add validation for name and description for model model group and connector resources #3805
Conversation
dhrubo-os
requested review from
b4sjoo,
mingshl,
jngz-es,
model-collapse,
rbhavna,
ylwu-amzn,
zane-neo,
Zhangxunmt,
austintlee,
HenryL27 and
xinyual
as code owners
dhrubo-os
had a problem deploying
to
ml-commons-cicd-env
GitHub Actions
Error
dhrubo-os
had a problem deploying
to
ml-commons-cicd-env
GitHub Actions
Failure
dhrubo-os
had a problem deploying
to
ml-commons-cicd-env
GitHub Actions
Error
dhrubo-os
had a problem deploying
to
ml-commons-cicd-env
GitHub Actions
Failure
|
|
||
| if (modelName != null && !isSafeText(modelName)) { | ||
| exception = addValidationError( | ||
| "Model connector name can only contain letters, digits, spaces, underscores (_), hyphens (-), and dots (.)", |
There was a problem hiding this comment.
This error message is different with MLUpdateConnectorRequest.java one. Should we keep them consistent ?
"Model connector name can only contain letters, digits, spaces, underscores (_), hyphens (-), and dots (.). Max length: 1000 characters.",
There was a problem hiding this comment.
Yes, in the next revision I kept it consistent.
|
|
||
| if (modelName != null && !isSafeText(modelName)) { | ||
| exception = addValidationError( | ||
| "Model connector name can only contain letters, digits, spaces, underscores (_), hyphens (-), and dots (.). Max length: 1000 characters.", |
There was a problem hiding this comment.
Don't see where validate Max length: 1000 characters." , Is that built-in logic in isSafeText?
There was a problem hiding this comment.
My bad, I removed that restriction from the regex. But then I forgot to remove that from the error message.
Initially I was thinking to provide 1000 characters restriction.
What do you think? Should we add such kind of restriction?
There was a problem hiding this comment.
Ignore the comment, find that internal logic in isSafeText
| String modelName = updateModelInput.getName(); | ||
| String description = updateModelInput.getDescription(); | ||
|
|
||
| if (modelName != null && !isSafeText(modelName)) { |
There was a problem hiding this comment.
Similar checking in multiple places ? Can we build some common util method ?
There was a problem hiding this comment.
Yeah, I thought about that and felt too lazy to refactor 😄. But I fixed it in the second revision. Thanks for insisting on the highest standards!
dhrubo-os
had a problem deploying
to
ml-commons-cicd-env
GitHub Actions
Error
dhrubo-os
had a problem deploying
to
ml-commons-cicd-env
GitHub Actions
Failure
dhrubo-os
had a problem deploying
to
ml-commons-cicd-env
GitHub Actions
Error
dhrubo-os
had a problem deploying
to
ml-commons-cicd-env
GitHub Actions
Failure
dhrubo-os
force-pushed
the
input_validation
branch
from
0326043 to
d8eeede
Compare
dhrubo-os
had a problem deploying
to
ml-commons-cicd-env
GitHub Actions
Failure
dhrubo-os
had a problem deploying
to
ml-commons-cicd-env
GitHub Actions
Error
dhrubo-os
had a problem deploying
to
ml-commons-cicd-env
GitHub Actions
Error
dhrubo-os
had a problem deploying
to
ml-commons-cicd-env
GitHub Actions
Failure
dhrubo-os
had a problem deploying
to
ml-commons-cicd-env
GitHub Actions
Failure
dhrubo-os
had a problem deploying
to
ml-commons-cicd-env
GitHub Actions
Error
dhrubo-os
had a problem deploying
to
ml-commons-cicd-env
GitHub Actions
Failure
dhrubo-os
temporarily deployed
to
ml-commons-cicd-env
GitHub Actions
Inactive
dhrubo-os
