search

wework / speccy

Well Spectually 🤓 Enforce quality rules on your OpenAPI 3.0.x specifications.
http://speccy.io
MIT License
824 stars 78 forks source link

Error when linting YAML spec with aliases #390

Open mburtless opened 4 years ago

mburtless commented 4 years ago

Detailed description

When running speccy lint [my-spec].yaml on a spec that contains many YAML aliases speccy will fail with the following error:

Could not read YAML/JSON from file: Excessive alias count indicates a resource exhaustion attack

Context

Our unresolved spec contains numerous refs and internal refs which must be resolved before the spec can be used for code gen.

Running speccy resolve --internal-refs [my-spec].yaml generates a fully resolved spec that makes extensive use of YAML anchors and aliases. However, this spec cannot subsequently not be linted by speccy due to this error.

Possible implementation

Judging from a similar issue with Mermade this is likely due to the maxAliasCount setting in YAML.parse() options. Mermade ended up adding a configuration option to control this setting, which seems like the most straight forward implementation for speccy as well

Your environment

JohanZackrisson commented 3 years ago

Also ran into this problem and created a fix for it in https://github.com/wework/speccy/pull/443