kin-openapi icon indicating copy to clipboard operation
kin-openapi copied to clipboard

Published 20 hours ago verified publisher icon getkin

Error in pattern validation

Open shefali11 opened this issue 2 years ago • 6 comments

While validating swagger file which has following pattern: ^[a-zA-Z0-9]{0,4096}$ gives error

Invalid components: cannot compile pattern "^[a-zA-Z0-9]{0,4096}$": error parsing regexp: invalid repeat count: {0,4096}

Issue seems golang regexp has hardcoded 1000 max reapeat Count.

Do we have any option to disable pattern validation? or any other solution.

Thank you

shefali11 avatar Aug 18 '21 05:08 shefali11

We don't have that yet, but I do suggest passing an option through Validate(ctx) to achieve disable validation of pattern fields (opt-in).

fenollp avatar Aug 18 '21 09:08 fenollp

Can you please suggest any example for implementing same?

shefali11 avatar Aug 18 '21 12:08 shefali11

I don't have a good example sorry. I'm thinking of this kind of options idea https://pkg.go.dev/github.com/getkin/[email protected]/openapi3#SchemaValidationOption but as a struct{} field in the given ctx. Plus a private package for the integer context key. Then in https://github.com/getkin/kin-openapi/blob/dc944adc1492febff1977923fc2418f9d71290c8/openapi3/schema.go#L581 you'd read ctx maybe using a dedicated accessor function and from here decide whether to do https://github.com/getkin/kin-openapi/blob/dc944adc1492febff1977923fc2418f9d71290c8/openapi3/schema.go#L680 or not.

Note that this last part is a solution to the data race uncovered in https://github.com/getkin/kin-openapi/issues/371

fenollp avatar Aug 18 '21 14:08 fenollp

Thanks for the explanation. If i understand correctly, you are suggesting not to read pattern while loading swagger.

shefali11 avatar Aug 20 '21 08:08 shefali11

By "loading swagger" you must mean to deserialize the openapi document? In which case no, I mean to add a flag that allows skipping the verification of correctness of the field "pattern" of all schemas in the document. Data validation against schemas would not be affected.

fenollp avatar Aug 20 '21 08:08 fenollp

Yes, i meant deserializing the openapi document. Adding a flag means do you want me to make changes for this as currently in schema validation we are checking if err = schema.compilePattern(); and here we are not checking if that flag exists.

shefali11 avatar Aug 20 '21 09:08 shefali11

Has there been any update on this, we are attempting to parse 3rd party openapi schemas where we can't change the contents of the file and have run into a number of issues where we fail to load the file due to it failing regex validation even though we don't use the compiled pattern ourselves, just require the raw string

TristanSpeakEasy avatar Aug 30 '22 20:08 TristanSpeakEasy

@fenollp I have created a PR for allowing pattern validation to be disabled as this is core to us supporting some 3rd party specs that we can't change the pattern in

https://github.com/getkin/kin-openapi/pull/590

TristanSpeakEasy avatar Sep 06 '22 13:09 TristanSpeakEasy