fix(BRE2-804): various polish: name sanitization

Author: patelspratik

pkg/cmd/gpucreate/gpucreate.go

@@ -18,6 +18,7 @@ import (
 	"github.com/brevdev/brev-cli/pkg/entity"
 	breverrors "github.com/brevdev/brev-cli/pkg/errors"
 	"github.com/brevdev/brev-cli/pkg/featureflag"
+	"github.com/brevdev/brev-cli/pkg/names"
 	"github.com/brevdev/brev-cli/pkg/store"
 	"github.com/brevdev/brev-cli/pkg/terminal"
 	"github.com/spf13/cobra"
@@ -194,8 +195,8 @@ func NewCmdGPUCreate(t *terminal.Terminal, gpuCreateStore GPUCreateStore) *cobra
 				}
 			}
 
-			if name == "" {
-				return breverrors.NewValidationError("name is required (as argument or --name flag)")
+			if err := names.ValidateNodeName(name); err != nil {
+				return err
 			}
 
 			if count < 1 {

pkg/cmd/register/register.go

@@ -18,6 +18,7 @@ import (
 	"github.com/brevdev/brev-cli/pkg/entity"
 	breverrors "github.com/brevdev/brev-cli/pkg/errors"
 	"github.com/brevdev/brev-cli/pkg/externalnode"
+	"github.com/brevdev/brev-cli/pkg/names"
 	"github.com/brevdev/brev-cli/pkg/terminal"
 
 	"github.com/spf13/cobra"
@@ -120,8 +121,8 @@ func runRegister(ctx context.Context, t *terminal.Terminal, s RegisterStore, nam
 		return checkExistingRegistration(ctx, t, s, name, deps)
 	}
 
-	if name == "" {
-		return fmt.Errorf("please provide a name for this device\n\nUsage: brev register <name>\nExample: brev register \"my-DGX-Spark\"")
+	if err := names.ValidateNodeName(name); err != nil {
+		return err
 	}
 
 	brevUser, err := s.GetCurrentUser()

pkg/cmd/register/register_test.go

@@ -144,7 +144,7 @@ func Test_runRegister_HappyPath(t *testing.T) {
 			if req.GetOrganizationId() != "org_123" {
 				t.Errorf("unexpected org: %s", req.GetOrganizationId())
 			}
-			if req.GetName() != "My Spark" {
+			if req.GetName() != "my-spark" {
 				t.Errorf("unexpected name: %s", req.GetName())
 			}
 			return &nodev1.AddNodeResponse{
@@ -172,7 +172,7 @@ func Test_runRegister_HappyPath(t *testing.T) {
 	defer ClearTestSSHPort()
 
 	term := terminal.New()
-	err := runRegister(context.Background(), term, store, "My Spark", deps)
+	err := runRegister(context.Background(), term, store, "my-spark", deps)
 	if err != nil {
 		t.Fatalf("runRegister failed: %v", err)
 	}
@@ -193,8 +193,8 @@ func Test_runRegister_HappyPath(t *testing.T) {
 	if reg.ExternalNodeID != "unode_abc" {
 		t.Errorf("expected ExternalNodeID unode_abc, got %s", reg.ExternalNodeID)
 	}
-	if reg.DisplayName != "My Spark" {
-		t.Errorf("expected display name 'My Spark', got %s", reg.DisplayName)
+	if reg.DisplayName != "my-spark" {
+		t.Errorf("expected display name 'my-spark', got %s", reg.DisplayName)
 	}
 	if reg.OrgID != "org_123" {
 		t.Errorf("expected org org_123, got %s", reg.OrgID)
@@ -223,7 +223,7 @@ func Test_runRegister_UserCancels(t *testing.T) {
 	deps.prompter = mockConfirmer{confirm: false}
 
 	term := terminal.New()
-	err := runRegister(context.Background(), term, store, "My Spark", deps)
+	err := runRegister(context.Background(), term, store, "my-spark", deps)
 	if err != nil {
 		t.Fatalf("expected nil error on cancel, got: %v", err)
 	}
@@ -339,7 +339,7 @@ func Test_runRegister_NoOrganization(t *testing.T) {
 	defer server.Close()
 
