Skip to content

fix: validate catalog entity names to reject empty, control chars, and overlength#81

Merged
zfarrell merged 4 commits into
mainfrom
fix/name-validation
Mar 10, 2026
Merged

fix: validate catalog entity names to reject empty, control chars, and overlength#81
zfarrell merged 4 commits into
mainfrom
fix/name-validation

Conversation

@zfarrell
Copy link
Copy Markdown
Collaborator

@zfarrell zfarrell commented Mar 1, 2026

Summary

  • Add validate_name() function that rejects empty/whitespace-only names, ASCII control characters, and names exceeding 1024 characters
  • Validate column names in ColumnDef::new() and ColumnDef::from_arrow()
  • Validate schema and table names in SqliteMetadataWriter (get_or_create_schema, get_or_create_table, begin_write_transaction)
  • Integrate with existing validate_table_name() to share validation logic

Test plan

  • Unit tests for validate_name() with valid names, empty, whitespace, control chars, length limits
  • Tests for ColumnDef rejecting empty and control-char names via both constructors
  • Integration tests for SqliteMetadataWriter rejecting invalid schema/table names
  • cargo test passes

zfarrell and others added 2 commits March 1, 2026 18:54
@zfarrell @claude
fix: validate catalog entity names to reject empty, control chars, an…
a1ad17b 
…d overlength

- Add shared validate_name() function rejecting empty names, control characters,
  and names exceeding 1024 characters
- Apply to column names (ColumnDef::new, ColumnDef::from_arrow), schema names
  (get_or_create_schema), and table names (get_or_create_table, validate_table_name,
  begin_write_transaction)

Found during Feb 2026 security review

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@zfarrell
fix: run rustfmt
dfc421e
@zfarrell zfarrell force-pushed the fix/name-validation branch from c85a329 to dfc421e Compare March 1, 2026 18:01
@zfarrell zfarrell merged commit c171e15 into main Mar 10, 2026
3 checks passed
@zfarrell zfarrell deleted the fix/name-validation branch March 10, 2026 17:44
@zfarrell zfarrell mentioned this pull request May 22, 2026
Open
6 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@zfarrell