From 923631ef76f49fece253c89f7aefcba8dbe3d9a4 Mon Sep 17 00:00:00 2001 From: Tetrergeru <41305740+Tetrergeru@users.noreply.github.com> Date: Thu, 10 Nov 2022 14:37:09 +0400 Subject: [PATCH] feat(api): Add trigger id validation (#801) User could crate triggers with custom name that contains invalid characters. Added validation in trigger controller. Add tests. --- api/controller/triggers.go | 6 ++++++ api/controller/triggers_test.go | 25 +++++++++++++++++++++++++ 2 files changed, 31 insertions(+) diff --git a/api/controller/triggers.go b/api/controller/triggers.go index c47fe796a..cd7a6136e 100644 --- a/api/controller/triggers.go +++ b/api/controller/triggers.go @@ -3,6 +3,7 @@ package controller import ( "fmt" "math" + "regexp" "github.com/gofrs/uuid" @@ -14,6 +15,8 @@ import ( const pageSizeUnlimited int64 = -1 +var idValidationPattern = regexp.MustCompile(`^[a-zA-Z0-9\-_]+$`) + // CreateTrigger creates new trigger func CreateTrigger(dataBase moira.Database, trigger *dto.TriggerModel, timeSeriesNames map[string]bool) (*dto.SaveTriggerResponse, *api.ErrorResponse) { if trigger.ID == "" { @@ -30,6 +33,9 @@ func CreateTrigger(dataBase moira.Database, trigger *dto.TriggerModel, timeSerie if exists { return nil, api.ErrorInvalidRequest(fmt.Errorf("trigger with this ID already exists")) } + if !idValidationPattern.MatchString(trigger.ID) { + return nil, api.ErrorInvalidRequest(fmt.Errorf("trigger ID contains invalid characters")) + } } resp, err := saveTrigger(dataBase, trigger.ToMoiraTrigger(), trigger.ID, timeSeriesNames) if resp != nil { diff --git a/api/controller/triggers_test.go b/api/controller/triggers_test.go index 290e84126..959f8357f 100644 --- a/api/controller/triggers_test.go +++ b/api/controller/triggers_test.go @@ -47,6 +47,31 @@ func TestCreateTrigger(t *testing.T) { So(resp.ID, ShouldResemble, triggerID) }) + Convey("Success with custom valid trigger", t, func() { + triggerID := "Valid_Custom_Trigger_Name-42" + triggerModel := dto.TriggerModel{ID: triggerID} + dataBase.EXPECT().GetTrigger(triggerModel.ID).Return(moira.Trigger{}, database.ErrNil) + dataBase.EXPECT().AcquireTriggerCheckLock(gomock.Any(), 10) + dataBase.EXPECT().DeleteTriggerCheckLock(gomock.Any()) + dataBase.EXPECT().GetTriggerLastCheck(gomock.Any()).Return(moira.CheckData{}, database.ErrNil) + dataBase.EXPECT().SetTriggerLastCheck(gomock.Any(), gomock.Any(), gomock.Any()).Return(nil) + dataBase.EXPECT().SaveTrigger(gomock.Any(), triggerModel.ToMoiraTrigger()).Return(nil) + resp, err := CreateTrigger(dataBase, &triggerModel, make(map[string]bool)) + So(err, ShouldBeNil) + So(resp.Message, ShouldResemble, "trigger created") + So(resp.ID, ShouldResemble, triggerID) + }) + + Convey("Error with invalid triggerID", t, func() { + triggerID := "Foo#" + triggerModel := dto.TriggerModel{ID: triggerID} + dataBase.EXPECT().GetTrigger(triggerModel.ID).Return(moira.Trigger{}, database.ErrNil) + resp, err := CreateTrigger(dataBase, &triggerModel, make(map[string]bool)) + expected := api.ErrorInvalidRequest(fmt.Errorf("trigger ID contains invalid characters")) + So(err, ShouldResemble, expected) + So(resp, ShouldBeNil) + }) + Convey("Trigger already exists", t, func() { triggerModel := dto.TriggerModel{ID: uuid.Must(uuid.NewV4()).String()} trigger := triggerModel.ToMoiraTrigger()