Skip to content

add validation for name and description for model model group and connector resources #3805

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 7 commits into
base: main
Choose a base branch
from
Open

add validation for name and description for model model group and connector resources #3805

wants to merge 7 commits into from
+456 −19

Conversation

dhrubo-os
Copy link
Collaborator

@dhrubo-os dhrubo-os commented Apr 29, 2025
edited
Loading

add validation for name and description for model model group and connector resources

Description

resolved #3639

Integ test will fail as code coverages is failing for previously merged PR.

Related Issues

Resolves #[Issue number to be closed when this PR is merged]

Check List

  • New functionality includes testing.
  • New functionality has been documented.
  • API changes companion pull request created.
  • Commits are signed per the DCO using --signoff.
  • Public documentation issue/PR created.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

@dhrubo-os dhrubo-os had a problem deploying to ml-commons-cicd-env April 29, 2025 19:31 — with GitHub Actions Failure
@dhrubo-os dhrubo-os had a problem deploying to ml-commons-cicd-env April 29, 2025 19:31 — with GitHub Actions Failure
ylwu-amzn
ylwu-amzn reviewed Apr 29, 2025
View reviewed changes
common/src/main/java/org/opensearch/ml/common/transport/connector/MLCreateConnectorRequest.java Outdated

if (modelName != null && !isSafeText(modelName)) {
exception = addValidationError(
"Model connector name can only contain letters, digits, spaces, underscores (_), hyphens (-), and dots (.)",
Copy link
Collaborator

@ylwu-amzn ylwu-amzn Apr 29, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This error message is different with MLUpdateConnectorRequest.java one. Should we keep them consistent ?

"Model connector name can only contain letters, digits, spaces, underscores (_), hyphens (-), and dots (.). Max length: 1000 characters.",

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, in the next revision I kept it consistent.

ylwu-amzn
ylwu-amzn reviewed Apr 29, 2025
View reviewed changes
common/src/main/java/org/opensearch/ml/common/transport/connector/MLUpdateConnectorRequest.java Outdated

if (modelName != null && !isSafeText(modelName)) {
exception = addValidationError(
"Model connector name can only contain letters, digits, spaces, underscores (_), hyphens (-), and dots (.). Max length: 1000 characters.",
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Don't see where validate Max length: 1000 characters." , Is that built-in logic in isSafeText?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

My bad, I removed that restriction from the regex. But then I forgot to remove that from the error message.

Initially I was thinking to provide 1000 characters restriction.

What do you think? Should we add such kind of restriction?

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ignore the comment, find that internal logic in isSafeText

ylwu-amzn
ylwu-amzn reviewed Apr 29, 2025
View reviewed changes
common/src/main/java/org/opensearch/ml/common/transport/model/MLUpdateModelRequest.java Outdated
String modelName = updateModelInput.getName();
String description = updateModelInput.getDescription();

if (modelName != null && !isSafeText(modelName)) {
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Similar checking in multiple places ? Can we build some common util method ?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah, I thought about that and felt too lazy to refactor 😄. But I fixed it in the second revision. Thanks for insisting on the highest standards!

@dhrubo-os dhrubo-os had a problem deploying to ml-commons-cicd-env April 29, 2025 20:45 — with GitHub Actions Failure
@dhrubo-os dhrubo-os had a problem deploying to ml-commons-cicd-env April 29, 2025 20:45 — with GitHub Actions Failure
@dhrubo-os dhrubo-os had a problem deploying to ml-commons-cicd-env April 29, 2025 20:50 — with GitHub Actions Failure
@dhrubo-os dhrubo-os had a problem deploying to ml-commons-cicd-env April 29, 2025 20:50 — with GitHub Actions Failure
@dhrubo-os dhrubo-os had a problem deploying to ml-commons-cicd-env April 29, 2025 23:25 — with GitHub Actions Failure
@dhrubo-os dhrubo-os had a problem deploying to ml-commons-cicd-env April 29, 2025 23:25 — with GitHub Actions Failure
@dhrubo-os dhrubo-os temporarily deployed to ml-commons-cicd-env May 7, 2025 19:15 — with GitHub Actions Inactive
rithin-pullela-aws
rithin-pullela-aws reviewed May 7, 2025
View reviewed changes
common/src/main/java/org/opensearch/ml/common/utils/StringUtils.java Outdated
@@ -60,6 +63,9 @@ public class StringUtils {
+ " return input;"
+ "\n }\n";

// Regex allows letters, digits, spaces, hyphens, underscores, and dots.
private static final String SAFE_INPUT_REGEX = "^[a-zA-Z0-9 _\\-\\.:,'()]+$";
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just curious how we determined the regex is this a standard regex generally used? I believe we want to prevent <, >, ;, ", /, \, =.
Since we are using this for description, maybe we need to allow !, @ etc?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That's a very good question. I didn't find any generic standard for the description field. So I think I'll go forward with this regex pattern: "^[\\p{L}\\p{N}\\s.,!?():@\\-_'\"]*$" that allows:

Unicode letters (\p{L})
Unicode numbers (\p{N})
Whitespace (\s)
Common punctuation (.,!?():@)
Hyphen (\-)
Underscore (_)
Single and double quotes ('")

