fix(settings): don't let a stored bad filterNameRegex brick automations (#3934)#3938
Conversation
…ns (#3934) The traceroute and remote-LocalStats node-filter POST endpoints hard-validated filterNameRegex with RE2 (compileUserRegex) on every save. RE2 rejects the lookaround/backreferences the browser's native RegExp (client-side validation) accepts, so a pattern like `^(?!.*Mobile).*$` passes on the client, is persisted, then fails server validation forever — the settings form re-POSTs the stored regex on every save, so the whole request 400s and the user can't even disable the filter or the automation. Ports the #3806 auto-ack guard to both endpoints: only hard-validate the regex (RE2 + ReDoS length/complexity caps) when it will actually be applied (automation AND regex sub-filter both enabled) OR the incoming pattern differs from the stored one. Disabling the automation/filter, or re-saving an unchanged bad pattern, now succeeds so existing installs can recover; newly-supplied invalid patterns are still rejected when enabling/changing. The shared guard is extracted to src/server/utils/filterNameRegex.ts (validateFilterNameRegexOnSave) and unit-tested directly — the endpoints live inline in server.ts and can't be mounted in isolation. Tests: 8 cases covering validate-when-applied/changed, allow-unchanged-bad- while-disabled (the recovery path), clear-to-valid, and the ReDoS/length caps. Full suite green (8002/0). Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_015AFBA76hsjqhsXe1BdnYub
|
Claude finished @Yeraze's task —— View job PR Review: fix(settings): don't let a stored bad filterNameRegex brick automations (#3934)Tasks:
Overall this is a well-reasoned, conservative fix. The guard correctly ports the #3806 pattern without over-engineering it. A few notes below, ranging from a potential bug to minor style observations. Potential bug —
|
Summary
The auto-traceroute and remote-LocalStats node-filter POST endpoints hard-validated
filterNameRegexwith RE2 (compileUserRegex) on every save. RE2 rejects the lookaround/backreferences that the browser's nativeRegExp(client-side validation) accepts, so a pattern like^(?!.*Mobile).*$passes on the client, gets persisted, then fails server validation forever — the settings form re-POSTs the stored regex on every save, so the whole request 400s and the user can't even disable the filter or the automation. This is the same failure mode #3806 fixed for auto-ack; the guard was never ported to these two endpoints.Fixes #3934.
Changes
POST /api/settings/traceroute-nodesandPOST /api/settings/remote-localstats-nodes(src/server/server.ts): only run the RE2 check (and the ReDoS length/complexity caps) when the regex will actually be applied (the automation AND its regex sub-filter are enabled) or the incoming pattern differs from the stored one. Disabling the automation/filter, or re-saving an unchanged bad pattern, now succeeds; newly-supplied invalid patterns are still rejected when enabling/changing.filterRegexEnabledand to detect an unchanged re-save).src/server/utils/filterNameRegex.ts(validateFilterNameRegexOnSave) so it can be unit-tested — the endpoints are defined inline inserver.tsand aren't independently mountable.Issues Resolved
Fixes #3934
Documentation Updates
No documentation changes needed.
Testing
success: true)filterNameRegex.test.ts(8 cases): rejects a new lookaround pattern when applied or changed; allows re-saving an unchanged stored bad pattern while disabled (the recovery path); allows clearing a bad pattern to a valid one; still rejects an unchanged bad pattern while it stays applied; ReDoS length/complexity capsfilterNameRegex(e.g.^(?!.*Mobile).*$), then confirm toggling the filter off / disabling the automation now saves instead of returning 400🤖 Generated with Claude Code