Add validation method for UUIDs

backend/api.test/Controllers/RobotModelControllerTests.cs

@@ -155,4 +155,14 @@ bool valuesShouldHaveBeenChanged
             );
         }
     }
+
+    [Fact]
+    public async Task UpdateRobotModelByIdFailsWithValidId()
+    {
+        var testId = "550e8400-e29b-41d4-a716-446655440000";
+
+        var response = await Client.GetAsync("/robot-models/" + testId);
+        response.EnsureSuccessStatusCode();
+
+    }
 }

backend/api.test/Utilities/TestValidations.cs

@@ -0,0 +1,28 @@
+using System;
+using Api.Utilities;
+using Xunit;
+
+namespace Api.Test.Utilities
+{
+    public class TestValidations
+    {
+        [Theory]
+        [InlineData("123e4567-e89b-12d3-a456-426614174000")] // Valid UUID
+        [InlineData("{123e4567-e89b-12d3-a456-426614174000}")] // Valid UUID with braces
+        [InlineData("(123e4567-e89b-12d3-a456-426614174000)")] // Valid UUID with parentheses
+        public void UUID_ValidInput_ReturnsSanitizedUUID(string validUUID)
+        {
+            var result = Validate.UUID(validUUID);
+            Assert.Equal(validUUID.Replace("\n", "").Replace("\r", ""), result);
+        }
+
+        [Theory]
+        [InlineData("invalid-uuid")] // Invalid UUID
+        [InlineData("123e4567-e89b-12d3-a456-42661417400")] // Missing character
+        [InlineData("")] // Empty string
+        public void UUID_InvalidInput_ThrowsArgumentException(string invalidUUID)
+        {
+            Assert.Throws<ArgumentException>(() => Validate.UUID(invalidUUID));
+        }
+    }
+}

backend/api/Controllers/RobotModelController.cs

@@ -1,6 +1,7 @@
 using Api.Controllers.Models;
 using Api.Database.Models;
 using Api.Services;
+using Api.Utilities;
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
 
@@ -74,9 +75,10 @@ [FromRoute] RobotType robotType
     [ProducesResponseType(StatusCodes.Status500InternalServerError)]
     public async Task<ActionResult<RobotModel>> GetRobotModelById([FromRoute] string id)
     {
-        var robotModel = await robotModelService.ReadById(id, readOnly: true);
+        var validatedId = Validate.UUID(id);
+        var robotModel = await robotModelService.ReadById(validatedId, readOnly: true);
         if (robotModel == null)
-            return NotFound($"Could not find robotModel with id '{id}'");
+            return NotFound($"Could not find robotModel with id '{validatedId}'");
         return Ok(robotModel);
     }
 
@@ -144,14 +146,15 @@ public async Task<ActionResult<Robot>> UpdateRobotModelById(
         [FromBody] UpdateRobotModelQuery robotModelQuery
     )
     {
-        logger.LogInformation("Updating robot model with id '{id}'", id);
+        var validatedId = Validate.UUID(id);
+        logger.LogInformation("Updating robot model with id '{id}'", validatedId);
 
         if (!ModelState.IsValid)
             return BadRequest("Invalid data.");
 
-        var robotModel = await robotModelService.ReadById(id, readOnly: true);
+        var robotModel = await robotModelService.ReadById(validatedId, readOnly: true);
         if (robotModel == null)
-            return NotFound($"Could not find robot model with id '{id}'");
+            return NotFound($"Could not find robot model with id '{validatedId}'");
 
         return await UpdateModel(robotModel, robotModelQuery);
     }

backend/api/Utilities/Validations.cs

@@ -0,0 +1,22 @@
+using System.Text.RegularExpressions;
+
+namespace Api.Utilities
+{
+    public static class Validate
+    {
+        public static string UUID(string id)
+        {
+            string pattern = @"^[{(]?[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-5][0-9a-fA-F]{3}-[89abAB][0-9a-fA-F]{3}-[0-9a-fA-F]{12}[)}]?$";
+
+            var isUUID = Regex.IsMatch(id, pattern);
+
+            if (!isUUID)
+            {
+                throw new ArgumentException("Invalid UUID format.");
+            }
+
+            var sanitizedRobotId = id.Replace("\n", "").Replace("\r", "");
+            return sanitizedRobotId;
+        }
+    }
+}