 	term := terminal.New()
-	err := runRegister(context.Background(), term, store, "My Spark", deps)
+	err := runRegister(context.Background(), term, store, "my-spark", deps)
 	if err == nil {
 		t.Fatal("expected error when no org exists")
 	}
@@ -365,7 +365,7 @@ func Test_runRegister_AddNodeFails(t *testing.T) {
 	defer server.Close()
 
 	term := terminal.New()
-	err := runRegister(context.Background(), term, store, "My Spark", deps)
+	err := runRegister(context.Background(), term, store, "my-spark", deps)
 	if err == nil {
 		t.Fatal("expected error when AddNode fails")
 	}
@@ -415,7 +415,7 @@ func Test_runRegister_NoSetupCommand(t *testing.T) {
 	defer ClearTestSSHPort()
 
 	term := terminal.New()
-	err := runRegister(context.Background(), term, store, "My Spark", deps)
+	err := runRegister(context.Background(), term, store, "my-spark", deps)
 	if err != nil {
 		t.Fatalf("runRegister failed: %v", err)
 	}
@@ -548,7 +548,7 @@ func Test_runRegister_GrantSSH_retries_on_connection_error_then_succeeds(t *test
 	defer ClearTestSSHPort()
 
 	term := terminal.New()
-	err := runRegister(context.Background(), term, store, "My Spark", deps)
+	err := runRegister(context.Background(), term, store, "my-spark", deps)
 	if err != nil {
 		t.Fatalf("runRegister failed: %v", err)
 	}
@@ -597,7 +597,7 @@ func Test_runRegister_GrantSSH_no_retry_on_permanent_error(t *testing.T) {
 	defer ClearTestSSHPort()
 
 	term := terminal.New()
-	err := runRegister(context.Background(), term, store, "My Spark", deps)
+	err := runRegister(context.Background(), term, store, "my-spark", deps)
 	if err != nil {
 		t.Fatalf("runRegister should not fail the overall flow when SSH grant fails: %v", err)
 	}
@@ -607,6 +607,73 @@ func Test_runRegister_GrantSSH_no_retry_on_permanent_error(t *testing.T) {
 	}
 }
 
+func Test_runRegister_NameValidation(t *testing.T) {
+	tests := []struct {
+		name      string
+		input     string
+		wantErr   bool
+		errSubstr string
+	}{
+		{"Valid", "my-dgx-spark", false, ""},
+		{"WithDots", "node.local.1", false, ""},
+		{"WithUnderscore", "my_node", false, ""},
+		{"Spaces", "My Spark", true, "letters, digits"},
+		{"ShellInjection", "$(whoami)", true, "letters, digits"},
+		{"PathTraversal", "../etc/passwd", true, "letters, digits"},
+		{"Backticks", "`rm -rf`", true, "letters, digits"},
+		{"Semicolon", "a;rm -rf /", true, "letters, digits"},
+		{"LeadingHyphen", "-node", true, "start with"},
+		{"LeadingDot", ".hidden", true, "start with"},
+		{"TooLong", strings.Repeat("a", 64), true, "63 characters"},
+		{"Empty", "", true, "name is required"},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			regStore := &mockRegistrationStore{}
+			store := &mockRegisterStore{
+				user:  &entity.User{ID: "user_1"},
+				org:   &entity.Organization{ID: "org_123", Name: "TestOrg"},
+				token: "tok",
+			}
+
+			svc := &fakeNodeService{
+				addNodeFn: func(req *nodev1.AddNodeRequest) (*nodev1.AddNodeResponse, error) {
+					return &nodev1.AddNodeResponse{
+						ExternalNode: &nodev1.ExternalNode{
+							ExternalNodeId: "unode_abc",
+							OrganizationId: "org_123",
+							Name:           req.GetName(),
+							DeviceId:       req.GetDeviceId(),
+						},
+					}, nil
+				},
+			}
+
+			deps, server := testRegisterDeps(t, svc, regStore)
+			defer server.Close()
+
+			SetTestSSHPort(22)
+			defer ClearTestSSHPort()
+
+			term := terminal.New()
+			err := runRegister(context.Background(), term, store, tt.input, deps)
+			if tt.wantErr {
+				if err == nil {
+					t.Fatal("expected error, got nil")
+				}
+				if !strings.Contains(err.Error(), tt.errSubstr) {
+					t.Errorf("expected error containing %q, got: %v", tt.errSubstr, err)
+				}
+			} else {
+				if err != nil {
+					t.Errorf("unexpected error: %v", err)
+				}
+			}
+		})
+	}
+}
+
 func Test_runRegister_NoNameNotRegistered(t *testing.T) {
 	regStore := &mockRegistrationStore{}
 
