Update regex in userstore rest api for user input field to fix bug wh…

…en sending ${} and invalid file names (#585) * Update regex in userstore rest api for user input field to fix bug when sending ${} * Update regex in userstore rest api for user input field to validate file names
wso2 · Jan 30, 2024 · 9b8e3e6 · 9b8e3e6
1 parent 98b4d94
commit 9b8e3e6
Showing 1 changed file with 15 additions and 4 deletions.
diff --git a/...in/java/org/wso2/carbon/identity/api/server/userstore/v1/core/ServerUserStoreService.java b/...in/java/org/wso2/carbon/identity/api/server/userstore/v1/core/ServerUserStoreService.java
@@ -114,6 +114,7 @@
 import static org.wso2.carbon.identity.api.server.common.Constants.XML_FILE_EXTENSION;
 import static org.wso2.carbon.identity.api.server.common.Constants.YAML_FILE_EXTENSION;
 import static org.wso2.carbon.identity.api.server.userstore.common.UserStoreConstants.ErrorMessage.ERROR_CODE_USER_STORE_LIMIT_REACHED;
+import static org.wso2.carbon.identity.core.util.IdentityUtil.isValidFileName;
 
 /**
  * Call internal osgi services to perform user store related operations.
@@ -124,7 +125,7 @@ public class ServerUserStoreService {
 
     private static final String DUMMY_MESSAGE_ID = "DUMMY-MESSAGE-ID";
 
-    private static final String EXPRESSION_LANGUAGE_REGEX = "^.*(\\$\\{|#\\{).+}.*$";
+    private static final String EXPRESSION_LANGUAGE_REGEX = "^.*(\\$\\{|#\\{).*}.*$";
 
     private static final String PASSWORD = "password";
 
@@ -1700,13 +1701,23 @@ private UserStoreConfigurations parseUserStoreFromJson(FileContent fileContent)
         }
     }
 
+    /**
+     * Method to validate whether the user store request contains properties with invalid characters.
+     *
+     * @param userStoreReq User store request.
+     */
     private void validateUserStoreProperty(UserStoreReq userStoreReq) {
 
         Pattern pattern = Pattern.compile(EXPRESSION_LANGUAGE_REGEX);
         if (userStoreReq != null) {
-            if ((StringUtils.isNotBlank(userStoreReq.getName()) && pattern.matcher(userStoreReq.getName()).matches()) ||
-                    (StringUtils.isNotBlank(userStoreReq.getDescription()) &&
-                            pattern.matcher(userStoreReq.getDescription()).matches())) {
+            if (StringUtils.isNotBlank(userStoreReq.getName())) {
+                if (pattern.matcher(userStoreReq.getName()).matches() || !isValidFileName(userStoreReq.getName())) {
+                    throw handleException(Response.Status.BAD_REQUEST, UserStoreConstants.ErrorMessage
+                            .ERROR_CODE_INVALID_INPUT);
+                }
+            }
+            if (StringUtils.isNotBlank(userStoreReq.getDescription()) &&
+                            pattern.matcher(userStoreReq.getDescription()).matches()) {
                 throw handleException(Response.Status.BAD_REQUEST, UserStoreConstants.ErrorMessage
                         .ERROR_CODE_INVALID_INPUT);
             } else if (userStoreReq.getProperties() != null) {