Fix/entity name validation v2#27886
Conversation
|
Hi there 👋 Thanks for your contribution! The OpenMetadata team will review the PR shortly! Once it has been labeled as Let us know if you need any help! |
|
Hi there 👋 Thanks for your contribution! The OpenMetadata team will review the PR shortly! Once it has been labeled as Let us know if you need any help! |
|
Hi @aniketkatkar97, Created this new PR to replace #27521, the previous one had unintended files from a Updates since last review:
Could a maintainer add the Thanks! |
|
The Java checkstyle failed. Please run You can install the pre-commit hooks with |
Code Review 👍 Approved with suggestions 1 resolved / 2 findingsTightens entity and column name validation regex to reject reserved FQN characters and control codes, resolving the missing pipe character test coverage. Consider whether silently skipping empty extension values in CSV imports might mask user configuration errors. 💡 Edge Case: Silently skipping empty extension values may hide user errors📄 openmetadata-service/src/main/java/org/openmetadata/csv/EntityCsv.java:613-615 The change at line 613-615 converts an empty extension value from an error (previously reported via Fix✅ 1 resolved✅ Quality: Missing test coverage for pipe
|
| Compact |
|
Was this helpful? React with 👍 / 👎 | Gitar
|
Hi maintainers, I updated the branch and I see number of CI checks has been reduced now. One workflow still appears to be awaiting maintainer approval. Could someone please approve/rerun it? Also, Copilot is already listed as a reviewer, but I don’t have an option to re-request a fresh review from my account. If a fresh Copilot review is required, could someone please re-request it? |
|
Could you help validate two things in the current validation change?
|
Thanks for pointing these out. I updated both areas in latest commit 783df67:
I added focused tests for the |
|
❌ PR checklist incompleteThis PR cannot be merged until the following are addressed on its linked issue:
The fields live on the linked issue in the Shipping project (open the issue → right sidebar → Projects). After you set them, re-run this check (or push a commit) — issue/project changes do not re-trigger it automatically. Maintainers can bypass this check by adding the |
|
Hi team, I updated PR #27886 against I inspected the CI logs for the remaining 28 failing checks, but they do not seem related to my code changes. It looks like an environment mismatch or an unrelated issue. Can a maintainer please confirm this? Do I need to add any other tests for python files, or can these checks be skipped to merge this PR? Also, please link issue #23268 to the 'Shipping' project board to clear the checklist block. Thanks! @ayush-shah @aniketkatkar97 @ShaileshParmar11 @PubChimps @pmbrull @chirag-madlani @harshach |
|
Hey @jaya6400, can you please sync your branch with the latest main of Openmetadata? I see the your forked repo's main is behind by a week. |
Thanks @aniketkatkar97 , for pointing it out. I have synced my forked |
…ty name validation regex
…names Fixes open-metadata#23268 Updated regex patterns in JSON schema definitions to block reserved FQN separator characters (::, >, ") and newlines in entity names. Files changed: - openmetadata-spec/.../type/basic.json: entityName, testCaseEntityName - openmetadata-spec/.../entity/data/table.json: columnName
Updated pattern to use \x00-\x1f range to block all control characters including \r, \n, \t, \0 in addition to reserved FQN characters. This also restores the \r restriction that was present in the original dot metacharacter but lost in the character class rewrite.
…hema fields and UI - Added < and | to blocked characters (consistent with entityLink pattern) - Updated searchIndexFieldName pattern in searchIndex.json - Added pattern validation to tableConstraint columns and partitionColumnDetails in table.json - Updated UI ENTITY_NAME_REGEX to match backend validation - Added unit tests for new blocked characters in regex.constants.test.ts Addresses review feedback on open-metadata#27521
Addresses inconsistency flagged in code review - columnName definition was missing < and | from blocked characters unlike other patterns.
