Redocly/redoc
1
1
Fork 0
mirror of https://github.com/Redocly/redoc.git synced 2024-11-24 17:43:45 +03:00
Code Issues Packages Projects Releases Wiki Activity

fix: add hard limit on deref depth to prevent crashes

Browse Source
This commit is contained in:
Roman Hotsiy 2022-09-05 22:04:33 -05:00 committed by Alex Varchuk
parent bb325d0d28
commit ddde105aca
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/services/OpenAPIParser.ts
View File

@ -5,6 +5,8 @@ import { JsonPointer } from '../utils/JsonPointer';
import { RedocNormalizedOptions } from './RedocNormalizedOptions';
import type { MergedOpenAPISchema } from './types';
const MAX_DEREF_DEPTH = 999; // prevent circular detection crashes by adding hard limit on deref depth
/**
* Loads and keeps spec. Provides raw spec operations
*/
@ -103,7 +105,7 @@ export class OpenAPIParser {
}
let refsStack = baseRefsStack;
if (baseRefsStack.includes(obj.$ref)) {
if (baseRefsStack.includes(obj.$ref) || baseRefsStack.length > MAX_DEREF_DEPTH) {
resolved = Object.assign({}, resolved, { 'x-circular-ref': true });
} else if (this.isRef(resolved)) {
const res = this.deref(resolved, baseRefsStack, mergeAsAllOf);