Restricts dangerous characters like:

< and > (prevents HTML/XML tags)
/ and \ (prevents path traversal)
& (prevents HTML entities)

  • (prevents some SQL injection patterns)
    = (prevents some query string manipulations)
    ; (prevents command injection)

Please let me know what do you guys think. I'm open to suggestion as well.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sounds good, allowing unicode makes a lot of sense. I think this regex is good. The same regex will apply for name field as well right?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes

@dhrubo-os dhrubo-os temporarily deployed to ml-commons-cicd-env May 7, 2025 20:17 — with GitHub Actions Inactive
@dhrubo-os dhrubo-os temporarily deployed to ml-commons-cicd-env May 7, 2025 20:17 — with GitHub Actions Inactive
@dhrubo-os dhrubo-os temporarily deployed to ml-commons-cicd-env May 8, 2025 17:09 — with GitHub Actions Inactive
@dhrubo-os dhrubo-os temporarily deployed to ml-commons-cicd-env May 8, 2025 17:09 — with GitHub Actions Inactive
@dhrubo-os dhrubo-os temporarily deployed to ml-commons-cicd-env May 8, 2025 17:09 — with GitHub Actions Inactive
@dhrubo-os dhrubo-os temporarily deployed to ml-commons-cicd-env May 8, 2025 17:09 — with GitHub Actions Inactive
@dhrubo-os dhrubo-os force-pushed the input_validation branch from ec8b889 to e33b553 Compare May 8, 2025 17:40
@dhrubo-os dhrubo-os had a problem deploying to ml-commons-cicd-env May 8, 2025 17:41 — with GitHub Actions Failure
@dhrubo-os dhrubo-os had a problem deploying to ml-commons-cicd-env May 8, 2025 17:41 — with GitHub Actions Error
@dhrubo-os dhrubo-os had a problem deploying to ml-commons-cicd-env May 8, 2025 17:41 — with GitHub Actions Failure
@dhrubo-os dhrubo-os had a problem deploying to ml-commons-cicd-env May 8, 2025 17:41 — with GitHub Actions Failure
@dhrubo-os
fixing unit test messages
2d3892e 
Signed-off-by: Dhrubo Saha <[email protected]>
@dhrubo-os dhrubo-os had a problem deploying to ml-commons-cicd-env May 8, 2025 18:01 — with GitHub Actions Error
@dhrubo-os dhrubo-os had a problem deploying to ml-commons-cicd-env May 8, 2025 18:01 — with GitHub Actions Failure
@dhrubo-os dhrubo-os had a problem deploying to ml-commons-cicd-env May 8, 2025 18:01 — with GitHub Actions Failure
@dhrubo-os dhrubo-os had a problem deploying to ml-commons-cicd-env May 8, 2025 18:01 — with GitHub Actions Error
@dhrubo-os
fixing unit test assertion
7ccfab7 
Signed-off-by: Dhrubo Saha <[email protected]>
@dhrubo-os dhrubo-os temporarily deployed to ml-commons-cicd-env May 8, 2025 18:12 — with GitHub Actions Inactive
@dhrubo-os dhrubo-os temporarily deployed to ml-commons-cicd-env May 8, 2025 18:12 — with GitHub Actions Inactive
@dhrubo-os dhrubo-os temporarily deployed to ml-commons-cicd-env May 8, 2025 18:12 — with GitHub Actions Inactive
@dhrubo-os dhrubo-os temporarily deployed to ml-commons-cicd-env May 8, 2025 18:12 — with GitHub Actions Inactive
@dhrubo-os dhrubo-os had a problem deploying to ml-commons-cicd-env May 8, 2025 19:14 — with GitHub Actions Failure
@dhrubo-os dhrubo-os temporarily deployed to ml-commons-cicd-env May 8, 2025 19:14 — with GitHub Actions Inactive
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Zhangxunmt Zhangxunmt Zhangxunmt left review comments

@ylwu-amzn ylwu-amzn ylwu-amzn left review comments

@rithin-pullela-aws rithin-pullela-aws rithin-pullela-aws left review comments

@b4sjoo b4sjoo Awaiting requested review from b4sjoo b4sjoo is a code owner

@mingshl mingshl Awaiting requested review from mingshl mingshl is a code owner

@jngz-es jngz-es Awaiting requested review from jngz-es jngz-es is a code owner

@model-collapse model-collapse Awaiting requested review from model-collapse model-collapse is a code owner

@rbhavna rbhavna Awaiting requested review from rbhavna rbhavna is a code owner

@zane-neo zane-neo Awaiting requested review from zane-neo zane-neo is a code owner

@austintlee austintlee Awaiting requested review from austintlee austintlee is a code owner

@HenryL27 HenryL27 Awaiting requested review from HenryL27 HenryL27 is a code owner

@xinyual xinyual Awaiting requested review from xinyual xinyual is a code owner

At least 2 approving reviews are required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[BUG] Enhance Input Validation for UpdateModel and UpdateModelGroup APIs
4 participants
@dhrubo-os @Zhangxunmt @ylwu-amzn @rithin-pullela-aws