…e in ENTITY_NAME_REGEX
…erved characters Added Java integration tests to verify that entity names containing reserved FQN characters (::, >, <, ", |) and control characters are rejected by the backend validation. Files changed: - TableResourceIT.java: added column name validation tests - TopicResourceIT.java: added schema field name validation tests - PipelineResourceIT.java: added task name validation tests - SearchIndexResourceIT.java: added search index field name validation tests - TestSuiteBootstrap.java: updated bootstrap for test suite - pipeline.json: updated pattern for task names - schema.json: updated pattern for schema field names
…less formatting - Added minLength: 1 to pipeline task name to prevent empty strings - Applied mvn spotless:apply formatting fixes
…ttern - TEST_CASE_NAME_REGEX still used the old lookahead-only pattern and did not block `|` or ASCII control characters, unlike ENTITY_NAME_REGEX and the tightened testCaseEntityName pattern in basic.json. This allowed names like `my|testcase` to pass client-side validation on the data quality test case form, then fail with a 400 from the backend. - Reuses ENTITY_NAME_REGEX directly to prevent future drift between the two constants.
…tors for entity names
Code Review 👍 Approved with suggestions 1 resolved / 2 findingsTightens entity and column name validation regex to reject reserved FQN characters and control codes, resolving the missing pipe character test coverage. Consider whether silently skipping empty extension values in CSV imports might mask user configuration errors. 💡 Edge Case: Silently skipping empty extension values may hide user errors📄 openmetadata-service/src/main/java/org/openmetadata/csv/EntityCsv.java:613-615 The change at line 613-615 converts an empty extension value from an error (previously reported via Fix✅ 1 resolved✅ Quality: Missing test coverage for pipe
|
| Compact |
|
Was this helpful? React with 👍 / 👎 | Gitar
|




Describe your changes:
Fixes #23268
I updated the regex patterns in JSON schema definitions to block reserved
FQN separator characters (
::,>,") and newlines (\n) from beingused in entity and column names.
The backend was accepting entity names with special characters like double
quotes and newlines, which caused issues in FQN construction since these
are reserved separator characters in OpenMetadata's FQN system.
Changes made:
openmetadata-spec/src/main/resources/json/schema/type/basic.json— updated pattern forentityNameandtestCaseEntityNameopenmetadata-spec/src/main/resources/json/schema/entity/data/table.json— updated pattern forcolumnNamePattern changed from
^((?!::).)*$to^((?!::)[^><\"|\\x00-\\x1f])*$Unit Test: #27521 (comment)
Type of change:
Checklist:
Fixes #23268: <short explanation>Summary by Gitar
TEST_CASE_NAME_REGEXinregex.constants.tsto aliasENTITY_NAME_REGEX, ensuring frontend validation for test case names strictly matches backend requirements.shouldValidateUserNameWithEmailPrefixto improve resilience, ensuring proper error reporting when name pattern or email format validations fail.UTCand fixed project root discovery inTestSuiteBootstrap.javato resolve cross-platform CI issues.PipelineValidation.spec.tsandPipelineResourceIT.java.timeoutinPipelineClass.tsandPipelineServiceClass.tsto stabilize integration tests.This will update automatically on new commits.
------|----------|
| openmetadata-spec/src/main/resources/json/schema/type/basic.json | Updated entityName and testCaseEntityName patterns to block >, <, ", |, and ASCII control characters in addition to the existing :: exclusion |
| openmetadata-spec/src/main/resources/json/schema/entity/data/table.json | Added new stricter pattern to columnName, tableConstraints.columns.items, and partitionColumnDetails.columnName; constraint/partition column fields now have a pattern but no minLength, matching pre-existing inline behaviour |
| openmetadata-service/src/main/java/org/openmetadata/csv/EntityCsv.java | Refactored shouldValidateUserNameWithEmailPrefix into a dedicated method using startsWith instead of a hard-coded pattern string, making it resilient to future pattern changes |
| openmetadata-ui/src/main/resources/ui/src/constants/regex.constants.ts | Updated ENTITY_NAME_REGEX to block | and control chars; TEST_CASE_NAME_REGEX was NOT updated despite the corresponding backend testCaseEntityName receiving the same stricter pattern, leaving a frontend-backend mismatch for test case names |
