Added pipeline name validation (#239)

* Added pipeline name validation

* Slight fix of the error message

* Removed debug comment

* Renamed function for better naming

* Removed mod addition

Author: Skarlso

handlers/pipeline_test.go

@@ -779,8 +779,8 @@ func TestPipelineCheckPeriodicSchedules(t *testing.T) {
 	})
 }
 
-func TestPipelineNameAvailable(t *testing.T) {
-	tmp, _ := ioutil.TempDir("", "TestPipelineNameAvailable")
+func TestPipelineNameValidation(t *testing.T) {
+	tmp, _ := ioutil.TempDir("", "TestPipelineNameValidation")
 	dataDir := tmp
 
 	gaia.Cfg = &gaia.Config{
@@ -870,6 +870,31 @@ func TestPipelineNameAvailable(t *testing.T) {
 		}
 	})
 
+	t.Run("fails for pipeline name with invalid character", func(t *testing.T) {
+		req := httptest.NewRequest(echo.GET, "/", nil)
+		req.Header.Set("Content-Type", "application/json")
+		rec := httptest.NewRecorder()
+		c := e.NewContext(req, rec)
+		c.SetPath("/api/" + gaia.APIVersion + "/pipeline/name")
+		q := req.URL.Query()
+		q.Add("name", "this[]isinvalid;")
+		req.URL.RawQuery = q.Encode()
+
+		_ = PipelineNameAvailable(c)
+
+		if rec.Code != http.StatusBadRequest {
+			t.Fatalf("expected response code %v got %v", http.StatusBadRequest, rec.Code)
+		}
+		bodyBytes, err := ioutil.ReadAll(rec.Body)
+		if err != nil {
+			t.Fatalf("cannot read response body: %s", err.Error())
+		}
+		nameContainsInvalidCharacter := "must match [A-z][0-9][-][_][ ]"
+		if string(bodyBytes[:]) != nameContainsInvalidCharacter {
+			t.Fatalf("error message should be '%s' but was '%s'", nameContainsInvalidCharacter, string(bodyBytes[:]))
+		}
+	})
+
 	t.Run("works for pipeline with different name", func(t *testing.T) {
 		req := httptest.NewRequest(echo.GET, "/", nil)
 		req.Header.Set("Content-Type", "application/json")

workers/pipeline/create_pipeline.go

@@ -4,6 +4,7 @@ import (
 	"errors"
 	"fmt"
 	"strings"
+	"unicode"
 
 	"github.com/gaia-pipeline/gaia/security"
 
@@ -34,6 +35,9 @@ var (
 
 	// errPipelineNameInUse is thrown when a pipelines name is already in use
 	errPipelineNameInUse = errors.New("pipeline name is already in use")
+
+	// errPipelineNameInvalid is thrown when the pipeline name contains invalid characters
+	errPipelineNameInvalid = errors.New("must match [A-z][0-9][-][_][ ]")
 )
 
 // CreatePipeline is the main function which executes step by step the creation
@@ -166,6 +170,17 @@ func CreatePipeline(p *gaia.CreatePipeline) {
 // ValidatePipelineName validates a given pipeline name and
 // returns the correct error back.
 func ValidatePipelineName(pName string) error {
+
+	valid := func(r rune) bool {
+		return unicode.IsDigit(r) || unicode.IsLetter(r) || unicode.IsSpace(r) || r == '-' || r == '_'
+	}
+	// Note, this is faster than regex.
+	for _, c := range pName {
+		if !valid(c) {
+			return errPipelineNameInvalid
+		}
+	}
+
 	// The name could contain a path. Split it up.
 	path := strings.Split(pName, pipelinePathSplitChar)