Skip to content

fix(input_schema): Remove safe regex check #558

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Oct 28, 2025
Merged

fix(input_schema): Remove safe regex check #558

merged 2 commits into from
Oct 28, 2025

Conversation

@mfori
Copy link
Member

@mfori mfori commented Oct 27, 2025

The used package for malicious regex detection (safe-regex) produces lot of false-positives, so this PR now removes the check completely and I will figure out what next later.

Reported here: https://apify.slack.com/archives/C0L33UM7Z/p1761580328353969

@mfori mfori requested review from jirimoravcik and katacek October 27, 2025 19:00
@mfori mfori self-assigned this Oct 27, 2025
@mfori mfori added bug Something isn't working. adhoc Ad-hoc unplanned task added during the sprint. t-console Issues with this label are in the ownership of the console team. labels Oct 27, 2025
@github-actions github-actions bot added this to the 126th sprint - Console team milestone Oct 27, 2025
@github-actions github-actions bot added the tested Temporary label used only programatically for some analytics. label Oct 27, 2025
katacek
katacek approved these changes Oct 27, 2025
View reviewed changes
Copy link
Member

@katacek katacek left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you!

@mfori mfori requested a review from Copilot October 28, 2025 16:40
Copilot AI reviewed Oct 28, 2025
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR removes the safe-regex package dependency and its associated validation check due to false positives in malicious regex detection. The change disables ReDoS (Regular Expression Denial of Service) attack prevention temporarily while a better solution is being explored.

Key changes:

  • Removed safe-regex dependency from package.json
  • Commented out the unsafe regex validation logic with a TODO note
  • Deleted the test case that validated unsafe regex patterns

Reviewed Changes

Copilot reviewed 3 out of 4 changed files in this pull request and generated 2 comments.

File Description
packages/input_schema/package.json Removed safe-regex package dependency
packages/input_schema/src/utilities.ts Commented out unsafe regex validation logic and added TODO for future implementation
test/input_schema.test.ts Removed test case validating unsafe regex pattern detection

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@mfori mfori merged commit 4a92fcc into master Oct 28, 2025
9 checks passed
@mfori mfori deleted the feat/remove-safe-regex-check branch October 28, 2025 17:08
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@katacek katacek katacek approved these changes

@jirimoravcik jirimoravcik Awaiting requested review from jirimoravcik

Assignees

@mfori mfori

Labels

adhoc Ad-hoc unplanned task added during the sprint. bug Something isn't working. t-console Issues with this label are in the ownership of the console team. tested Temporary label used only programatically for some analytics.

Projects

None yet

Milestone

126th sprint - Console team

Development

Successfully merging this pull request may close these issues.

2 participants

@mfori @katacek