From bb1197096f591dd7f0aec44f5ee792470b207dc4 Mon Sep 17 00:00:00 2001 From: Martin Riedel <1713643+rado0x54@users.noreply.github.com> Date: Thu, 5 Oct 2023 13:56:29 -0400 Subject: [PATCH] Fixed possible dangerous application of Regex in presentation-definition examples and tests. (#428) --- test/presentation-definition/basic_example.json | 2 +- .../input_descriptor_id_tokens_example.json | 2 +- .../input_descriptors_example.json | 4 ++-- test/presentation-definition/multi_group_example.json | 10 +++++----- test/presentation-definition/pd_filter.json | 2 +- test/presentation-definition/pd_filter2.json | 8 ++++---- .../presentation-definition/pd_filter2_simplified.json | 7 +++---- test/presentation-definition/single_group_example.json | 2 +- 8 files changed, 18 insertions(+), 19 deletions(-) diff --git a/test/presentation-definition/basic_example.json b/test/presentation-definition/basic_example.json index 69985248..030c10bc 100644 --- a/test/presentation-definition/basic_example.json +++ b/test/presentation-definition/basic_example.json @@ -26,7 +26,7 @@ "purpose": "We can only verify bank accounts if they are attested by a trusted bank, auditor, or regulatory authority.", "filter": { "type": "string", - "pattern": "did:example:123|did:example:456" + "pattern": "^did:example:123$|^did:example:456$" }, "intent_to_retain": true } diff --git a/test/presentation-definition/input_descriptor_id_tokens_example.json b/test/presentation-definition/input_descriptor_id_tokens_example.json index 70ef35f0..c211b449 100644 --- a/test/presentation-definition/input_descriptor_id_tokens_example.json +++ b/test/presentation-definition/input_descriptor_id_tokens_example.json @@ -20,7 +20,7 @@ "path": ["$.status"], "filter": { "type": "string", - "pattern": "active" + "pattern": "^active$" } } ] diff --git a/test/presentation-definition/input_descriptors_example.json b/test/presentation-definition/input_descriptors_example.json index 1eeffd74..dd1a08ed 100644 --- a/test/presentation-definition/input_descriptors_example.json +++ b/test/presentation-definition/input_descriptors_example.json @@ -15,7 +15,7 @@ "path": ["$.credentialSchema.id", "$.vc.credentialSchema.id"], "filter": { "type": "string", - "pattern": "https://bank-schemas.org/1.0.0/accounts.json|https://bank-schemas.org/2.0.0/accounts.json" + "pattern": "^https://bank-schemas.org/1.0.0/accounts.json|https://bank-schemas.org/2.0.0/accounts.json$" } }, { @@ -27,7 +27,7 @@ "purpose": "We can only verify bank accounts if they are attested by a trusted bank, auditor or regulatory authority.", "filter": { "type": "string", - "pattern": "did:example:123|did:example:456" + "pattern": "^did:example:123$|^did:example:456$" }, "intent_to_retain": true }, diff --git a/test/presentation-definition/multi_group_example.json b/test/presentation-definition/multi_group_example.json index 2170e166..b3d85ab7 100644 --- a/test/presentation-definition/multi_group_example.json +++ b/test/presentation-definition/multi_group_example.json @@ -44,7 +44,7 @@ "properties": { "id": { "type": "string", - "pattern": "https://bank-standards.example.com#accounts" + "pattern": "^https://bank-standards.example.com#accounts$" } }, "required": ["id"] @@ -57,7 +57,7 @@ "properties": { "id": { "type": "string", - "pattern": "https://bank-standards.example.com#investments" + "pattern": "^https://bank-standards.example.com#investments$" } }, "required": ["id"] @@ -71,7 +71,7 @@ "purpose": "We can only verify bank accounts if they are attested by a trusted bank, auditor or regulatory authority.", "filter": { "type": "string", - "pattern": "did:example:123|did:example:456" + "pattern": "^did:example:123$|^did:example:456$" } }, { @@ -110,7 +110,7 @@ "path": ["$.credentialSchema.id", "$.vc.credentialSchema.id"], "filter": { "type": "string", - "pattern": "https://bank-schemas.org/1.0.0/accounts.json|https://bank-schemas.org/2.0.0/accounts.json" + "pattern": "^https://bank-schemas.org/1.0.0/accounts.json|https://bank-schemas.org/2.0.0/accounts.json$" } }, { @@ -122,7 +122,7 @@ "purpose": "We can only verify bank accounts if they are attested by a trusted bank, auditor or regulatory authority.", "filter": { "type": "string", - "pattern": "did:example:123|did:example:456" + "pattern": "^did:example:123$|^did:example:456$" } }, { diff --git a/test/presentation-definition/pd_filter.json b/test/presentation-definition/pd_filter.json index cf03c219..33bc0f8d 100644 --- a/test/presentation-definition/pd_filter.json +++ b/test/presentation-definition/pd_filter.json @@ -16,7 +16,7 @@ "type": "array", "contains": { "type": "string", - "pattern": "" + "pattern": "^$" } } } diff --git a/test/presentation-definition/pd_filter2.json b/test/presentation-definition/pd_filter2.json index 3995d267..4d56ca6f 100644 --- a/test/presentation-definition/pd_filter2.json +++ b/test/presentation-definition/pd_filter2.json @@ -16,7 +16,7 @@ "$defs": { "typeString": { "type": "string", - "pattern": "https://train.trust-scheme.de/info" + "pattern": "^https://train.trust-scheme.de/info$" }, "typeStringOrArray": { "anyOf": [ @@ -33,7 +33,7 @@ }, "trustSchemeString": { "type": "string", - "pattern": "worldbankfederation.com" + "pattern": "^worldbankfederation.com$" }, "trustSchemeStringOrArray": { "anyOf": [ @@ -78,7 +78,7 @@ } }, "$ref": "#/$defs/tosObjectOrArray" - } + } }, { "path": [ @@ -88,7 +88,7 @@ "type": "array", "contains": { "type": "string", - "pattern": "creditCard" + "pattern": "^creditCard$" } } } diff --git a/test/presentation-definition/pd_filter2_simplified.json b/test/presentation-definition/pd_filter2_simplified.json index aa29c22b..c524f0d4 100644 --- a/test/presentation-definition/pd_filter2_simplified.json +++ b/test/presentation-definition/pd_filter2_simplified.json @@ -14,7 +14,7 @@ ], "filter": { "type": "string", - "pattern": "https://train.trust-scheme.de/info" + "pattern": "^https://train.trust-scheme.de/info$" } }, { @@ -23,7 +23,7 @@ ], "filter": { "type": "string", - "pattern": "worldbankfederation.com" + "pattern": "^worldbankfederation.com$" } }, { @@ -32,7 +32,7 @@ ], "filter": { "type": "string", - "pattern": "creditCard" + "pattern": "^creditCard$" } } ] @@ -41,4 +41,3 @@ ] } } - \ No newline at end of file diff --git a/test/presentation-definition/single_group_example.json b/test/presentation-definition/single_group_example.json index a77a60be..6ab2ee95 100644 --- a/test/presentation-definition/single_group_example.json +++ b/test/presentation-definition/single_group_example.json @@ -27,7 +27,7 @@ "purpose": "We can only accept digital driver's licenses issued by national authorities of member states or trusted notarial auditors.", "filter": { "type": "string", - "pattern": "did:example:gov1|did:example:gov2" + "pattern": "^did:example:gov1$|^did:example:gov2$" } }, {