Merge pull request #1804 from gravitl/bugfix_allow_alphanum_and_dashes

Bugfix allow only alphanumeric and dashes for ext client and node names
2025-09-19 11:34:26 +08:00 · 2022-12-09 10:59:06 -05:00 · 2022-12-09 10:59:06 -05:00 · c86286e9a0
commit c86286e9a0
parent 0d9b47f212 5f3fd9ee96
2 changed files with 24 additions and 0 deletions
--- a/controllers/ext_client.go
+++ b/controllers/ext_client.go
@ -320,6 +320,10 @@ func createExtClient(w http.ResponseWriter, r *http.Request) {
 	err := json.NewDecoder(r.Body).Decode(&CustomExtClient)

 	if err == nil {
+		if !validName(CustomExtClient.ClientID) {
+			logic.ReturnErrorResponse(w, r, logic.FormatError(errInvalidExtClientID, "badrequest"))
+			return
+		}
 		extclient.ClientID = CustomExtClient.ClientID
 	}

@ -413,6 +417,10 @@ func updateExtClient(w http.ResponseWriter, r *http.Request) {
 		logic.ReturnErrorResponse(w, r, logic.FormatError(err, "internal"))
 		return
 	}
+	if !validName(newExtClient.ClientID) {
+		logic.ReturnErrorResponse(w, r, logic.FormatError(errInvalidExtClientID, "badrequest"))
+		return
+	}
 	data, err := database.FetchRecord(database.EXT_CLIENT_TABLE_NAME, key)
 	if err != nil {
 		logger.Log(0, r.Header.Get("user"),
--- a/controllers/regex.go
+++ b/controllers/regex.go
@ -0,0 +1,16 @@
+package controller
+
+import (
+	"errors"
+	"regexp"
+)
+
+var (
+	errInvalidNodeName    = errors.New("Node name must be alphanumderic and/or dashes")
+	errInvalidExtClientID = errors.New("Ext client ID must be alphanumderic and/or dashes")
+)
+
+// allow only dashes and alphaneumeric for ext client and node names
+func validName(name string) bool {
+	return regexp.MustCompile("^[a-zA-Z0-9-]+$").MatchString(name)
+}