speccy icon indicating copy to clipboard operation
speccy copied to clipboard

Published 20 hours ago • verified publisher icon wework

Error when linting YAML spec with aliases

Open mburtless opened this issue 5 years ago • 1 comments

Detailed description

When running speccy lint [my-spec].yaml on a spec that contains many YAML aliases speccy will fail with the following error:

Could not read YAML/JSON from file: Excessive alias count indicates a resource exhaustion attack

Context

Our unresolved spec contains numerous refs and internal refs which must be resolved before the spec can be used for code gen.

Running speccy resolve --internal-refs [my-spec].yaml generates a fully resolved spec that makes extensive use of YAML anchors and aliases. However, this spec cannot subsequently not be linted by speccy due to this error.

Possible implementation

Judging from a similar issue with Mermade this is likely due to the maxAliasCount setting in YAML.parse() options. Mermade ended up adding a configuration option to control this setting, which seems like the most straight forward implementation for speccy as well

Your environment

  • Recreated within speccy:latest docker container

mburtless avatar Jan 29 '20 22:01 mburtless

Also ran into this problem and created a fix for it in https://github.com/wework/speccy/pull/443

JohanZackrisson avatar Dec 23 '20 10:12 JohanZackrisson