Bug 1006506 - File name validation broken
File name validation broken
Status: CLOSED CURRENTRELEASE
Product: JBoss BRMS Platform 6
Classification: JBoss
Component: Business Central (Show other bugs)
6.0.0
Unspecified Unspecified
high Severity high
: ER 7
: 6.0.0
Assigned To: manstis
Zuzana Krejčová
:
Depends On: 1011563
Blocks: bpms6_ux/brms6_ux
  Show dependency treegraph
 
Reported: 2013-09-10 13:58 EDT by Zuzana Krejčová
Modified: 2016-07-31 21:08 EDT (History)
8 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Summary: Assets like projects and enumeration, and ids for groups, artifacts and versions can be created with invalid characters due to file name validation being broken. This causes follow on problems when using these assets or ids. Avoid the use of the following characters when creating and naming these assets: ,./><?:"|;'\[]{}=-_+()~`!@#$%^&*. Cause: Consequence: Fix: Result:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2014-08-06 16:18:34 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
server log excerpt (22.53 KB, text/x-log)
2013-09-10 13:58 EDT, Zuzana Krejčová
no flags Details
bunch of screenshots documenting broken validation (127.18 KB, application/zip)
2013-09-10 14:00 EDT, Zuzana Krejčová
no flags Details
bad chars in GAV - ER4 (52.69 KB, application/zip)
2013-10-15 08:20 EDT, Zuzana Krejčová
no flags Details

  None (edit)
Description Zuzana Krejčová 2013-09-10 13:58:38 EDT
Created attachment 796086 [details]
server log excerpt

Description of problem:
There used to be file name validation. It doesn't work now. I was able to create an asset (project, enumeration) with name:
,./<>?:"|;'\[]{}=-_+()~`!@#$%^&*
Also, it is possible to use the following as group id, artifact id and version in the new project popup:
,./?:"|;'\[]{}=-_+()~`!@#$%^*
That popup checks only for <, > and &.

Causes whole bunch of problems. For example, naming a drl file something/ results in a folder called something being created and a metafile editor being opened for .drl file.


Version-Release number of selected component (if applicable):
BR/PMS 6.0 ER2
Comment 1 Zuzana Krejčová 2013-09-10 14:00:02 EDT
Created attachment 796087 [details]
bunch of screenshots documenting broken validation
Comment 6 Zuzana Krejčová 2013-10-15 08:16:45 EDT
The issue persists for the 'new project' pop-up.

The GAV is not saved as I set it up (",./?:"|;'\[]{}=-_+()~`!@#$%^*  " for all fields) - if I created another project before, it uses group and version used in that project, the artifact id is the name of the project I am creating.
When I hit finish, error pop-up appears. Similar error pop-up appears when I go to the newly created project and open the Project Editor. The package structure in the project is full of underscores.
Comment 7 Zuzana Krejčová 2013-10-15 08:20:20 EDT
Created attachment 812476 [details]
bad chars in GAV - ER4

Server log contains this as well:
...
ERROR [stderr] Caused by: org.apache.maven.model.building.ModelBuildingException: 3 problems were encountered while building the effective model for ,./?:"|;'\[]{}=-_+()~`!@#$%^*:,./?:"|;'\[]{}=-_+()~`!@#$%^*:,./?:"|;'\[]{}=-_+()~`!@#$%^*
 ERROR [stderr] [ERROR] 'groupId' with value ',./?:"|;'\[]{}=-_+()~`!@#$%^*' does not match a valid id pattern. @ line 5, column 12
ERROR [stderr] [ERROR] 'artifactId' with value ',./?:"|;'\[]{}=-_+()~`!@#$%^*' does not match a valid id pattern. @ line 6, column 15
ERROR [stderr] [WARNING] 'version' must not contain any of these characters \/:"<>|?* but found * @ line 7, column 12
Comment 8 manstis 2013-10-15 09:40:03 EDT
See this BZ: https://bugzilla.redhat.com/show_bug.cgi?id=1011563.

Should be fixed.
Comment 11 Zuzana Krejčová 2013-12-09 12:21:51 EST
There are still troubles with files beginning with a dot (well maybe not on Windows).
The Create new project dialog will allow you to use even some invalid characters - those seem to be replaced or removed when creating the directory/package structure, but it's still an inconsistency that should be removed. The wizard won't allow you to finish the project creation in this case, but it also doesn't tell you what exactly is wrong.
Creating a project with name starting with a dot has a different result still - nothing exactly fails, you just don't get the directory/package structure.
Comment 12 manstis 2013-12-10 07:02:34 EST
Sorry, I'm a bit thick ;) Can you provide an example of a project with invalid characters and the resulting package naming? 

