fix: harden _cnd operators and add edge case tests

- Add try/catch for invalid regex patterns in regex operator
- Add structure validation for between operator (from/to fields)
- Add 5 new edge case tests for invalid inputs
- Bump version to 2.30.1
- Resolve merge conflict with main (n8n 2.0 update)

Conceived by Romuald Członkowski - https://www.aiadvisors.pl/en

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

dist/services/config-validator.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"config-validator.d.ts","sourceRoot":"","sources":["../../src/services/config-validator.ts"],"names":[],"mappings":"AASA,MAAM,WAAW,gBAAgB;IAC/B,KAAK,EAAE,OAAO,CAAC;IACf,MAAM,EAAE,eAAe,EAAE,CAAC;IAC1B,QAAQ,EAAE,iBAAiB,EAAE,CAAC;IAC9B,WAAW,EAAE,MAAM,EAAE,CAAC;IACtB,iBAAiB,EAAE,MAAM,EAAE,CAAC;IAC5B,gBAAgB,EAAE,MAAM,EAAE,CAAC;IAC3B,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;CAC/B;AAED,MAAM,WAAW,eAAe;IAC9B,IAAI,EAAE,kBAAkB,GAAG,cAAc,GAAG,eAAe,GAAG,cAAc,GAAG,uBAAuB,GAAG,cAAc,CAAC;IACxH,QAAQ,EAAE,MAAM,CAAC;IACjB,OAAO,EAAE,MAAM,CAAC;IAChB,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAED,MAAM,WAAW,iBAAiB;IAChC,IAAI,EAAE,gBAAgB,GAAG,YAAY,GAAG,aAAa,GAAG,UAAU,GAAG,eAAe,GAAG,eAAe,CAAC;IACvG,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,OAAO,EAAE,MAAM,CAAC;IAChB,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAED,qBAAa,eAAe;IAI1B,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,aAAa,CAA4C;IAKjF,MAAM,CAAC,QAAQ,CACb,QAAQ,EAAE,MAAM,EAChB,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,EAC3B,UAAU,EAAE,GAAG,EAAE,EACjB,gBAAgB,CAAC,EAAE,GAAG,CAAC,MAAM,CAAC,GAC7B,gBAAgB;IAsDnB,MAAM,CAAC,aAAa,CAClB,OAAO,EAAE,KAAK,CAAC;QACb,QAAQ,EAAE,MAAM,CAAC;QACjB,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;QAC5B,UAAU,EAAE,GAAG,EAAE,CAAC;KACnB,CAAC,GACD,gBAAgB,EAAE;IASrB,OAAO,CAAC,MAAM,CAAC,uBAAuB;IA0CtC,OAAO,CAAC,MAAM,CAAC,qBAAqB;IAsBpC,OAAO,CAAC,MAAM,CAAC,iBAAiB;IAuChC,OAAO,CAAC,MAAM,CAAC,YAAY;WAab,iBAAiB,CAAC,IAAI,EAAE,GAAG,EAAE,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,GAAG,OAAO;IA2ChF,OAAO,CAAC,MAAM,CAAC,qBAAqB;IAoIpC,OAAO,CAAC,MAAM,CAAC,6BAA6B;IA+B5C,OAAO,CAAC,MAAM,CAAC,mBAAmB;IAoElC,OAAO,CAAC,MAAM,CAAC,eAAe;IAc9B,OAAO,CAAC,MAAM,CAAC,gBAAgB;IAoC/B,OAAO,CAAC,MAAM,CAAC,YAAY;IAyC3B,OAAO,CAAC,MAAM,CAAC,iBAAiB;IAgEhC,OAAO,CAAC,MAAM,CAAC,qBAAqB;IAmCpC,OAAO,CAAC,MAAM,CAAC,wBAAwB;IA6BvC,OAAO,CAAC,MAAM,CAAC,wBAAwB;IA4CvC,OAAO,CAAC,MAAM,CAAC,oBAAoB;IAgEnC,OAAO,CAAC,MAAM,CAAC,uBAAuB;CAmOvC"}
