Merge pull request #12224 from shilmyhasan/patchfixes

Add length based validations for crucial API Params.

components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/utils/APIUtil.java

@@ -2745,6 +2745,57 @@ public static String replaceEmailDomain(String input) {
         return input;
     }
 
+    /**
+     * This method is used to validate character length of crucial api params.
+     *
+     * @param apiName    Name of the API
+     * @param apiVersion Version of the API
+     * @param context    API Context of the API
+     * @param provider   Provider of the API
+     * @throws APIManagementException If the params length exceeds the allowed length
+     */
+    public static void validateCharacterLengthOfAPIParams(String apiName, String apiVersion, String context,
+                                                          String provider) throws APIManagementException {
+
+        validateCharacterLengthOfAPIParams(apiName, context, provider);
+        if (!hasValidLength(apiVersion, APIConstants.MAX_LENGTH_VERSION)) {
+            throw new APIManagementException("API version exceeds allowed character length",
+                    ExceptionCodes.LENGTH_EXCEEDS);
+        }
+    }
+
+    /**
+     * This method is used to validate character length of crucial api product params.
+     *
+     * @param apiName  Name of the API
+     * @param context  API Context of the API
+     * @param provider Provider of the API
+     * @throws APIManagementException If the params length exceeds the allowed length
+     */
+    public static void validateCharacterLengthOfAPIParams(String apiName, String context, String provider)
+            throws APIManagementException {
+
+        if (!hasValidLength(apiName, APIConstants.MAX_LENGTH_API_NAME)) {
+            throw new APIManagementException("API name exceeds allowed character length",
+                    ExceptionCodes.LENGTH_EXCEEDS);
+        }
+        if (!hasValidLength(context, APIConstants.MAX_LENGTH_CONTEXT)) {
+            throw new APIManagementException("API context exceeds allowed character length",
+                    ExceptionCodes.LENGTH_EXCEEDS);
+        }
+        if (!hasValidLength(provider, APIConstants.MAX_LENGTH_PROVIDER)) {
+            throw new APIManagementException("API provider name exceeds allowed character length",
+                    ExceptionCodes.LENGTH_EXCEEDS);
+        }
+    }
+
+    /**
+     * This method is used to validate character length.
+     */
+    public static boolean hasValidLength(String value, int maxLength) {
+        return value != null && value.length() <= maxLength;
+    }
+
     /**
      * When an input is having '-AT-',replace it with @ [This is required to persist API data between registry and database]
      *

components/apimgt/org.wso2.carbon.apimgt.rest.api.publisher.v1.common/src/gen/java/org/wso2/carbon/apimgt/rest/api/publisher/v1/dto/APIDTO.java

@@ -350,7 +350,7 @@ public APIDTO name(String name) {
   @ApiModelProperty(example = "PizzaShackAPI", required = true, value = "")
   @JsonProperty("name")
   @NotNull
- @Pattern(regexp="(^[^~!@#;:%^*()+={}|\\\\<>\"',&$\\[\\]/]*$)") @Size(min=1,max=60)  public String getName() {
+ @Pattern(regexp="(^[^~!@#;:%^*()+={}|\\\\<>\"',&$\\[\\]/]*$)") @Size(min=1)  public String getName() {
     return name;
   }
   public void setName(String name) {

components/apimgt/org.wso2.carbon.apimgt.rest.api.publisher.v1.common/src/main/java/org/wso2/carbon/apimgt/rest/api/publisher/v1/common/mappings/PublisherCommonUtils.java

@@ -1914,6 +1914,9 @@ public static APIProduct addAPIProductWithGeneratedSwaggerDefinition(APIProductD
             // Set username in case provider is null or empty
             provider = username;
         }
+        // validate character length
+        APIUtil.validateCharacterLengthOfAPIParams(apiProductDTO.getName(), apiProductDTO.getContext(),
+                provider);
 
         List<String> tiersFromDTO = apiProductDTO.getPolicies();
         Set<Tier> definedTiers = apiProvider.getTiers();

components/apimgt/org.wso2.carbon.apimgt.rest.api.publisher.v1/src/main/java/org/wso2/carbon/apimgt/rest/api/publisher/v1/impl/ApisApiServiceImpl.java

@@ -2801,6 +2801,9 @@ public Response importOpenAPIDefinition(InputStream fileInputStream, Attachment
         APIDTO apiDTOFromProperties;
         try {
             apiDTOFromProperties = objectMapper.readValue(additionalProperties, APIDTO.class);
+            APIUtil.validateCharacterLengthOfAPIParams(apiDTOFromProperties.getName(),
+                    apiDTOFromProperties.getVersion(), apiDTOFromProperties.getContext(),
+                    RestApiCommonUtil.getLoggedInUsername());
             try {
                 APIUtil.validateAPIContext(apiDTOFromProperties.getContext(), apiDTOFromProperties.getName());
             } catch (APIManagementException e) {
@@ -2955,6 +2958,9 @@ public Response importWSDLDefinition(InputStream fileInputStream, Attachment fil
 
             // Minimum requirement name, version, context and endpointConfig.
             additionalPropertiesAPI = new ObjectMapper().readValue(additionalProperties, APIDTO.class);
+            APIUtil.validateCharacterLengthOfAPIParams(additionalPropertiesAPI.getName(),
+                    additionalPropertiesAPI.getVersion(), additionalPropertiesAPI.getContext(),
+                    RestApiCommonUtil.getLoggedInUsername());
             try {
                 APIUtil.validateAPIContext(additionalPropertiesAPI.getContext(), additionalPropertiesAPI.getName());
             } catch (APIManagementException e) {
@@ -3345,6 +3351,9 @@ public Response importGraphQLSchema(String ifMatch, String type, InputStream fil
             }
 
             additionalPropertiesAPI = new ObjectMapper().readValue(additionalProperties, APIDTO.class);
+            APIUtil.validateCharacterLengthOfAPIParams(additionalPropertiesAPI.getName(),
+                    additionalPropertiesAPI.getVersion(), additionalPropertiesAPI.getContext(),
+                    RestApiCommonUtil.getLoggedInUsername());
             APIUtil.validateAPIContext(additionalPropertiesAPI.getContext(), additionalPropertiesAPI.getName());
             additionalPropertiesAPI.setType(APIDTO.TypeEnum.GRAPHQL);
             String organization = RestApiUtil.getValidatedOrganization(messageContext);
@@ -3970,6 +3979,9 @@ public Response importAsyncAPISpecification(InputStream fileInputStream, Attachm
             if (apiDTOFromProperties.getType() == null) {
                 RestApiUtil.handleBadRequest("Required property protocol is not specified for the Async API", log);
             }
+            APIUtil.validateCharacterLengthOfAPIParams(apiDTOFromProperties.getName(),
+                    apiDTOFromProperties.getVersion(), apiDTOFromProperties.getContext(),
+                    RestApiCommonUtil.getLoggedInUsername());
             try {
                 APIUtil.validateAPIContext(apiDTOFromProperties.getContext(), apiDTOFromProperties.getName());
             } catch (APIManagementException e) {

components/apimgt/org.wso2.carbon.apimgt.rest.api.publisher.v1/src/main/resources/publisher-api.yaml

@@ -8943,7 +8943,6 @@ components:
           readOnly: true
           example: 01234567-0123-0123-0123-012345678901
         name:
-          maxLength: 60
           minLength: 1
           pattern: '(^[^~!@#;:%^*()+={}|\\<>"'',&$\[\]\/]*$)'
           type: string