From bfd84adde1296a6d925a0e93f264c378e7f36972 Mon Sep 17 00:00:00 2001
From: Vitaly Budovski <vbudovski@gmail.com>
Date: Wed, 1 Jan 2025 18:25:57 +1100
Subject: [PATCH] test: ReDoS vulnerability of UUID regex

---
 paseri-lib/src/schemas/string.test.ts | 14 ++++++++++++--
 1 file changed, 12 insertions(+), 2 deletions(-)

diff --git a/paseri-lib/src/schemas/string.test.ts b/paseri-lib/src/schemas/string.test.ts
index aaaf4aa..f5e7b46 100644
--- a/paseri-lib/src/schemas/string.test.ts
+++ b/paseri-lib/src/schemas/string.test.ts
@@ -236,7 +236,7 @@ test('Emoji ReDoS', () => {
     expect(diagnostics.status).toBe('safe');
 });
 
-test('Valid uuid', () => {
+test('Valid UUID', () => {
     const schema = p.string().uuid();
 
     fc.assert(
@@ -252,7 +252,7 @@ test('Valid uuid', () => {
     );
 });
 
-test('Invalid uuid', () => {
+test('Invalid UUID', () => {
     const schema = p.string().uuid();
 
     fc.assert(
@@ -270,6 +270,16 @@ test('Invalid uuid', () => {
     );
 });
 
+test('UUID ReDoS', () => {
+    const diagnostics = checkSync(uuidRegex.source, uuidRegex.flags);
+    if (diagnostics.status === 'vulnerable') {
+        console.log(`Vulnerable pattern: ${diagnostics.attack.pattern}`);
+    } else if (diagnostics.status === 'unknown') {
+        console.log(`Error: ${diagnostics.error.kind}.`);
+    }
+    expect(diagnostics.status).toBe('safe');
+});
+
 test('Valid Nano ID', () => {
     const schema = p.string().nanoid();
     // FIXME: fast-check doesn't like case-insensitive regexes.