+{"version":3,"file":"config-validator.d.ts","sourceRoot":"","sources":["../../src/services/config-validator.ts"],"names":[],"mappings":"AASA,MAAM,WAAW,gBAAgB;IAC/B,KAAK,EAAE,OAAO,CAAC;IACf,MAAM,EAAE,eAAe,EAAE,CAAC;IAC1B,QAAQ,EAAE,iBAAiB,EAAE,CAAC;IAC9B,WAAW,EAAE,MAAM,EAAE,CAAC;IACtB,iBAAiB,EAAE,MAAM,EAAE,CAAC;IAC5B,gBAAgB,EAAE,MAAM,EAAE,CAAC;IAC3B,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;CAC/B;AAED,MAAM,WAAW,eAAe;IAC9B,IAAI,EAAE,kBAAkB,GAAG,cAAc,GAAG,eAAe,GAAG,cAAc,GAAG,uBAAuB,GAAG,cAAc,CAAC;IACxH,QAAQ,EAAE,MAAM,CAAC;IACjB,OAAO,EAAE,MAAM,CAAC;IAChB,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAED,MAAM,WAAW,iBAAiB;IAChC,IAAI,EAAE,gBAAgB,GAAG,YAAY,GAAG,aAAa,GAAG,UAAU,GAAG,eAAe,GAAG,eAAe,CAAC;IACvG,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,OAAO,EAAE,MAAM,CAAC;IAChB,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAED,qBAAa,eAAe;IAI1B,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,aAAa,CAA4C;IAKjF,MAAM,CAAC,QAAQ,CACb,QAAQ,EAAE,MAAM,EAChB,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,EAC3B,UAAU,EAAE,GAAG,EAAE,EACjB,gBAAgB,CAAC,EAAE,GAAG,CAAC,MAAM,CAAC,GAC7B,gBAAgB;IAsDnB,MAAM,CAAC,aAAa,CAClB,OAAO,EAAE,KAAK,CAAC;QACb,QAAQ,EAAE,MAAM,CAAC;QACjB,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;QAC5B,UAAU,EAAE,GAAG,EAAE,CAAC;KACnB,CAAC,GACD,gBAAgB,EAAE;IASrB,OAAO,CAAC,MAAM,CAAC,uBAAuB;IA0CtC,OAAO,CAAC,MAAM,CAAC,qBAAqB;IAsBpC,OAAO,CAAC,MAAM,CAAC,iBAAiB;IAgDhC,OAAO,CAAC,MAAM,CAAC,YAAY;WAab,iBAAiB,CAAC,IAAI,EAAE,GAAG,EAAE,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,GAAG,OAAO;IA2ChF,OAAO,CAAC,MAAM,CAAC,qBAAqB;IAoIpC,OAAO,CAAC,MAAM,CAAC,6BAA6B;IA+B5C,OAAO,CAAC,MAAM,CAAC,mBAAmB;IAoElC,OAAO,CAAC,MAAM,CAAC,eAAe;IAc9B,OAAO,CAAC,MAAM,CAAC,gBAAgB;IAoC/B,OAAO,CAAC,MAAM,CAAC,YAAY;IAyC3B,OAAO,CAAC,MAAM,CAAC,iBAAiB;IAgEhC,OAAO,CAAC,MAAM,CAAC,qBAAqB;IAmCpC,OAAO,CAAC,MAAM,CAAC,wBAAwB;IA6BvC,OAAO,CAAC,MAAM,CAAC,wBAAwB;IA4CvC,OAAO,CAAC,MAAM,CAAC,oBAAoB;IAgEnC,OAAO,CAAC,MAAM,CAAC,uBAAuB;CAmOvC"}

