Added validations for all components names and added and fixed test c…

…ases for the same.
digiteinfotech · Feb 12, 2025 · f9467c0 · f9467c0
1 parent 4fe713c
commit f9467c0
Show file tree

Hide file tree

Showing 4 changed files with 443 additions and 0 deletions.
diff --git a/kairon/shared/account/processor.py b/kairon/shared/account/processor.py
@@ -169,6 +169,9 @@ def add_bot(
         if Utility.check_empty_string(name):
             raise AppException("Bot Name cannot be empty or blank spaces")
 
+        if name and Utility.special_match(name):
+            raise AppException("Invalid name! Only letters, numbers, and underscores (_) are allowed.")
+
         if not Utility.check_character_limit(name):
             raise AppException("Bot Name cannot be more than 60 characters.")
 
@@ -221,6 +224,10 @@ def list_bots(account_id: int):
     def update_bot(name: Text, bot: Text):
         if Utility.check_empty_string(name):
             raise AppException('Name cannot be empty')
+
+        if name and Utility.special_match(name):
+            raise AppException("Invalid name! Only letters, numbers, and underscores (_) are allowed.")
+
         if not Utility.check_character_limit(name):
             raise AppException("Bot Name cannot be more than 60 characters.")
         try:

diff --git a/kairon/shared/data/processor.py b/kairon/shared/data/processor.py
@@ -4131,6 +4131,9 @@ def update_http_config(self, request_data: Dict, user: str, bot: str):
         :param bot: bot id
         :return: Http configuration id for updated Http action config
         """
+        if request_data.get("action_name") and Utility.special_match(request_data.get("action_name")):
+            raise AppException("Invalid name! Only letters, numbers, and underscores (_) are allowed.")
+
         if not Utility.is_exist(
                 HttpActionConfig,
                 raise_error=False,
@@ -4328,6 +4331,8 @@ def update_pyscript_action(self, request_data: Dict, user: str, bot: str):
         :param bot: bot id
         :return: Pyscript configuration id for updated Pyscript action config
         """
+        if request_data.get("name") and Utility.special_match(request_data.get("name")):
+            raise AppException("Invalid name! Only letters, numbers, and underscores (_) are allowed.")
 
         if not Utility.is_exist(
                 PyscriptActionConfig,
@@ -4380,6 +4385,8 @@ def update_db_action(self, request_data: Dict, user: str, bot: str):
         :param bot: bot id
         :return: VectorDb configuration id for updated VectorDb action config
         """
+        if request_data.get("name") and Utility.special_match(request_data.get("name")):
+            raise AppException("Invalid name! Only letters, numbers, and underscores (_) are allowed.")
 
         if not Utility.is_exist(
                 DatabaseAction,
@@ -4604,6 +4611,9 @@ def edit_google_search_action(self, action_config: dict, bot: Text, user: Text):
         :param user: user id
         :return: None
         """
+        if action_config.get("name") and Utility.special_match(action_config.get("name")):
+            raise AppException("Invalid name! Only letters, numbers, and underscores (_) are allowed.")
+
         if not Utility.is_exist(
                 GoogleSearchAction,
                 raise_error=False,
@@ -5720,6 +5730,9 @@ def edit_synonym(
         :return: None
         :raises: AppException
         """
+        if not Utility.check_empty_string(name) and Utility.special_match(name):
+            raise AppException("Invalid name! Only letters, numbers, and underscores (_) are allowed.")
+
         values = list(
             EntitySynonyms.objects(
                 name__iexact=name, value__exact=value, bot=bot, status=True
@@ -6157,6 +6170,10 @@ def edit_regex(self, regex_dict: Dict, bot, user):
                 regex_dict.get("name")
         ) or Utility.check_empty_string(regex_dict.get("pattern")):
             raise AppException("Regex name and pattern cannot be empty or blank spaces")
+
+        if regex_dict.get("name") and Utility.special_match(regex_dict.get("name")):
+            raise AppException("Invalid name! Only letters, numbers, and underscores (_) are allowed.")
+
         try:
             regex = RegexFeatures.objects(
                 name__iexact=regex_dict.get("name"), bot=bot, status=True
@@ -6329,6 +6346,9 @@ def edit_lookup_value(
         :return: None
         :raises: AppException
         """
+        if not Utility.check_empty_string(name) and Utility.special_match(name):
+            raise AppException("Invalid name! Only letters, numbers, and underscores (_) are allowed.")
+
         lookup_exist = Utility.is_exist(
             Lookup, raise_error=False, name__iexact=name, bot=bot, status=True
         )
@@ -6820,6 +6840,9 @@ def list_slot_set_actions(bot: Text, with_doc_id: bool = True):
 
