search

go-faker / faker

Go (Golang) Fake Data Generator for Struct, previously https://github.com/bxcodec/faker
https://pkg.go.dev/github.com/go-faker/faker/v4
MIT License
614 stars 30 forks source link

Checking 'len' and 'lang' in a tag could lead to problems using a oneof #15

Open threehook opened 1 year ago

threehook commented 1 year ago

Hi,

I found a bug in faker.go.

In function extractStringFromTag there is the following code:

    if strings.Contains(tag, Length) {
        lenParts := strings.SplitN(findLenReg.FindString(tag), Equals, -1)
        if len(lenParts) != 2 {
            return nil, fmt.Errorf(fakerErrors.ErrWrongFormattedTag, tag)
        }
        strlen, _ = strconv.Atoi(lenParts[1])
    }

This checks if the tag contains the word len, its contents is split by using an equal sign as separator. It throws an error if this fails. In our specific case we use a oneof in our tag. One of the possible options is 'Bedrijfsmatig handelen'. This text contains the word len so faker thinks this must be something like len=10, but it's not. So our unit tests and app fail.

Note also the word 'lang' could be part of a oneof, so should also be mitigated. I think extending the checks with && !isOneOfTag could work.

Could you please have a look at it?

Regards, Ton