Why are most of the validations for string format leaving length checks to last? #3084
Unanswered
nklisch
asked this question in
Clarifications and "Why?"
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
I am asking this question, because I am in the processes of writing similar validations in java via annotations on pojos.
I noticed pretty consistently the length check was left for last. This seems like an oversight, as depending on the regex/input string, a bad actor may be able to exploit this with a large payload to cause some sort of regex failures / CPU overhead due to parsing the string.
I didn't want to open an issue on it just in case it was intentional for some reason.
But a short-circuit on length seems a reasonable optimization considering others will be consuming these validation libraries.
So am I missing something on why they are done last?
example:
atproto/packages/syntax/src/aturi_validation.ts
Line 128 in b5c6bce
Beta Was this translation helpful? Give feedback.
All reactions