Add version label check for valid characters

Resolves: https://jira.duraspace.org/browse/FCREPO-1246
fcrepo · Feb 19, 2015 · bb6072d · bb6072d
1 parent 175cd21
commit bb6072d
Show file tree

Hide file tree

Showing 2 changed files with 26 additions and 0 deletions.
diff --git a/fcrepo-http-api/src/test/java/org/fcrepo/integration/http/api/FedoraVersionsIT.java b/fcrepo-http-api/src/test/java/org/fcrepo/integration/http/api/FedoraVersionsIT.java
@@ -235,6 +235,18 @@ public void testVersionLabelWithSpace() throws Exception {
         postObjectVersion(objId, label);
     }
 
+    @Test
+    public void testVersionLabelWithInvalidCharacters() throws Exception {
+        final String label = "\"label with quotes";
+        final String objId = getRandomUniquePid();
+        createObject(objId);
+        enableVersioning(objId);
+        final HttpPost postVersion = postObjMethod(objId + "/fcr:versions");
+        postVersion.addHeader("Slug", label);
+        final HttpResponse response = execute(postVersion);
+        assertEquals(BAD_REQUEST.getStatusCode(), response.getStatusLine().getStatusCode() );
+    }
+
     @Test
     public void testCreateTwoVersionsWithSameLabel() throws Exception {
         final String label1 = "label";

diff --git a/fcrepo-kernel-impl/src/main/java/org/fcrepo/kernel/impl/services/VersionServiceImpl.java b/fcrepo-kernel-impl/src/main/java/org/fcrepo/kernel/impl/services/VersionServiceImpl.java
@@ -32,6 +32,9 @@
 import javax.jcr.version.VersionIterator;
 import javax.jcr.version.VersionManager;
 
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
+
 import static org.fcrepo.kernel.FedoraJcrTypes.VERSIONABLE;
 import static org.slf4j.LoggerFactory.getLogger;
 
@@ -48,6 +51,8 @@ public class VersionServiceImpl extends AbstractService implements VersionServic
 
     private static final Logger LOGGER = getLogger(VersionService.class);
 
+    private static final Pattern invalidLabelPattern = Pattern.compile("[~#@*+%{}<>\\[\\]|\"^]");
+
     @Override
     public String createVersion(final Session session,
                               final String absPath, final String label) throws RepositoryException {
@@ -161,6 +166,10 @@ private static void enableVersioning(final Node node) throws RepositoryException
 
     private static String checkpoint(final Session session, final String absPath, final String label)
             throws RepositoryException {
+        if (!validLabel(label)) {
+            throw new VersionException("Invalid label: " + label);
+        }
+
         LOGGER.trace("Setting version checkpoint for {}", absPath);
         final Workspace workspace = session.getWorkspace();
         final VersionManager versionManager = workspace.getVersionManager();
@@ -177,4 +186,9 @@ private static String checkpoint(final Session session, final String absPath, fi
         return v.getFrozenNode().getIdentifier();
     }
 
+    private static boolean validLabel(final String label) {
+        final Matcher matcher = invalidLabelPattern.matcher(label);
+        return !matcher.find();
+    }
+
 }