temporarily deployed
to
ml-commons-cicd-env
GitHub Actions
Inactive
…nector resources Signed-off-by: Dhrubo Saha <[email protected]>
…undnancy Signed-off-by: Dhrubo Saha <[email protected]>
Signed-off-by: Dhrubo Saha <[email protected]>
Signed-off-by: Dhrubo Saha <[email protected]>
dhrubo-os
force-pushed
the
input_validation
branch
from
ae85e9d to
460af00
Compare
dhrubo-os
temporarily deployed
to
ml-commons-cicd-env
GitHub Actions
Inactive
dhrubo-os
temporarily deployed
to
ml-commons-cicd-env
GitHub Actions
Inactive
dhrubo-os
temporarily deployed
to
ml-commons-cicd-env
GitHub Actions
Inactive
dhrubo-os
temporarily deployed
to
ml-commons-cicd-env
GitHub Actions
Inactive
dhrubo-os
temporarily deployed
to
ml-commons-cicd-env
GitHub Actions
Inactive
dhrubo-os
temporarily deployed
to
ml-commons-cicd-env
GitHub Actions
Inactive
dhrubo-os
temporarily deployed
to
ml-commons-cicd-env
GitHub Actions
Inactive
dhrubo-os
temporarily deployed
to
ml-commons-cicd-env
GitHub Actions
Inactive
dhrubo-os
temporarily deployed
to
ml-commons-cicd-env
GitHub Actions
Inactive
dhrubo-os
temporarily deployed
to
ml-commons-cicd-env
GitHub Actions
Inactive
dhrubo-os
had a problem deploying
to
ml-commons-cicd-env
GitHub Actions
Failure
dhrubo-os
temporarily deployed
to
ml-commons-cicd-env
GitHub Actions
Inactive
dhrubo-os
temporarily deployed
to
ml-commons-cicd-env
GitHub Actions
Inactive
|
|
||
| if (value != null && !isSafeText(value)) { | ||
| exception = addValidationError( | ||
| key + " can only contain letters, digits, spaces, underscores (_), hyphens (-), dots (.), and colons (:)", |
There was a problem hiding this comment.
To improve the performance, using StringBuilder msgBuilder = new StringBuilder() for error messages will reduce the memory usage.
| if (value == null || value.isBlank()) { | ||
| return false; | ||
| } | ||
| return value.matches(SAFE_INPUT_REGEX); |
There was a problem hiding this comment.
Pattern SAFE_TEXT_PATTERN = Pattern.compile(SAFE_INPUT_REGEX); Using Pattern matcher is more efficient as it only Compile pattern once rather than Compiles pattern every time in String.matches():
dhrubo-os
temporarily deployed
to
ml-commons-cicd-env
GitHub Actions
Inactive
dhrubo-os
temporarily deployed
to
ml-commons-cicd-env
GitHub Actions
Inactive
dhrubo-os
temporarily deployed
to
ml-commons-cicd-env
GitHub Actions
Inactive
dhrubo-os
temporarily deployed
to
ml-commons-cicd-env
GitHub Actions
Inactive
| @@ -60,6 +63,9 @@ public class StringUtils { | |||
| + " return input;" | |||
| + "\n }\n"; | |||
|
|
|||
| // Regex allows letters, digits, spaces, hyphens, underscores, and dots. | |||
| private static final String SAFE_INPUT_REGEX = "^[a-zA-Z0-9 _\\-\\.:,'()]+$"; | |||
There was a problem hiding this comment.
Just curious how we determined the regex is this a standard regex generally used? I believe we want to prevent <, >, ;, ", /, \, =.
Since we are using this for description, maybe we need to allow !, @ etc?
dhrubo-os
temporarily deployed
to
ml-commons-cicd-env
GitHub Actions
Inactive
dhrubo-os
temporarily deployed
to
ml-commons-cicd-env
GitHub Actions
Inactive
add validation for name and description for model model group and connector resources
Description
resolved #3639
Integ test will fail as code coverages is failing for previously merged PR.
Related Issues
Resolves #[Issue number to be closed when this PR is merged]
Check List
--signoff.By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.