What is the inconsistency? Is it only project names and resulting package structure that is wrong now (this BZ was for general file name validation to begin with.. it seems that this is fixed, but an inconsistency with project names remain?) Would it be better to raise a separate BZ for that?
Comment 13 Zuzana Krejčová 2013-12-10 12:47:04 EST
(In reply to manstis from comment #12)
> Sorry, I'm a bit thick ;) Can you provide an example of a project with
> invalid characters and the resulting package naming? 
> 
> What is the inconsistency? Is it only project names and resulting package
> structure that is wrong now (this BZ was for general file name validation to
> begin with.. it seems that this is fixed, but an inconsistency with project
> names remain?) Would it be better to raise a separate BZ for that?

For examples, see below. As for the inconsistency - directory is a file as well, as I see it. Projects are created pretty much the same way as assets (from a users point of view), from the same menu in Authoring perspective, so I'd count them as assets as well. So, I think, the same validation should be used for them as well - especially since the name is used for the directory structure of the project. It is also an issue with the same Create new .. dialog as for DRLs, Guided DTs, Test Scenarios... I think this belong into this BZ as well.
I'm not sure I'm explaining it right, but hopefully this will help.

Ex. 1:
In the Create new.. dialog, type in "name with spaces". 
In the New Project Wizard, this gets prefilled as Artifact ID.
Correctly filling out and finishing the wizard results in "name with spaces" as the project name in the Project Explorer navigation and project directory root in the git repository.
(Similarly for |,<,"... instead of spaces.)

Ex. 2:
In the Create new.. dialog, type in ".name". 
In the New Project Wizard, this gets prefilled as Artifact ID. Leave it there.
Correctly filling out the rest and finishing the wizard results in Error dialog with "Unable to complete your request. The following exception occurred: String index out of range: 0". Project is visible in the Project Explorer, package structure is not - it is not created. You can create a new package in the project without problems. Behaviour might change on Windows.

Ex. 3:
In the Create new.. dialog, type in "name/with/slash". 
In the New Project Wizard, this gets prefilled as Artifact ID.
Correctly filling out and finishing the wizard results in no new project in the Project Explorer and name/with/slash as the project directory root in the git repository. Behaviour might change on Windows.

Ex. 4:
In the Create new.. dialog, type in "slashed\name". 
In the New Project Wizard, this gets prefilled as Artifact ID.
Correctly filling out and finishing the wizard results in Error dialog with "Unable to complete your request. The following exception occurred: java.lang.RuntimeException: java.lang.RuntimeException: org.eclipse.jgit.dircache.InvalidPathException: Invalid path: /slashed/name/src/main/java/.gitignore." and no new project in the Project Explorer. The project isn't created in the git repository. Behaviour might change on Windows.

Ex. 5:
In the Create new.. dialog, type in "   spaces". 
In the New Project Wizard, this gets prefilled as Artifact ID.
Correctly filling out and finishing the wizard results in "spaces" as the project name in the Project Explorer navigation and "   spaces" as the project directory root in the git repository.
(For |,<,"... instead of spaces, the character stays in the project name in navigation.)
Comment 15 manstis 2013-12-12 10:39:34 EST
This is what I've implemented:-

(1) New Resource (for project) uses the same validation as other files.

(2) The New Resource name becomes the Project Name on the Project Wizard. The Project Name on the Project Wizard continues to be validated as per other files. 

(3) The New Resource name (Project Name) is also sanitized and set as the default Artifact ID. Artifact ID is used to construct the default workspace package name. Therefore, since Artifact ID is a package name, Artifact ID needs to be a valid (Java) package identifer. The sanitization ensures the Artifact ID is a valid package name (e.g. replacing spaces with _ etc).

(4) Group ID and Artifact ID on the Project Wizard are checked to be valid package names (because both are used to construct the default workspace package name).

(5) Version is validated against the existing regex.

This brings "New (Project)" validation in line with "New (other file)" validation. It also aligns Group ID and Artifact ID validation with "New (Package)" validation (because both are used to construct the default workspace package). 

I think this should conclude this BZ!
Comment 16 Zuzana Krejčová 2014-01-06 11:23:24 EST
This is great - thanks!
Verified with ER7.

Note You need to log in before you can comment on or make changes to this bug.