dist/services/config-validator.js

@@ -98,7 +98,11 @@ class ConfigValidator {
         if ('lt' in cnd)
             return configValue < cnd.lt;
         if ('between' in cnd) {
-            return configValue >= cnd.between.from && configValue <= cnd.between.to;
+            const between = cnd.between;
+            if (!between || typeof between.from === 'undefined' || typeof between.to === 'undefined') {
+                return false;
+            }
+            return configValue >= between.from && configValue <= between.to;
         }
         if ('startsWith' in cnd) {
             return typeof configValue === 'string' && configValue.startsWith(cnd.startsWith);
@@ -110,7 +114,14 @@ class ConfigValidator {
             return typeof configValue === 'string' && configValue.includes(cnd.includes);
         }
         if ('regex' in cnd) {
-            return typeof configValue === 'string' && new RegExp(cnd.regex).test(configValue);
+            if (typeof configValue !== 'string')
+                return false;
+            try {
+                return new RegExp(cnd.regex).test(configValue);
+            }
+            catch {
+                return false;
+            }
         }
         if ('exists' in cnd) {
             return configValue !== undefined && configValue !== null;

src/services/config-validator.ts

@@ -192,7 +192,11 @@ export class ConfigValidator {
     if ('gt' in cnd) return configValue > cnd.gt;
     if ('lt' in cnd) return configValue < cnd.lt;
     if ('between' in cnd) {
-      return configValue >= cnd.between.from && configValue <= cnd.between.to;
+      const between = cnd.between;
+      if (!between || typeof between.from === 'undefined' || typeof between.to === 'undefined') {
+        return false; // Invalid between structure
+      }
+      return configValue >= between.from && configValue <= between.to;
     }
     if ('startsWith' in cnd) {
       return typeof configValue === 'string' && configValue.startsWith(cnd.startsWith);
@@ -204,7 +208,12 @@ export class ConfigValidator {
       return typeof configValue === 'string' && configValue.includes(cnd.includes);
     }
     if ('regex' in cnd) {
-      return typeof configValue === 'string' && new RegExp(cnd.regex).test(configValue);
+      if (typeof configValue !== 'string') return false;
+      try {
+        return new RegExp(cnd.regex).test(configValue);
+      } catch {
+        return false; // Invalid regex pattern
+      }
     }
     if ('exists' in cnd) {
       return configValue !== undefined && configValue !== null;

tests/unit/services/config-validator-cnd.test.ts

@@ -216,6 +216,36 @@ describe('ConfigValidator _cnd operators', () => {
         };
         expect(ConfigValidator.isPropertyVisible(prop, { '@version': 5 })).toBe(false);
       });
+
+      it('should not match when between structure is null', () => {
+        const prop = {
+          name: 'testField',
+          displayOptions: {
+            show: { '@version': [{ _cnd: { between: null } }] }
+          }
+        };
+        expect(ConfigValidator.isPropertyVisible(prop, { '@version': 4 })).toBe(false);
+      });
+
+      it('should not match when between is missing from field', () => {
+        const prop = {
+          name: 'testField',
+          displayOptions: {
+            show: { '@version': [{ _cnd: { between: { to: 5 } } }] }
+          }
+        };
+        expect(ConfigValidator.isPropertyVisible(prop, { '@version': 4 })).toBe(false);
+      });
+
+      it('should not match when between is missing to field', () => {
+        const prop = {
+          name: 'testField',
+          displayOptions: {
+            show: { '@version': [{ _cnd: { between: { from: 3 } } }] }
+          }
+        };
+        expect(ConfigValidator.isPropertyVisible(prop, { '@version': 4 })).toBe(false);
+      });
     });
 
     describe('startsWith operator', () => {
@@ -314,6 +344,27 @@ describe('ConfigValidator _cnd operators', () => {
         };
         expect(ConfigValidator.isPropertyVisible(prop, { id: 'abc1234' })).toBe(false);
       });
+
+      it('should not match when regex pattern is invalid', () => {
+        const prop = {
+          name: 'testField',
+          displayOptions: {
+            show: { id: [{ _cnd: { regex: '[invalid(regex' } }] }
+          }
+        };
+        // Invalid regex should return false without throwing
+        expect(ConfigValidator.isPropertyVisible(prop, { id: 'test' })).toBe(false);
+      });
+
+      it('should not match non-string values', () => {
+        const prop = {
+          name: 'testField',
+          displayOptions: {
+            show: { value: [{ _cnd: { regex: '\\d+' } }] }
+          }
+        };
+        expect(ConfigValidator.isPropertyVisible(prop, { value: 123 })).toBe(false);
+      });
     });
 
     describe('exists operator', () => {