Skip to content

Commit

Permalink
fix panic in field generation
Browse files Browse the repository at this point in the history 
There is an error in the regex detection of whether an expression is
valid or not. This makes it dangerous for downstream functions to access
the fields within an expression.

This adds a quick length check as a backup check for the potentially
leaky regex.

Closes #1
  • Loading branch information
@clintjedwards
clintjedwards committed Jan 20, 2021
1 parent 617b909 commit a6301a1
Show file tree
Hide file tree
Showing 2 changed files with 7 additions and 0 deletions.
4 changes: 4 additions & 0 deletions avail.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -47,6 +47,10 @@ func New(expression string) (Avail, error) {
}

terms := strings.Split(expression, " ")
// we need this extra check to make sure there are the proper amount of fields because I am bad at regex
if len(terms) != 6 {
return Avail{}, fmt.Errorf("could not parse cron expression: %s; must have 6 terms", expression)
}

minutes, err := newField(minute, terms[0], 0, 59)
if err != nil {
Expand Down
3 changes: 3 additions & 0 deletions avail_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -46,6 +46,9 @@ func TestUnparseable(t *testing.T) {
"too few arguments": {
expression: "* * * *",
},
"too few arguments w/ value": {
expression: "* 14 * * *",
},
"out of bounds single value": {
expression: "* * * * 22222 *",
},
Expand Down

0 comments on commit a6301a1

Please sign in to comment.