add name length validator

zhongkechen · zhongkechen · commit 5fceff8b2bfc · 2026-03-04T14:56:47.000-08:00
diff --git a/sdk/src/main/java/software/amazon/lambda/durable/DurableContext.java b/sdk/src/main/java/software/amazon/lambda/durable/DurableContext.java
@@ -21,6 +21,10 @@
 import software.amazon.lambda.durable.validation.ParameterValidator;
 
 public class DurableContext extends BaseContext {
+    private static final String WAIT_FOR_CALLBACK_CALLBACK_SUFFIX = "-callback";
+    private static final String WAIT_FOR_CALLBACK_SUBMITTER_SUFFIX = "-submitter";
+    private static final int MAX_WAIT_FOR_CALLBACK_NAME_LENGTH = ParameterValidator.MAX_OPERATION_NAME_LENGTH
+            - Math.max(WAIT_FOR_CALLBACK_CALLBACK_SUFFIX.length(), WAIT_FOR_CALLBACK_SUBMITTER_SUFFIX.length());
     private final AtomicInteger operationCounter;
     private volatile DurableLogger logger;
 
@@ -110,6 +114,8 @@ public <T> DurableFuture<T> stepAsync(
             String name, TypeToken<T> typeToken, Function<StepContext, T> func, StepConfig config) {
         Objects.requireNonNull(config, "config cannot be null");
         Objects.requireNonNull(typeToken, "typeToken cannot be null");
+        ParameterValidator.validateOperationName(name);
+
         if (config.serDes() == null) {
             config = config.toBuilder().serDes(getDurableConfig().getSerDes()).build();
         }
@@ -166,6 +172,8 @@ public Void wait(Duration duration) {
 
     public Void wait(String waitName, Duration duration) {
         ParameterValidator.validateDuration(duration, "Wait duration");
+        ParameterValidator.validateOperationName(waitName);
+
         var operationId = nextOperationId();
 
         // Create and start wait operation
@@ -229,6 +237,8 @@ public <T, U> DurableFuture<T> invokeAsync(
             String name, String functionName, U payload, TypeToken<T> typeToken, InvokeConfig config) {
         Objects.requireNonNull(config, "config cannot be null");
         Objects.requireNonNull(typeToken, "typeToken cannot be null");
+        ParameterValidator.validateOperationName(name);
+
         if (config.serDes() == null) {
             config = config.toBuilder().serDes(getDurableConfig().getSerDes()).build();
         }
@@ -261,6 +271,7 @@ public <T> DurableCallbackFuture<T> createCallback(String name, Class<T> resultT
     }
 
     public <T> DurableCallbackFuture<T> createCallback(String name, TypeToken<T> typeToken, CallbackConfig config) {
+        ParameterValidator.validateOperationName(name);
         if (config.serDes() == null) {
             config = config.toBuilder().serDes(getDurableConfig().getSerDes()).build();
         }
@@ -295,6 +306,7 @@ public <T> DurableFuture<T> runInChildContextAsync(
     private <T> DurableFuture<T> runInChildContextAsync(
             String name, TypeToken<T> typeToken, Function<DurableContext, T> func, OperationSubType subType) {
         Objects.requireNonNull(typeToken, "typeToken cannot be null");
+        ParameterValidator.validateOperationName(name);
         var operationId = nextOperationId();
 
         var operation = new ChildContextOperation<>(
@@ -368,6 +380,9 @@ public <T> DurableFuture<T> waitForCallbackAsync(
             WaitForCallbackConfig waitForCallbackConfig) {
         Objects.requireNonNull(typeToken, "typeToken cannot be null");
         Objects.requireNonNull(waitForCallbackConfig, "waitForCallbackConfig cannot be null");
+        // waitForCallback adds a suffix for the callback operation name and the submitter operation name so
+        // the length restriction of waitForCallback name is different from the other operations.
+        ParameterValidator.validateOperationName(name, MAX_WAIT_FOR_CALLBACK_NAME_LENGTH);
 
         var finalWaitForCallbackConfig = waitForCallbackConfig.stepConfig().serDes() == null
                 ? waitForCallbackConfig.toBuilder()
@@ -382,9 +397,11 @@ public <T> DurableFuture<T> waitForCallbackAsync(
                 typeToken,
                 childCtx -> {
                     var callback = childCtx.createCallback(
-                            name + "-callback", typeToken, finalWaitForCallbackConfig.callbackConfig());
+                            name + WAIT_FOR_CALLBACK_CALLBACK_SUFFIX,
+                            typeToken,
+                            finalWaitForCallbackConfig.callbackConfig());
                     childCtx.step(
-                            name + "-submitter",
+                            name + WAIT_FOR_CALLBACK_SUBMITTER_SUFFIX,
                             Void.class,
                             stepCtx -> {
                                 func.accept(callback.callbackId(), stepCtx);
diff --git a/sdk/src/main/java/software/amazon/lambda/durable/validation/ParameterValidator.java b/sdk/src/main/java/software/amazon/lambda/durable/validation/ParameterValidator.java
@@ -12,6 +12,7 @@
 public final class ParameterValidator {
 