     @staticmethod
     def edit_slot_set_action(action: dict, bot: Text, user: Text):
+        if action.get("name") and Utility.special_match(action.get("name")):
+            raise AppException("Invalid name! Only letters, numbers, and underscores (_) are allowed.")
+
         set_slots = []
         try:
             for slot in action["set_slots"]:
@@ -6982,6 +7005,9 @@ def edit_email_action(self, action: dict, bot: Text, user: Text):
         :param user: user id
         :return: None
         """
+        if action.get("action_name") and Utility.special_match(action.get("action_name")):
+            raise AppException("Invalid name! Only letters, numbers, and underscores (_) are allowed.")
+
         if not Utility.is_exist(
                 EmailActionConfig,
                 raise_error=False,
@@ -7069,6 +7095,9 @@ def edit_jira_action(self, action: dict, bot: Text, user: Text):
         :param user: user id
         :return: None
         """
+        if action.get("name") and Utility.special_match(action.get("name")):
+            raise AppException("Invalid name! Only letters, numbers, and underscores (_) are allowed.")
+
         if not Utility.is_exist(
                 JiraAction, raise_error=False, name=action.get("name"), bot=bot, status=True
         ):
@@ -7148,6 +7177,9 @@ def edit_zendesk_action(self, action: dict, bot: Text, user: Text):
         :param user: user id
         :return: None
         """
+        if action.get("name") and Utility.special_match(action.get("name")):
+            raise AppException("Invalid name! Only letters, numbers, and underscores (_) are allowed.")
+
         if not Utility.is_exist(
                 ZendeskAction,
                 raise_error=False,
@@ -7218,6 +7250,9 @@ def edit_pipedrive_action(self, action: dict, bot: Text, user: Text):
         :param user: user id
         :return: None
         """
+        if action.get("name") and Utility.special_match(action.get("name")):
+            raise AppException("Invalid name! Only letters, numbers, and underscores (_) are allowed.")
+
         if not Utility.is_exist(
                 PipedriveLeadsAction,
                 raise_error=False,
@@ -7290,6 +7325,9 @@ def edit_hubspot_forms_action(self, action: dict, bot: Text, user: Text):
         :param user: user id
         :return: None
         """
+        if action.get("name") and Utility.special_match(action.get("name")):
+            raise AppException("Invalid name! Only letters, numbers, and underscores (_) are allowed.")
+
         if not Utility.is_exist(
                 HubspotFormsAction,
                 raise_error=False,
@@ -7765,6 +7803,9 @@ def edit_prompt_action(
         :param bot: bot id
         :param user: user
         """
+        if request_data.get("name") and Utility.special_match(request_data.get("name")):
+            raise AppException("Invalid name! Only letters, numbers, and underscores (_) are allowed.")
+
         if not Utility.is_exist(
                 PromptAction, id=prompt_action_id, raise_error=False, bot=bot, status=True
         ):
@@ -8186,6 +8227,9 @@ def edit_razorpay_action(self, request_data: dict, bot: Text, user: Text):
         :param user: user
         :param name: action name
         """
+        if request_data.get("name") and Utility.special_match(request_data.get("name")):
+            raise AppException("Invalid name! Only letters, numbers, and underscores (_) are allowed.")
+
         if not Utility.is_exist(
                 RazorpayAction,
                 raise_error=False,
@@ -8308,6 +8352,7 @@ def is_live_agent_enabled(self, bot: Text, check_in_utils: bool = True):
         if not check_in_utils:
             return True
         return Utility.is_exist(LiveAgentActionConfig, raise_error=False, bot=bot, status=True)
+
     def add_callback(self, request_data: dict, bot: Text):
         """
         Add callback config.
@@ -8439,6 +8484,9 @@ def edit_callback_action(self, request_data: dict, bot: Text, user: Text):
         if not name:
             raise AppException("Action name is required!")
 
+        if name and Utility.special_match(name):
+            raise AppException("Invalid name! Only letters, numbers, and underscores (_) are allowed.")
+
         request_data.pop('name')
 
         callback_name = request_data.get("callback_name")
@@ -8541,6 +8589,9 @@ def update_schedule_action(self, request_data: dict, bot: Text, user: Text):
         :param bot: bot id
         :param user: user who edit/update this
         """
+        if request_data.get("name") and Utility.special_match(request_data.get("name")):
+            raise AppException("Invalid name! Only letters, numbers, and underscores (_) are allowed.")
+
         if not Utility.is_exist(
                 ScheduleAction,
                 raise_error=False,

diff --git a/tests/unit_test/api/api_processor_test.py b/tests/unit_test/api/api_processor_test.py
@@ -101,6 +101,49 @@ def test_add_bot_with_character_limit_exceeded(self):
             AccountProcessor.add_bot(name=name, account=pytest.account,
                                      user="[email protected]", is_new_account=True)
 
+    def test_add_bot_with_invalid_name(self):
+        import re
+
+        account = pytest.account
+        user = "[email protected]"
+        is_new_account = True
+        with pytest.raises(AppException,
+                           match=re.escape("Invalid name! Only letters, numbers, and underscores (_) are allowed.")):
+            name = "test#21"
+            AccountProcessor.add_bot(name=name, account=account, user=user, is_new_account=is_new_account)
+
+        with pytest.raises(AppException,
+                           match=re.escape("Invalid name! Only letters, numbers, and underscores (_) are allowed.")):
+            name = "test@3"
+            AccountProcessor.add_bot(name=name, account=account, user=user, is_new_account=is_new_account)
+
+        with pytest.raises(AppException,
+                           match=re.escape("Invalid name! Only letters, numbers, and underscores (_) are allowed.")):
+            name = " test 5"
+            AccountProcessor.add_bot(name=name, account=account, user=user, is_new_account=is_new_account)
+
+    def test_update_bot_with_invalid_name(self):
+        import re
+
+        account = pytest.account
+        user = "[email protected]"
+        is_new_account = True
+        bot = "test_bot"
+        with pytest.raises(AppException,
+                           match=re.escape("Invalid name! Only letters, numbers, and underscores (_) are allowed.")):
+            name = "test?17"
+            AccountProcessor.update_bot(name=name, bot=bot)
+
+        with pytest.raises(AppException,
+                           match=re.escape("Invalid name! Only letters, numbers, and underscores (_) are allowed.")):
+            name = "test-7"
+            AccountProcessor.update_bot(name=name, bot=bot)
+
+        with pytest.raises(AppException,
+                           match=re.escape("Invalid name! Only letters, numbers, and underscores (_) are allowed.")):
+            name = "<test>18"
+            AccountProcessor.update_bot(name=name, bot=bot)
+
     def test_add_bot(self):
         bot_response = AccountProcessor.add_bot("test", pytest.account, "[email protected]", True)
         bot = Bot.objects(name="test").get().to_mongo().to_dict()