routing: add PostgreSQL database name validator

Introduces is_valid_postgresql_db_name, a permissive validator that
rejects database names that would break a CREATE DATABASE statement
or corrupt a connection string (quotes, semicolons, whitespace, null
and control characters, or names longer than PostgreSQL's 63-byte
identifier limit).

The validator is intentionally permissive: names that are legal only
as quoted identifiers (e.g. 'test-product', '1team', 'user') are
accepted because CodeChecker will quote the identifier when issuing
CREATE DATABASE. See the companion commit wiring the validator into
addProduct() and fixing the CREATE DATABASE statement.

Unit-tested in test_request_routing.py.

Author: bishara74

web/server/codechecker_server/routing.py

@@ -63,6 +63,37 @@ def is_valid_product_endpoint(uripart):
     return True
 
 
+def is_valid_postgresql_db_name(db_name):
+    """
+    Returns whether or not the given string is a safe PostgreSQL database
+    name for CodeChecker to use.
+
+    CodeChecker quotes the database identifier when issuing CREATE DATABASE,
+    so dashes, leading digits, and PostgreSQL reserved keywords are all
+    allowed (e.g. "test-product", "1team", "user" are accepted). However,
+    characters that would break even a quoted identifier, or that are
+    plainly dangerous in an SQL context, are rejected here so we fail fast
+    with a clear error rather than producing broken SQL or an unusable
+    product.
+    """
+    if not db_name or not isinstance(db_name, str):
+        return False
+
+    # PostgreSQL identifiers (even quoted) cannot exceed 63 bytes by
+    # default. Names longer than this are silently truncated by the
+    # server, which would produce a product that cannot be reconnected
+    # to under the name the user provided. Reject them outright.
+    if len(db_name.encode('utf-8')) > 63:
+        return False
+
+    # Forbidden characters: anything that would prematurely terminate
+    # the quoted identifier, embed a statement separator, or corrupt the
+    # connection string. Whitespace is also rejected because a name with
+    # spaces is almost certainly a typo rather than an intent.
+    forbidden = set('"\'\\;\x00\r\n\t ')
+    return not any(c in forbidden for c in db_name)
+
+
 def is_supported_version(version):
     """
     Returns whether or not the given version tag is supported by the current

web/server/tests/unit/test_request_routing.py

@@ -13,6 +13,7 @@
 
 from codechecker_server.routing import split_client_GET_request
 from codechecker_server.routing import split_client_POST_request
+from codechecker_server.routing import is_valid_postgresql_db_name
 
 
 def get(path, host="http://localhost:8001/"):
@@ -61,3 +62,64 @@ def test_post(self):
 
         self.assertEqual(post('/DummyProduct/v6.0/FoobarService'),
                          ('DummyProduct', '6.0', 'FoobarService'))
+
+
+class PostgresqlDbNameValidationTest(unittest.TestCase):
+    """
+    Tests for is_valid_postgresql_db_name, which guards against dangerous
+    or unusable PostgreSQL database names before CodeChecker issues a
+    CREATE DATABASE statement.
+    """
+
+    def test_accepts_plain_names(self):
+        """Names that are legal even as unquoted identifiers are allowed."""
+        self.assertTrue(is_valid_postgresql_db_name('myapp'))
+        self.assertTrue(is_valid_postgresql_db_name('codechecker_test'))
+        self.assertTrue(is_valid_postgresql_db_name('db2'))
+        self.assertTrue(is_valid_postgresql_db_name('_internal'))
+
+    def test_accepts_names_needing_quoting(self):
+        """
+        Names that are legal only as quoted identifiers are allowed, since
+        CodeChecker always quotes the identifier when creating the database.
+        These are the cases reported in the bug ticket.
+        """
+        self.assertTrue(is_valid_postgresql_db_name('test-product'))
+        self.assertTrue(is_valid_postgresql_db_name('1team'))
+        self.assertTrue(is_valid_postgresql_db_name('my-app-prod'))
+        # "user" is a PostgreSQL reserved word but valid when quoted.
+        self.assertTrue(is_valid_postgresql_db_name('user'))
+
+    def test_rejects_empty_or_none(self):
+        """Empty string and non-string inputs are rejected."""
+        self.assertFalse(is_valid_postgresql_db_name(''))
+        self.assertFalse(is_valid_postgresql_db_name(None))
+        self.assertFalse(is_valid_postgresql_db_name(123))
+
+    def test_rejects_dangerous_characters(self):
+        """
+        Characters that could break out of a quoted identifier or embed
+        an SQL statement are rejected.
+        """
+        self.assertFalse(is_valid_postgresql_db_name('foo"bar'))
+        self.assertFalse(is_valid_postgresql_db_name("foo'bar"))
+        self.assertFalse(is_valid_postgresql_db_name('foo;bar'))
+        self.assertFalse(is_valid_postgresql_db_name('foo\\bar'))
+        self.assertFalse(is_valid_postgresql_db_name('foo\x00bar'))
+
+    def test_rejects_whitespace(self):
+        """Names containing any whitespace are rejected."""
+        self.assertFalse(is_valid_postgresql_db_name('foo bar'))
+        self.assertFalse(is_valid_postgresql_db_name('foo\tbar'))
+        self.assertFalse(is_valid_postgresql_db_name('foo\nbar'))
+        self.assertFalse(is_valid_postgresql_db_name('foo\rbar'))
+
+    def test_rejects_overlong_names(self):
+        """
+        PostgreSQL silently truncates identifiers longer than 63 bytes,
+        which would produce a database CodeChecker cannot reconnect to.
+        """
+        self.assertTrue(is_valid_postgresql_db_name('a' * 63))
+        self.assertFalse(is_valid_postgresql_db_name('a' * 64))
+        # 63 characters but more than 63 bytes due to multi-byte encoding.
+        self.assertFalse(is_valid_postgresql_db_name('é' * 32))