     private static final long MIN_DURATION_SECONDS = 1;
+    public static final int MAX_OPERATION_NAME_LENGTH = 256;
 
     private ParameterValidator() {
         // Utility class - prevent instantiation
@@ -76,4 +77,30 @@ public static void validateOptionalPositiveInteger(Integer value, String paramet
             throw new IllegalArgumentException(parameterName + " must be positive, got: " + value);
         }
     }
+
+    public static void validateOperationName(String name) {
+        validateOperationName(name, MAX_OPERATION_NAME_LENGTH);
+    }
+
+    public static void validateOperationName(String name, int maxLength) {
+        if (name == null) {
+            // operation name is optional
+            return;
+        }
+        if (name.isEmpty()) {
+            throw new IllegalArgumentException("Operation name cannot be empty");
+        }
+        if (name.length() > maxLength) {
+            throw new IllegalArgumentException(
+                    "Operation name must be less than " + maxLength + " characters, got: " + name);
+        }
+
+        // validate each character is printable ASCII
+        for (char c : name.toCharArray()) {
+            if (c < 0x20 || c > 0x7e) {
+                throw new IllegalArgumentException(
+                        "Operation name must contain only printable ASCII characters, got: " + name);
+            }
+        }
+    }
 }
diff --git a/sdk/src/test/java/software/amazon/lambda/durable/validation/ParameterValidatorTest.java b/sdk/src/test/java/software/amazon/lambda/durable/validation/ParameterValidatorTest.java
@@ -120,4 +120,174 @@ void validateOptionalPositiveInteger_withInvalidValue_shouldThrow() {
 
