bad environment names
Sort of a followup to #81 (closed).
The API uses environment names instead of IDs, which means that bad names can break the API calls.
Sentry Open Source validated the environments input; the validation checks are
ENVIRONMENT_NAME_PATTERN = r"^[^\n\r\f\/]*$"
ENVIRONMENT_NAME_MAX_LENGTH = 64
A regex tool told me this:
\n matches a line-feed (newline) character (ASCII 10)
\r matches a carriage return (ASCII 13)
\f matches a form-feed character (ASCII 12)
/ matches the character / literally (case sensitive)
On the frontend, I went to PUT the isHidden
change in a few ways
- plain string:
http://localhost:4200/api/0/projects/error-factories/django-error-factory/environments/http://2945b58272e7496ba23d2bf14e6ec29c@192.168.1.180:8000/32/
-
escape
:http://localhost:4200/api/0/projects/error-factories/django-error-factory/environments/http%3A//2945b58272e7496ba23d2bf14e6ec29c@192.168.1.180%3A8000/32/
-
encodeURIComponent
:http://localhost:4200/api/0/projects/error-factories/django-error-factory/environments/http%3A%2F%2F2945b58272e7496ba23d2bf14e6ec29c%40192.168.1.180%3A8000%2F32/
and they all failed.
The 64 char limit is probably good for not break things.
SOS didn't error; rather, it seemed to strip the environment tag out of the event entirely if the value didn't pass validation.