From d4eea3b8d1b8072b2101e2a82c0b34ff0fce798e Mon Sep 17 00:00:00 2001
From: Prakash Maria Liju P <ppml38@gmail.com>
Date: Tue, 12 Nov 2024 10:47:34 +0530
Subject: [PATCH] Add a fix for the vulnerability in zod literal validation
 message, which was exposing sensitive information in error message.

---
 deno/lib/__tests__/error.test.ts | 8 ++------
 deno/lib/locales/en.ts           | 5 +----
 src/__tests__/error.test.ts      | 8 ++------
 src/locales/en.ts                | 5 +----
 4 files changed, 6 insertions(+), 20 deletions(-)

diff --git a/deno/lib/__tests__/error.test.ts b/deno/lib/__tests__/error.test.ts
index e66b185eb..36cf630ec 100644
--- a/deno/lib/__tests__/error.test.ts
+++ b/deno/lib/__tests__/error.test.ts
@@ -498,9 +498,7 @@ test("literal default error message", () => {
   } catch (err) {
     const zerr: z.ZodError = err as any;
     expect(zerr.issues.length).toEqual(1);
-    expect(zerr.issues[0].message).toEqual(
-      `Invalid literal value, expected "Tuna"`
-    );
+    expect(zerr.issues[0].message).toEqual(`Invalid literal value`);
   }
 });
 
@@ -510,9 +508,7 @@ test("literal bigint default error message", () => {
   } catch (err) {
     const zerr: z.ZodError = err as any;
     expect(zerr.issues.length).toEqual(1);
-    expect(zerr.issues[0].message).toEqual(
-      `Invalid literal value, expected "12"`
-    );
+    expect(zerr.issues[0].message).toEqual(`Invalid literal value`);
   }
 });
 
diff --git a/deno/lib/locales/en.ts b/deno/lib/locales/en.ts
index 0665af275..be98093c5 100644
--- a/deno/lib/locales/en.ts
+++ b/deno/lib/locales/en.ts
@@ -12,10 +12,7 @@ const errorMap: ZodErrorMap = (issue, _ctx) => {
       }
       break;
     case ZodIssueCode.invalid_literal:
-      message = `Invalid literal value, expected ${JSON.stringify(
-        issue.expected,
-        util.jsonStringifyReplacer
-      )}`;
+      message = `Invalid literal value`;
       break;
     case ZodIssueCode.unrecognized_keys:
       message = `Unrecognized key(s) in object: ${util.joinValues(
diff --git a/src/__tests__/error.test.ts b/src/__tests__/error.test.ts
index b1942743b..daf3977d3 100644
--- a/src/__tests__/error.test.ts
+++ b/src/__tests__/error.test.ts
@@ -497,9 +497,7 @@ test("literal default error message", () => {
   } catch (err) {
     const zerr: z.ZodError = err as any;
     expect(zerr.issues.length).toEqual(1);
-    expect(zerr.issues[0].message).toEqual(
-      `Invalid literal value, expected "Tuna"`
-    );
+    expect(zerr.issues[0].message).toEqual(`Invalid literal value`);
   }
 });
 
@@ -509,9 +507,7 @@ test("literal bigint default error message", () => {
   } catch (err) {
     const zerr: z.ZodError = err as any;
     expect(zerr.issues.length).toEqual(1);
-    expect(zerr.issues[0].message).toEqual(
-      `Invalid literal value, expected "12"`
-    );
+    expect(zerr.issues[0].message).toEqual(`Invalid literal value`);
   }
 });
 
diff --git a/src/locales/en.ts b/src/locales/en.ts
index 11325a95b..b99104837 100644
--- a/src/locales/en.ts
+++ b/src/locales/en.ts
@@ -12,10 +12,7 @@ const errorMap: ZodErrorMap = (issue, _ctx) => {
       }
       break;
     case ZodIssueCode.invalid_literal:
-      message = `Invalid literal value, expected ${JSON.stringify(
-        issue.expected,
-        util.jsonStringifyReplacer
-      )}`;
+      message = `Invalid literal value`;
       break;
     case ZodIssueCode.unrecognized_keys:
       message = `Unrecognized key(s) in object: ${util.joinValues(