Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Invalid regex pattern fails silently on openapi3filter ValidateResponse/ValidateRequest then panics #1044

Open
efimovalex opened this issue Dec 12, 2024 · 0 comments
Open

Invalid regex pattern fails silently on openapi3filter ValidateResponse/ValidateRequest then panics #1044

efimovalex opened this issue Dec 12, 2024 · 0 comments

Comments

@efimovalex
Copy link

efimovalex commented Dec 12, 2024
edited
Loading

I have the following field

fieldWithPattern:
              type: string
              description: field with regex pattern
              pattern: ^((?!-)[A-Za-z0-9-]{1,63}(?<!-)\.)+[A-Za-z]{2,6}$

and I get the following panic when validating it against an empty string

runtime error: invalid memory address or nil pointer dereference
goroutine 148 [running]:
net/http.(*conn).serve.func1()
	/usr/local/go/src/net/http/server.go:1903 +0xbe
panic({0x34b4ca0?, 0x62f2990?})
	/usr/local/go/src/runtime/panic.go:770 +0x132
github.com/getkin/kin-openapi/openapi3.(*Schema).visitJSONString(0xc000a55c80, 0xc001283cb0, {0x0, 0x0})
	/tmp/github.com/getkin/[email protected]/openapi3/schema.go:1741 +0x733
github.com/getkin/kin-openapi/openapi3.(*Schema).visitJSON(0xc000a55c80, 0xc001283cb0, {0x3293ee0, 0xc001c4a540})
	/tmp/github.com/getkin/[email protected]/openapi3/schema.go:1200 +0x3bc
github.com/getkin/kin-openapi/openapi3.(*Schema).visitJSONObject(0xc000a55680, 0xc001283cb0, 0xc001283ef0)
	/tmp/github.com/getkin/[email protected]/openapi3/schema.go:1995 +0xd56
github.com/getkin/kin-openapi/openapi3.(*Schema).visitJSON(0xc000a55680, 0xc001283cb0, {0x345a520, 0xc001283ef0})
	/tmp/github.com/getkin/[email protected]/openapi3/schema.go:1204 +0x5e6
github.com/getkin/kin-openapi/openapi3.(*Schema).visitXOFOperations(0xc000a55380, 0xc001283cb0, {0x345a520, 0xc001283ef0})
	/tmp/github.com/getkin/[email protected]/openapi3/schema.go:1434 +0x5ec
github.com/getkin/kin-openapi/openapi3.(*Schema).visitJSON(0xc000a55380, 0xc001283cb0, {0x345a520, 0xc001283ef0})
	/tmp/github.com/getkin/[email protected]/openapi3/schema.go:1166 +0x193
github.com/getkin/kin-openapi/openapi3.(*Schema).visitXOFOperations(0xc000a54d80, 0xc001283cb0, {0x345a520, 0xc001283ef0})
	/tmp/github.com/getkin/[email protected]/openapi3/schema.go:1434 +0x5ec
github.com/getkin/kin-openapi/openapi3.(*Schema).visitJSON(0xc000a54d80, 0xc001283cb0, {0x345a520, 0xc001283ef0})
	/tmp/github.com/getkin/[email protected]/openapi3/schema.go:1166 +0x193
github.com/getkin/kin-openapi/openapi3.(*Schema).visitXOFOperations(0xc0012df680, 0xc001283cb0, {0x345a520, 0xc001283e00})
	/tmp/github.com/getkin/[email protected]/openapi3/schema.go:1354 +0xb96
github.com/getkin/kin-openapi/openapi3.(*Schema).visitJSON(0xc0012df680, 0xc001283cb0, {0x345a520, 0xc001283e00})
	/tmp/github.com/getkin/[email protected]/openapi3/schema.go:1166 +0x193
github.com/getkin/kin-openapi/openapi3.(*Schema).visitJSONObject(0xc0012df080, 0xc001283cb0, 0xc001283d70)
	/tmp/github.com/getkin/[email protected]/openapi3/schema.go:1995 +0xd56
github.com/getkin/kin-openapi/openapi3.(*Schema).visitJSON(0xc0012df080, 0xc001283cb0, {0x345a520, 0xc001283d70})
	/tmp/github.com/getkin/[email protected]/openapi3/schema.go:1204 +0x5e6
github.com/getkin/kin-openapi/openapi3.(*Schema).visitXOFOperations(0xc0015c8300, 0xc001283cb0, {0x345a520, 0xc001283d70})
	/tmp/github.com/getkin/[email protected]/openapi3/schema.go:1434 +0x5ec
github.com/getkin/kin-openapi/openapi3.(*Schema).visitJSON(0xc0015c8300, 0xc001283cb0, {0x345a520, 0xc001283d70})
	/tmp/github.com/getkin/[email protected]/openapi3/schema.go:1166 +0x193
github.com/getkin/kin-openapi/openapi3.(*Schema).visitXOFOperations(0xc000e31500, 0xc001283cb0, {0x345a520, 0xc001283bc0})
	/tmp/github.com/getkin/[email protected]/openapi3/schema.go:1354 +0xb96
github.com/getkin/kin-openapi/openapi3.(*Schema).visitJSON(0xc000e31500, 0xc001283cb0, {0x345a520, 0xc001283bc0})
	/tmp/github.com/getkin/[email protected]/openapi3/schema.go:1166 +0x193
github.com/getkin/kin-openapi/openapi3.(*Schema).VisitJSON(0xc000e31500, {0x345a520, 0xc001283bc0}, {0xc001d99428, 0x4, 0xc000ef7f50?})
	/tmp/github.com/getkin/[email protected]/openapi3/schema.go:1133 +0x7e
github.com/getkin/kin-openapi/openapi3filter.ValidateRequestBody({0x406e878?, 0xc001283770?}, 0xc001283b30, 0xc000ef71a0)
	/tmp/github.com/getkin/[email protected]/openapi3filter/validate_request.go:324 +0x965
github.com/getkin/kin-openapi/openapi3filter.ValidateRequest({0x406e878, 0xc001283770}, 0xc001283b30)
	/tmp/github.com/getkin/[email protected]/openapi3filter/validate_request.go:93 +0x5fb

Following this I have defined my own RegexCompiler to try and log the errors and got the following error: error parsing regexp: invalid or unsupported Perl syntax: '(?!'

The main issue is here https://github.com/getkin/kin-openapi/blob/v0.128.0/openapi3/schema.go#L1736-L1741 as we do not return an error in the case of multiple error option being true, and then we just try to validate with a nil value for the RegexMatcher.

Another issue identified was that the ValidateResponse does not take the custom regexCompiler setting: https://github.com/getkin/kin-openapi/blob/v0.128.0/openapi3filter/validate_response.go#L66-L77, so I cannot implement a workaround for this.
@efimovalex efimovalex changed the title Invalid regex pattern fails silently on openapi3filter ValidateResponse/ValidateRequest Invalid regex pattern fails silently on openapi3filter ValidateResponse/ValidateRequest then panics Dec 12, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@efimovalex