventSpec = {
+      metadata: { schemaId: 'schema_1', branchId: 'main', latestActionId: 'action_1' },
+      events: [
+        {
+          branchId: 'main',
+          baseEventId: 'evt_1',
+          variantIds: [],
+          props: {
+            regexProp: {
+              type: 'string',
+              required: true,
+              regexPatterns: {
+                '[invalid(regex': ['evt_1'], // Invalid regex - unclosed bracket
+                '^valid$': ['evt_1'] // Valid regex
+              }
+            }
+          }
+        }
+      ]
+    }
+
+    // Should not throw - invalid regex is skipped, valid regex is still checked
+    const resultPass = validateEvent({ regexProp: 'valid' }, spec)
+    expect(resultPass.propertyResults.regexProp).toEqual({})
+
+    // Fails the valid regex
+    const resultFail = validateEvent({ regexProp: 'invalid' }, spec)
+    expect(resultFail.propertyResults.regexProp.failedEventIds).toEqual(['evt_1'])
+  })
+
   it('handles malformed min/max range strings gracefully', () => {
     const spec: EventSpec = {
       metadata: { schemaId: 'schema_1', branchId: 'main', latestActionId: 'action_1' },