Skip to content

Commit

Permalink
Add a fix for the vulnerability in zod literal validation message, wh…
Browse files Browse the repository at this point in the history 
…ich was exposing sensitive information in error message.
  • Loading branch information
@ppml38
ppml38 committed Nov 12, 2024
1 parent f487d74 commit d4eea3b
Show file tree
Hide file tree
Showing 4 changed files with 6 additions and 20 deletions.
8 changes: 2 additions & 6 deletions deno/lib/__tests__/error.test.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -498,9 +498,7 @@ test("literal default error message", () => {
} catch (err) {
const zerr: z.ZodError = err as any;
expect(zerr.issues.length).toEqual(1);
expect(zerr.issues[0].message).toEqual(
`Invalid literal value, expected "Tuna"`
);
expect(zerr.issues[0].message).toEqual(`Invalid literal value`);
}
});

Expand All @@ -510,9 +508,7 @@ test("literal bigint default error message", () => {
} catch (err) {
const zerr: z.ZodError = err as any;
expect(zerr.issues.length).toEqual(1);
expect(zerr.issues[0].message).toEqual(
`Invalid literal value, expected "12"`
);
expect(zerr.issues[0].message).toEqual(`Invalid literal value`);
}
});

Expand Down
5 changes: 1 addition & 4 deletions deno/lib/locales/en.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,10 +12,7 @@ const errorMap: ZodErrorMap = (issue, _ctx) => {
}
break;
case ZodIssueCode.invalid_literal:
message = `Invalid literal value, expected ${JSON.stringify(
issue.expected,
util.jsonStringifyReplacer
)}`;
message = `Invalid literal value`;
break;
case ZodIssueCode.unrecognized_keys:
message = `Unrecognized key(s) in object: ${util.joinValues(
Expand Down
8 changes: 2 additions & 6 deletions src/__tests__/error.test.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -497,9 +497,7 @@ test("literal default error message", () => {
} catch (err) {
const zerr: z.ZodError = err as any;
expect(zerr.issues.length).toEqual(1);
expect(zerr.issues[0].message).toEqual(
`Invalid literal value, expected "Tuna"`
);
expect(zerr.issues[0].message).toEqual(`Invalid literal value`);
}
});

Expand All @@ -509,9 +507,7 @@ test("literal bigint default error message", () => {
} catch (err) {
const zerr: z.ZodError = err as any;
expect(zerr.issues.length).toEqual(1);
expect(zerr.issues[0].message).toEqual(
`Invalid literal value, expected "12"`
);
expect(zerr.issues[0].message).toEqual(`Invalid literal value`);
}
});

Expand Down
5 changes: 1 addition & 4 deletions src/locales/en.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,10 +12,7 @@ const errorMap: ZodErrorMap = (issue, _ctx) => {
}
break;
case ZodIssueCode.invalid_literal:
message = `Invalid literal value, expected ${JSON.stringify(
issue.expected,
util.jsonStringifyReplacer
)}`;
message = `Invalid literal value`;
break;
case ZodIssueCode.unrecognized_keys:
message = `Unrecognized key(s) in object: ${util.joinValues(
Expand Down

0 comments on commit d4eea3b

Please sign in to comment.