search

adhocore / gronx

Lightweight, fast and dependency-free Cron expression parser (due checker, next/prev due date finder), task runner, job scheduler and/or daemon for Golang (tested on v1.13+) and standalone usage. If you are bold, use it to replace crontab entirely.
https://github.com/adhocore/gronx
MIT License
422 stars 25 forks source link

Negative step possible in cron expression #44

Closed sg3-141-592 closed 2 months ago

sg3-141-592 commented 2 months ago

I've been trying out fuzzing gronx and have found you can set a negative step in a cron expression, e.g.

0-0/-005 * * * *

This negative step causes an infinite loop in inStepRange()

Stepping through we can resolve by checking if step <= 0

https://github.com/adhocore/gronx/blob/28b4284153644ff3013b01570bc2a7c53f6eb60b/validator.go#L17

This is the fuzzer I was testing with

func FuzzValid(f *testing.F) {
    gron := New()

    // Add some seed inputs
    f.Add("* * * * *")
    f.Add("0 0 1 1 *")
    f.Add("*/15 0 1,15 * 1-5")

    f.Fuzz(func(t *testing.T, expr string) {
        _ = gron.IsValid(expr)
    })
}
adhocore commented 2 months ago

thanks for reporting. negative step is already invalid case so i think we can give out error right away here. your suggested fix is also fine, please send a PR, thank you