Harden scheduling against unbounded ranges and invalid input#27
Merged
Conversation
Security review follow-up. No injection or vulnerable dependencies were found; the realistic risks were resource exhaustion and weak input validation. This addresses them: - Cap requested date ranges (DoS guard). WeeklyScheduleAgenda, AgendaSlotter and DaySlotter now take an optional maxDays argument (default 366, 0 disables) and throw DateRangeTooLargeException when the [from, to] window is larger, via a shared DateRangeGuard. - Reject non-positive duration/step (and negative timeAfter/timeBefore) in the slotters with InvalidArgumentException, preventing degenerate zero-interval loops. - Validate WeeklySchedule times strictly as a time of day (HH:MM or HH:MM:SS, 00:00-23:59), rejecting relative expressions such as "now". - Throw a clear Exception on malformed/non-object JSON in WeeklySchedule::fromJson() instead of a TypeError. Docs (README caveats + schema note) and CHANGELOG updated. Co-Authored-By: Claude Opus 4.8 (1M context) <[email protected]>
Rebuild CHANGELOG.md in Keep a Changelog format from every tagged release (v0.0.1 through v4.1.2) using the GitHub release notes and the merged PRs between tags. The Unreleased section also captures the changes already on master without a release yet (#25, #26) alongside the security hardening. Co-Authored-By: Claude Opus 4.8 (1M context) <[email protected]>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Context
Security review of the library. No injection sinks (
eval/exec/unserialize/SQL/file I/O are all absent) andcomposer auditreports no vulnerable dependencies. The realistic risks were resource exhaustion (DoS) and weak input validation. This PR addresses all four findings from that review.Changes
🟠 Unbounded date range → memory/CPU exhaustion
WeeklyScheduleAgenda,AgendaSlotterandDaySlotteremit one entry per day (and per slot) across the[from, to]window, so a huge range could exhaust memory. They now take an optionalmaxDaysargument (default366,0disables) and throwPuntodev\Bookables\Exceptions\DateRangeTooLargeExceptionwhen the window is larger, via a sharedDateRangeGuard.🟡 Non-positive
duration/step→ degenerate zero-interval loopsAgendaSlotterandDaySlotterconstructors now rejectduration/step≤ 0 (and negativetimeAfter/timeBefore) withInvalidArgumentException.🟡 Loose time validation
WeeklySchedulevalidates times strictly as a time of day (HH:MMorHH:MM:SS,00:00–23:59), rejecting relative expressions likenow/+1 dayand out-of-range values like25:00/14:60.🔵 Malformed JSON
WeeklySchedule::fromJson()throws a clearExceptionon malformed/non-object JSON instead of leaking aTypeError.Tests
TDD throughout — each test was watched failing before implementing. 51 tests pass (37 existing + 14 new).
08:00, not8:00). Matches the defaults/docs, but stricter than before.maxDays(default 366) now raise instead of silently generating huge result sets. PassmaxDays: 0to opt out.🤖 Generated with Claude Code