joi icon indicating copy to clipboard operation
joi copied to clipboard

Published 20 hours ago verified publisher icon hapijs

Validating string with pattern - Promies does not resolve or reject

Open opcua-user opened this issue 3 years ago • 5 comments

Support plan

  • is this issue currently blocking your project? (yes/no): yes
  • is this issue affecting a production system? (yes/no): no

Context

  • node version: 12.16.3
  • module version with issue: 17.4.0
  • environment (e.g. node, browser, native): node
  • used with (e.g. hapi application, another framework, standalone, ...): standalone
  • any other relevant information: No

What are you trying to achieve or the steps to reproduce?

I try to validate a string

  const testString = '$word1:random1:$word2:random2:$word3:random3';

  const testPattern1 = Joi.string().pattern(/^((\$word1|\$word2|\$word3)?[a-zA-Z0-9\ \-\_\:\?\.\*]*)*$/);
  const testPattern2 = Joi.string().pattern(/^((\$word1)?[a-zA-Z0-9\ \-\_\:\?\.\*]*)*$/);
  const testPattern3 = Joi.string().pattern(/^((\$word1|\$word3)?[a-zA-Z0-9\ \-\_\.\:\?\*]*)*$/);
  const testPattern4 = Joi.string().pattern(/^((\$word2|\$word3)?[a-zA-Z0-9\ \-\_\.\:\?\*]*)*$/);
  const testPattern5 = Joi.string().pattern(/^((\$word1|\$word2)?[a-zA-Z0-9\ \-\_\.\:\?\*]*)*$/);

  await validate(testPattern1, testString);
  await validate(testPattern2, testString);
  await validate(testPattern3, testString);
  await validate(testPattern4, testString);
  await validate(testPattern5, testString);


  async function validate(pattern, testString) {
    try {
      await pattern.validateAsync(testString);
    } catch (e) {
      console.log(`${e}`);
    }
  }

What was the result you got?

testPattern1: Resolves testPattern2: Reject with error testPattern3: Reject with error testPattern4: Reject with error testPattern5: Promise does not resolve or reject

What result did you expect?

testPattern1: Resolves testPattern2: Reject with error testPattern3: Reject with error testPattern4: Reject with error testPattern5: Reject with error

opcua-user avatar Mar 01 '21 10:03 opcua-user

Can you show us the rest of the code as well? Where is everything wrapped up?

marcopestrin avatar Mar 01 '21 11:03 marcopestrin

sorry... i added the function to the issue

opcua-user avatar Mar 01 '21 11:03 opcua-user

Can't say I'm able to reproduce, this works on my side.

Marsup avatar Mar 01 '21 11:03 Marsup

Your are right. I replaced some longer string elements with "random" and did not see that this fixed the error. Here is a example with a longer element. https://codesandbox.io/s/node-playground-forked-gww9v

opcua-user avatar Mar 01 '21 13:03 opcua-user

I'm afraid we can't really help it if you create a ReDoS, V8 itself is not responding if you give it that regexp, that's not a joi issue.

Marsup avatar Mar 01 '21 15:03 Marsup