Merge pull request #1804 from gravitl/bugfix_allow_alphanum_and_dashes

Bugfix allow only alphanumeric and dashes for ext client and node names

controllers/ext_client.go

@@ -320,6 +320,10 @@ func createExtClient(w http.ResponseWriter, r *http.Request) {
 	err := json.NewDecoder(r.Body).Decode(&CustomExtClient)
 
 	if err == nil {
+		if !validName(CustomExtClient.ClientID) {
+			logic.ReturnErrorResponse(w, r, logic.FormatError(errInvalidExtClientID, "badrequest"))
+			return
+		}
 		extclient.ClientID = CustomExtClient.ClientID
 	}
 
@@ -413,6 +417,10 @@ func updateExtClient(w http.ResponseWriter, r *http.Request) {
 		logic.ReturnErrorResponse(w, r, logic.FormatError(err, "internal"))
 		return
 	}
+	if !validName(newExtClient.ClientID) {
+		logic.ReturnErrorResponse(w, r, logic.FormatError(errInvalidExtClientID, "badrequest"))
+		return
+	}
 	data, err := database.FetchRecord(database.EXT_CLIENT_TABLE_NAME, key)
 	if err != nil {
 		logger.Log(0, r.Header.Get("user"),

controllers/regex.go

@@ -0,0 +1,16 @@
+package controller
+
+import (
+	"errors"
+	"regexp"
+)
+
+var (
+	errInvalidNodeName    = errors.New("Node name must be alphanumderic and/or dashes")
+	errInvalidExtClientID = errors.New("Ext client ID must be alphanumderic and/or dashes")
+)
+
+// allow only dashes and alphaneumeric for ext client and node names
+func validName(name string) bool {
+	return regexp.MustCompile("^[a-zA-Z0-9-]+$").MatchString(name)
+}