When running speccy lint [my-spec].yaml on a spec that contains many YAML aliases speccy will fail with the following error:
Could not read YAML/JSON from file: Excessive alias count indicates a resource exhaustion attack
Context
Our unresolved spec contains numerous refs and internal refs which must be resolved before the spec can be used for code gen.
Running speccy resolve --internal-refs [my-spec].yaml generates a fully resolved spec that makes extensive use of YAML anchors and aliases. However, this spec cannot subsequently not be linted by speccy due to this error.
Possible implementation
Judging from a similar issue with Mermade this is likely due to the maxAliasCount setting in YAML.parse() options. Mermade ended up adding a configuration option to control this setting, which seems like the most straight forward implementation for speccy as well
Detailed description
When running
speccy lint [my-spec].yaml
on a spec that contains many YAML aliases speccy will fail with the following error:Context
Our unresolved spec contains numerous refs and internal refs which must be resolved before the spec can be used for code gen.
Running
speccy resolve --internal-refs [my-spec].yaml
generates a fully resolved spec that makes extensive use of YAML anchors and aliases. However, this spec cannot subsequently not be linted by speccy due to this error.Possible implementation
Judging from a similar issue with Mermade this is likely due to the
maxAliasCount
setting inYAML.parse()
options. Mermade ended up adding a configuration option to control this setting, which seems like the most straight forward implementation for speccy as wellYour environment