Skip to content

Commit

Permalink
Check name for invalid characters
Browse files Browse the repository at this point in the history
  • Loading branch information
Gergely Brautigam committed Mar 10, 2020
1 parent c07f0b7 commit 857b1ca
Show file tree
Hide file tree
Showing 2 changed files with 43 additions and 2 deletions.
29 changes: 27 additions & 2 deletions handlers/pipeline_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -779,8 +779,8 @@ func TestPipelineCheckPeriodicSchedules(t *testing.T) {
})
}

func TestPipelineNameAvailable(t *testing.T) {
tmp, _ := ioutil.TempDir("", "TestPipelineNameAvailable")
func TestPipelineNameValidation(t *testing.T) {
tmp, _ := ioutil.TempDir("", "TestPipelineNameValidation")
dataDir := tmp

gaia.Cfg = &gaia.Config{
Expand Down Expand Up @@ -870,6 +870,31 @@ func TestPipelineNameAvailable(t *testing.T) {
}
})

t.Run("fails for pipeline name with invalid character", func(t *testing.T) {
req := httptest.NewRequest(echo.GET, "/", nil)
req.Header.Set("Content-Type", "application/json")
rec := httptest.NewRecorder()
c := e.NewContext(req, rec)
c.SetPath("/api/" + gaia.APIVersion + "/pipeline/name")
q := req.URL.Query()
q.Add("name", "this[]isinvalid;")
req.URL.RawQuery = q.Encode()

_ = PipelineNameAvailable(c)

if rec.Code != http.StatusBadRequest {
t.Fatalf("expected response code %v got %v", http.StatusBadRequest, rec.Code)
}
bodyBytes, err := ioutil.ReadAll(rec.Body)
if err != nil {
t.Fatalf("cannot read response body: %s", err.Error())
}
nameContainsInvalidCharacter := "pipeline name invalid; must match [A-z][0-9][-][_]"
if string(bodyBytes[:]) != nameContainsInvalidCharacter {
t.Fatalf("error message should be '%s' but was '%s'", nameContainsInvalidCharacter, string(bodyBytes[:]))
}
})

t.Run("works for pipeline with different name", func(t *testing.T) {
req := httptest.NewRequest(echo.GET, "/", nil)
req.Header.Set("Content-Type", "application/json")
Expand Down
16 changes: 16 additions & 0 deletions workers/pipeline/create_pipeline.go
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@ import (
"errors"
"fmt"
"strings"
"unicode"

"github.com/gaia-pipeline/gaia/security"

Expand Down Expand Up @@ -34,6 +35,9 @@ var (

// errPipelineNameInUse is thrown when a pipelines name is already in use
errPipelineNameInUse = errors.New("pipeline name is already in use")

// errPipelineNameInvalid is thrown when a pipeline's name does not match required restrictions
errPipelineNameInvalid = errors.New("pipeline name invalid; must match [A-z][0-9][-][_]")
)

// CreatePipeline is the main function which executes step by step the creation
Expand Down Expand Up @@ -166,6 +170,18 @@ func CreatePipeline(p *gaia.CreatePipeline) {
// ValidatePipelineName validates a given pipeline name and
// returns the correct error back.
func ValidatePipelineName(pName string) error {

validate := func(r rune) bool {
return unicode.IsDigit(r) || unicode.IsLetter(r) || unicode.IsSpace(r) || r == '-' || r == '_'
}
// Name must match ^[A-z]+|[0-9]+|[-]+|[_]+$
// Note, this is faster than regex.
for _, c := range pName {
if !validate(c) {
return errPipelineNameInvalid
}
}

// The name could contain a path. Split it up.
path := strings.Split(pName, pipelinePathSplitChar)

Expand Down

0 comments on commit 857b1ca

Please sign in to comment.