From c40b18ef610e7662f74da43cae8f609baeef6001 Mon Sep 17 00:00:00 2001
From: Julian Brost <julian.brost@icinga.com>
Date: Mon, 7 Jun 2021 13:14:06 +0200
Subject: [PATCH] ConfigPackageUtility::ValidateName: replace broken regex

The old validation regex matched if the name consists only of invalid
character, not that it does not contain them, i.e. something like "foo/bar" was
considered valid.

This commit replaces the regex with a check that all characters in the name are
allowed characters.
---
 lib/remote/configpackageutility.cpp  |  7 ++++---
 test/CMakeLists.txt                  |  2 ++
 test/remote-configpackageutility.cpp | 25 +++++++++++++++++++++++++
 3 files changed, 31 insertions(+), 3 deletions(-)
 create mode 100644 test/remote-configpackageutility.cpp

diff --git a/lib/remote/configpackageutility.cpp b/lib/remote/configpackageutility.cpp
index a1f766442..31748708e 100644
--- a/lib/remote/configpackageutility.cpp
+++ b/lib/remote/configpackageutility.cpp
@@ -8,6 +8,7 @@
 #include <boost/algorithm/string.hpp>
 #include <boost/regex.hpp>
 #include <algorithm>
+#include <cctype>
 #include <fstream>
 
 using namespace icinga;
@@ -375,9 +376,9 @@ bool ConfigPackageUtility::ValidateName(const String& name)
 	if (ContainsDotDot(name))
 		return false;
 
-	boost::regex expr("^[^a-zA-Z0-9_\\-]*$", boost::regex::icase);
-	boost::smatch what;
-	return (!boost::regex_search(name.GetData(), what, expr));
+	return std::all_of(name.Begin(), name.End(), [](char c) {
+		return std::isalnum(c, std::locale::classic()) || c == '_' || c == '-';
+	});
 }
 
 std::mutex& ConfigPackageUtility::GetStaticPackageMutex()
diff --git a/test/CMakeLists.txt b/test/CMakeLists.txt
index 75c8dc4be..c5e508154 100644
--- a/test/CMakeLists.txt
+++ b/test/CMakeLists.txt
@@ -31,6 +31,7 @@ set(base_test_SOURCES
   icinga-macros.cpp
   icinga-notification.cpp
   icinga-perfdata.cpp
+  remote-configpackageutility.cpp
   remote-url.cpp
   ${base_OBJS}
   $<TARGET_OBJECTS:config>
@@ -148,6 +149,7 @@ add_boost_test(base
     icinga_perfdata/multi
     icinga_perfdata/scientificnotation
     icinga_perfdata/parse_edgecases
+    remote_configpackageutility/ValidateName
     remote_url/id_and_path
     remote_url/parameters
     remote_url/get_and_set
diff --git a/test/remote-configpackageutility.cpp b/test/remote-configpackageutility.cpp
new file mode 100644
index 000000000..7049fcd22
--- /dev/null
+++ b/test/remote-configpackageutility.cpp
@@ -0,0 +1,25 @@
+/* Icinga 2 | (c) 2021 Icinga GmbH | GPLv2+ */
+
+#include "remote/configpackageutility.hpp"
+#include <vector>
+#include <string>
+#include <BoostTestTargetConfig.h>
+
+using namespace icinga;
+
+BOOST_AUTO_TEST_SUITE(remote_configpackageutility)
+
+BOOST_AUTO_TEST_CASE(ValidateName)
+{
+	std::vector<std::string> validNames {"foo", "foo-bar", "FooBar", "Foo123", "_Foo-", "123bar"};
+	for (const std::string& n : validNames) {
+		BOOST_CHECK_MESSAGE(ConfigPackageUtility::ValidateName(n), "'" << n << "' should be valid");
+	}
+
+	std::vector<std::string> invalidNames {"", ".", "..", "foo.bar", "foo/../bar", "foo/bar", "foo:bar"};
+	for (const std::string& n : invalidNames) {
+		BOOST_CHECK_MESSAGE(!ConfigPackageUtility::ValidateName(n), "'" << n << "' should not be valid");
+	}
+}
+
+BOOST_AUTO_TEST_SUITE_END()