Replies: 1 comment 1 reply
-
The validator doesn't have any built in protections. You should see Security Considerations if you are accepting schemas that are not trusted. For regex you can register the |
Beta Was this translation helpful? Give feedback.
1 reply
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
I started to use your json-schema-validator to meet a customer requirement. A little bit of a learning curve, but -- so far -- the results are delightful! Really impressive! The only hiccup is a security concern about overly-complex and/or malicious regular expressions. Are there any built-in constraints or safe-guards on regex size, complexity, or processing time?
Example of the type of thing I want to avoid or flag -- instead of hanging/crashing:
{ "type" : "string", "pattern" : "^([\\w\\-\\.\\&\\,]+[\\s]*)+" }
In general: How to avoid or limit stuff like this: https://www.regular-expressions.info/catastrophic.html
Any help greatly appreciated!
Beta Was this translation helpful? Give feedback.
All reactions