fix redos-able regex and add poc code to tests (#182)

eth_account/_utils/structured_data/validation.py

@@ -6,7 +6,7 @@
 
 # Regexes
 IDENTIFIER_REGEX = r"^[a-zA-Z_$][a-zA-Z_$0-9]*$"
-TYPE_REGEX = r"^[a-zA-Z_$][a-zA-Z_$0-9]*(\[([1-9]\d*)*\])*$"
+TYPE_REGEX = r"^[a-zA-Z_$][a-zA-Z_$0-9]*(\[([1-9]\d*\b)*\])*$"
 
 
 def validate_has_attribute(attr_name, dict_data):

newsfragments/178.bugfix.rst

@@ -0,0 +1 @@
+fix DoS-able regex pattern

tests/core/test_structured_data_signing.py

@@ -1,6 +1,7 @@
 import json
 import pytest
 import re
+import time
 
 from eth_abi.exceptions import (
     ABITypeError,
@@ -199,6 +200,29 @@ def test_type_regex(type, valid):
         assert re.match(TYPE_REGEX, type) is None
 
 
+def test_type_regex_for_redos():
+    start = time.time()
+    # len 30 string is long enough to cause > 1 second delay if the regex is bad
+    long = '1' * 30
+    invalid_structured_data_string = f"""{{
+        "types": {{
+            "EIP712Domain": [
+                {{"name": "aaaa", "type": "$[{long}0"}},
+                {{"name": "version", "type": "string"}},
+                {{"name": "chainId", "type": "uint256"}},
+                {{"name": "verifyingContract", "type": "address"}}
+            ]
+        }}
+    }}"""
+
+    with pytest.raises(re.error, match="unterminated character set at position 15"):
+        with pytest.raises(ValidationError, match=f"Invalid Type `$[{long}0` in `EIP712Domain`"):
+            load_and_validate_structured_message(invalid_structured_data_string)
+
+    done = time.time() - start
+    assert done < 1
+
+
 def test_structured_data_invalid_identifier_filtered_by_regex():
     invalid_structured_data_string = open(
         "tests/fixtures/invalid_struct_identifier_message.json"