         assertEquals("testParam must be positive, got: 0", exception.getMessage());
     }
+
+    @Test
+    void validateOperationName_withNull_shouldPass() {
+        assertDoesNotThrow(() -> ParameterValidator.validateOperationName(null));
+    }
+
+    @Test
+    void validateOperationName_withValidName_shouldPass() {
+        assertDoesNotThrow(() -> ParameterValidator.validateOperationName("test"));
+        assertDoesNotThrow(() -> ParameterValidator.validateOperationName("my-operation"));
+        assertDoesNotThrow(() -> ParameterValidator.validateOperationName("operation_123"));
+    }
+
+    @Test
+    void validateOperationName_withEmptyString_shouldThrow() {
+        var exception =
+                assertThrows(IllegalArgumentException.class, () -> ParameterValidator.validateOperationName(""));
+
+        assertEquals("Operation name cannot be empty", exception.getMessage());
+    }
+
+    @Test
+    void validateOperationName_withMaxLength_shouldPass() {
+        var name = "a".repeat(ParameterValidator.MAX_OPERATION_NAME_LENGTH);
+        assertDoesNotThrow(() -> ParameterValidator.validateOperationName(name));
+    }
+
+    @Test
+    void validateOperationName_exceedingMaxLength_shouldThrow() {
+        var name = "a".repeat(ParameterValidator.MAX_OPERATION_NAME_LENGTH + 1);
+        var exception =
+                assertThrows(IllegalArgumentException.class, () -> ParameterValidator.validateOperationName(name));
+
+        assertEquals(
+                "Operation name must be less than " + ParameterValidator.MAX_OPERATION_NAME_LENGTH
+                        + " characters, got: " + name,
+                exception.getMessage());
+    }
+
+    @Test
+    void validateOperationName_withCustomMaxLength_withNull_shouldPass() {
+        assertDoesNotThrow(() -> ParameterValidator.validateOperationName(null, 100));
+    }
+
+    @Test
+    void validateOperationName_withCustomMaxLength_withValidName_shouldPass() {
+        assertDoesNotThrow(() -> ParameterValidator.validateOperationName("test", 100));
+        assertDoesNotThrow(() -> ParameterValidator.validateOperationName("a".repeat(100), 100));
+    }
+
+    @Test
+    void validateOperationName_withCustomMaxLength_withEmptyString_shouldThrow() {
+        var exception =
+                assertThrows(IllegalArgumentException.class, () -> ParameterValidator.validateOperationName("", 100));
+
+        assertEquals("Operation name cannot be empty", exception.getMessage());
+    }
+
+    @Test
+    void validateOperationName_withCustomMaxLength_exceedingLimit_shouldThrow() {
+        var customMaxLength = 50;
+        var name = "a".repeat(customMaxLength + 1);
+        var exception = assertThrows(
+                IllegalArgumentException.class, () -> ParameterValidator.validateOperationName(name, customMaxLength));
+
+        assertEquals(
+                "Operation name must be less than " + customMaxLength + " characters, got: " + name,
+                exception.getMessage());
+    }
+
+    @Test
+    void validateOperationName_withCustomMaxLength_atExactLimit_shouldPass() {
+        var customMaxLength = 50;
+        var name = "a".repeat(customMaxLength);
+        assertDoesNotThrow(() -> ParameterValidator.validateOperationName(name, customMaxLength));
+    }
+
+    @Test
+    void validateOperationName_withSpecialCharacters_shouldPass() {
+        assertDoesNotThrow(() -> ParameterValidator.validateOperationName("operation-name"));
+        assertDoesNotThrow(() -> ParameterValidator.validateOperationName("operation_name"));
+        assertDoesNotThrow(() -> ParameterValidator.validateOperationName("operation.name"));
+        assertDoesNotThrow(() -> ParameterValidator.validateOperationName("operation:name"));
+        assertDoesNotThrow(() -> ParameterValidator.validateOperationName("operation/name"));
+        assertDoesNotThrow(() -> ParameterValidator.validateOperationName("operation@name"));
+        assertDoesNotThrow(() -> ParameterValidator.validateOperationName("operation#name"));
+        assertDoesNotThrow(() -> ParameterValidator.validateOperationName("operation$name"));
+    }
+
+    @Test
+    void validateOperationName_withUnicodeCharacters_shouldThrow() {
+        var exception1 =
+                assertThrows(IllegalArgumentException.class, () -> ParameterValidator.validateOperationName("操作名称"));
+        assertEquals("Operation name must contain only printable ASCII characters, got: 操作名称", exception1.getMessage());
+
+        var exception2 = assertThrows(
+                IllegalArgumentException.class, () -> ParameterValidator.validateOperationName("opération"));
+        assertEquals(
+                "Operation name must contain only printable ASCII characters, got: opération", exception2.getMessage());
+
+        var exception3 = assertThrows(
+                IllegalArgumentException.class, () -> ParameterValidator.validateOperationName("операция"));
+        assertEquals(
+                "Operation name must contain only printable ASCII characters, got: операция", exception3.getMessage());
+    }
+
+    @Test
+    void validateOperationName_withWhitespace_shouldPass() {
+        assertDoesNotThrow(() -> ParameterValidator.validateOperationName("operation name"));
+        assertDoesNotThrow(() -> ParameterValidator.validateOperationName(" operation"));
+        assertDoesNotThrow(() -> ParameterValidator.validateOperationName("operation "));
+    }
+
+    @Test
+    void validateOperationName_withControlCharacters_shouldThrow() {
+        var exception1 = assertThrows(
+                IllegalArgumentException.class, () -> ParameterValidator.validateOperationName("operation\nname"));
+        assertEquals(
+                "Operation name must contain only printable ASCII characters, got: operation\nname",
+                exception1.getMessage());
+
+        var exception2 = assertThrows(
+                IllegalArgumentException.class, () -> ParameterValidator.validateOperationName("operation\tname"));
+        assertEquals(
+                "Operation name must contain only printable ASCII characters, got: operation\tname",
+                exception2.getMessage());
+
+        var exception3 = assertThrows(
+                IllegalArgumentException.class, () -> ParameterValidator.validateOperationName("operation\rname"));
+        assertEquals(
+                "Operation name must contain only printable ASCII characters, got: operation\rname",
+                exception3.getMessage());
+    }
+
+    @Test
+    void validateOperationName_withNonPrintableASCII_shouldThrow() {
+        // Test character below printable range (0x1F)
+        var exception1 = assertThrows(
+                IllegalArgumentException.class, () -> ParameterValidator.validateOperationName("test\u001Fname"));
+        assertEquals(
+                "Operation name must contain only printable ASCII characters, got: test\u001Fname",
+                exception1.getMessage());
+
+        // Test character above printable range (0x7F - DEL)
+        var exception2 = assertThrows(
+                IllegalArgumentException.class, () -> ParameterValidator.validateOperationName("test\u007Fname"));
+        assertEquals(
+                "Operation name must contain only printable ASCII characters, got: test\u007Fname",
+                exception2.getMessage());
+    }
+
+    @Test
+    void validateOperationName_withPrintableASCIIBoundaries_shouldPass() {
+        // Test lower boundary (0x20 - space)
+        assertDoesNotThrow(() -> ParameterValidator.validateOperationName(" "));
+
+        // Test upper boundary (0x7E - tilde)
+        assertDoesNotThrow(() -> ParameterValidator.validateOperationName("~"));
+
+        // Test all printable ASCII characters
+        assertDoesNotThrow(() -> ParameterValidator.validateOperationName(
+                "!\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~"));
+    }
+
+    @Test
+    void validateOperationName_withSingleCharacter_shouldPass() {
+        assertDoesNotThrow(() -> ParameterValidator.validateOperationName("a"));
+        assertDoesNotThrow(() -> ParameterValidator.validateOperationName("1"));
+        assertDoesNotThrow(() -> ParameterValidator.validateOperationName("-"));
+    }
 }