@@ -625,8 +692,8 @@ func Test_runRegister_NoNameNotRegistered(t *testing.T) {
 	if err == nil {
 		t.Fatal("expected error when no name provided and not registered")
 	}
-	if !strings.Contains(err.Error(), "please provide a name") {
-		t.Errorf("expected 'please provide a name' error, got: %v", err)
+	if !strings.Contains(err.Error(), "name is required") {
+		t.Errorf("expected 'name is required' error, got: %v", err)
 	}
 }
 

pkg/names/validate.go

@@ -0,0 +1,27 @@
+package names
+
+import (
+	"fmt"
+	"regexp"
+
+	breverrors "github.com/brevdev/brev-cli/pkg/errors"
+)
+
+var validNameRe = regexp.MustCompile(`^[a-zA-Z0-9][a-zA-Z0-9._-]*$`)
+
+const maxNameLen = 63
+
+func ValidateNodeName(name string) error {
+	if name == "" {
+		return breverrors.NewValidationError("name is required")
+	}
+	if len(name) > maxNameLen {
+		return breverrors.NewValidationError(
+			fmt.Sprintf("name must be %d characters or fewer (got %d)", maxNameLen, len(name)))
+	}
+	if !validNameRe.MatchString(name) {
+		return breverrors.NewValidationError(
+			"name must start with a letter or digit and contain only letters, digits, hyphens, underscores, and dots")
+	}
+	return nil
+}

pkg/names/validate_test.go

@@ -0,0 +1,50 @@
+package names
+
+import (
+	"strings"
+	"testing"
+)
+
+func TestValidateNodeName(t *testing.T) {
+	tests := []struct {
+		name      string
+		input     string
+		wantErr   bool
+		errSubstr string
+	}{
+		{"Valid", "my-dgx-spark", false, ""},
+		{"WithDots", "node.local.1", false, ""},
+		{"WithUnderscore", "my_node", false, ""},
+		{"SingleChar", "a", false, ""},
+		{"MaxLength", strings.Repeat("a", 63), false, ""},
+		{"Spaces", "My Spark", true, "letters, digits"},
+		{"ShellInjection", "$(whoami)", true, "letters, digits"},
+		{"PathTraversal", "../etc/passwd", true, "letters, digits"},
+		{"Backticks", "`rm -rf`", true, "letters, digits"},
+		{"Semicolon", "a;rm -rf /", true, "letters, digits"},
+		{"Pipe", "a|cat", true, "letters, digits"},
+		{"Ampersand", "a&bg", true, "letters, digits"},
+		{"LeadingHyphen", "-node", true, "start with"},
+		{"LeadingDot", ".hidden", true, "start with"},
+		{"TooLong", strings.Repeat("a", 64), true, "63 characters"},
+		{"Empty", "", true, "name is required"},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			err := ValidateNodeName(tt.input)
+			if tt.wantErr {
+				if err == nil {
+					t.Fatal("expected error, got nil")
+				}
+				if !strings.Contains(err.Error(), tt.errSubstr) {
+					t.Errorf("expected error containing %q, got: %v", tt.errSubstr, err)
+				}
+			} else {
+				if err != nil {
+					t.Errorf("unexpected error: %v", err)
+				}
+			}
+		})
+	}
+}