ConfigPackageUtility::ValidateName: replace broken regex

The old validation regex matched if the name consists only of invalid character, not that it does not contain them, i.e. something like "foo/bar" was considered valid. This commit replaces the regex with a check that all characters in the name are allowed characters.
Icinga · Jun 15, 2021 · c40b18e · c40b18e
1 parent 02fc01b
commit c40b18e
Show file tree

Hide file tree

Showing 3 changed files with 31 additions and 3 deletions.
diff --git a/lib/remote/configpackageutility.cpp b/lib/remote/configpackageutility.cpp
@@ -8,6 +8,7 @@
 #include <boost/algorithm/string.hpp>
 #include <boost/regex.hpp>
 #include <algorithm>
+#include <cctype>
 #include <fstream>
 
 using namespace icinga;
@@ -375,9 +376,9 @@ bool ConfigPackageUtility::ValidateName(const String& name)
  if (ContainsDotDot(name))
  return false;
 
- boost::regex expr("^[^a-zA-Z0-9_\\-]*$", boost::regex::icase);
- boost::smatch what;
- return (!boost::regex_search(name.GetData(), what, expr));
+ return std::all_of(name.Begin(), name.End(), [](char c) {
+  return std::isalnum(c, std::locale::classic()) || c == '_' || c == '-';
+ });
 }
 
 std::mutex& ConfigPackageUtility::GetStaticPackageMutex()

diff --git a/test/CMakeLists.txt b/test/CMakeLists.txt
@@ -31,6 +31,7 @@ set(base_test_SOURCES
  icinga-macros.cpp
  icinga-notification.cpp
  icinga-perfdata.cpp
+ remote-configpackageutility.cpp
  remote-url.cpp
  ${base_OBJS}
  $<TARGET_OBJECTS:config>
@@ -148,6 +149,7 @@ add_boost_test(base
  icinga_perfdata/multi
  icinga_perfdata/scientificnotation
  icinga_perfdata/parse_edgecases
+ remote_configpackageutility/ValidateName
  remote_url/id_and_path
  remote_url/parameters
  remote_url/get_and_set

diff --git a/test/remote-configpackageutility.cpp b/test/remote-configpackageutility.cpp
@@ -0,0 +1,25 @@
+/* Icinga 2 | (c) 2021 Icinga GmbH | GPLv2+ */
+
+#include "remote/configpackageutility.hpp"
+#include <vector>
+#include <string>
+#include <BoostTestTargetConfig.h>
+
+using namespace icinga;
+
+BOOST_AUTO_TEST_SUITE(remote_configpackageutility)
+
+BOOST_AUTO_TEST_CASE(ValidateName)
+{
+ std::vector<std::string> validNames {"foo", "foo-bar", "FooBar", "Foo123", "_Foo-", "123bar"};
+ for (const std::string& n : validNames) {
+ BOOST_CHECK_MESSAGE(ConfigPackageUtility::ValidateName(n), "'" << n << "' should be valid");
+ }
+
+ std::vector<std::string> invalidNames {"", ".", "..", "foo.bar", "foo/../bar", "foo/bar", "foo:bar"};
+ for (const std::string& n : invalidNames) {
+ BOOST_CHECK_MESSAGE(!ConfigPackageUtility::ValidateName(n), "'" << n << "' should not be valid");
+ }
+}
+
+BOOST_AUTO_TEST_SUITE_END()