| openmetadata-integration-tests/src/test/java/org/openmetadata/it/bootstrap/TestSuiteBootstrap.java | Sets JVM timezone to UTC at bootstrap, and uses Paths.get() for safer cross-platform project root resolution |
Flowchart
%%{init: {'theme': 'neutral'}}%% flowchart TD A[Entity or Column Name Input] --> B{Passes new pattern?} B -->|blocked chars absent| C[Pass validation] B -->|contains :: > < pipe quote or ctrl char| D[Reject with 400] C --> E{User entity via CSV import?} E -->|Yes| F{shouldValidateUserNameWithEmailPrefix} F -->|No name or email violation present| G[Run email-prefix check] F -->|Name pattern or email violation exists| H[Skip email-prefix check] G --> I{Email prefix valid?} I -->|Yes| J[Import success] I -->|No| K[Import failure] H --> K E -->|No| J subgraph Schemas updated S1[basic.json entityName and testCaseEntityName] S2[table.json columnName constraint and partition cols] S3[pipeline.json task name] S4[searchIndex.json field name] S5[schema.json topic field name] end%%{init: {'theme': 'base', 'themeVariables': {"darkMode": true, "background": "#0d1117", "primaryColor": "#21262d", "primaryTextColor": "#e6edf3", "primaryBorderColor": "#8b949e", "lineColor": "#8b949e", "textColor": "#e6edf3", "edgeLabelBackground": "#161b22", "actorBkg": "#21262d", "actorBorder": "#8b949e", "actorTextColor": "#e6edf3", "actorLineColor": "#8b949e", "signalColor": "#8b949e", "signalTextColor": "#e6edf3", "noteBkgColor": "#373320", "noteBorderColor": "#d4a72c", "noteTextColor": "#f0e6c0", "labelBoxBkgColor": "#21262d", "labelBoxBorderColor": "#8b949e", "labelTextColor": "#e6edf3", "loopTextColor": "#e6edf3", "activationBkgColor": "#30363d", "activationBorderColor": "#8b949e"}}}%% flowchart TD A[Entity or Column Name Input] --> B{Passes new pattern?} B -->|blocked chars absent| C[Pass validation] B -->|contains :: > < pipe quote or ctrl char| D[Reject with 400] C --> E{User entity via CSV import?} E -->|Yes| F{shouldValidateUserNameWithEmailPrefix} F -->|No name or email violation present| G[Run email-prefix check] F -->|Name pattern or email violation exists| H[Skip email-prefix check] G --> I{Email prefix valid?} I -->|Yes| J[Import success] I -->|No| K[Import failure] H --> K E -->|No| J subgraph Schemas updated S1[basic.json entityName and testCaseEntityName] S2[table.json columnName constraint and partition cols] S3[pipeline.json task name] S4[searchIndex.json field name] S5[schema.json topic field name] endComments Outside Diff (1)
openmetadata-ui/src/main/resources/ui/src/constants/regex.constants.ts, line 51 (link)TEST_CASE_NAME_REGEXnot updated to match new backend patternENTITY_NAME_REGEXwas updated to block|and ASCII control characters, and the backendtestCaseEntityNameschema received the same tightening. However,TEST_CASE_NAME_REGEXstill uses the old lookahead-only form/^((?!::)(?!")(?!>).)*$/— it does not exclude|or control characters (other than\n). A user submittingmy|testcasein the data quality test case form will pass frontend validation (line 410 inTestCaseFormV1.tsx) but receive a 400 from the backend, creating a confusing silent failure.The constant should be updated to:
/^((?!::)[^><"|\u0000-\u001f])*$/Reviews (1): Last reviewed commit: "fix: address pipeline validation review ..." | Re-trigger Greptile
Greptile Summary
This PR tightens entity-name validation across the backend, frontend, and generated ingestion models. The main changes are:
Confidence Score: 5/5
This looks safe to merge.
Important Files Changed
Comments Outside Diff (1)
openmetadata-ui/src/main/resources/ui/src/constants/regex.constants.ts, line 51 (link)TEST_CASE_NAME_REGEXnot updated to match new backend patternENTITY_NAME_REGEXwas updated to block|and ASCII control characters, and the backendtestCaseEntityNameschema received the same tightening. However,TEST_CASE_NAME_REGEXstill uses the old lookahead-only form/^((?!::)(?!")(?!>).)*$/— it does not exclude|or control characters (other than\n). A user submittingmy|testcasein the data quality test case form will pass frontend validation (line 410 inTestCaseFormV1.tsx) but receive a 400 from the backend, creating a confusing silent failure.The constant should be updated to:
/^((?!::)[^><"|\u0000-\u001f])*$/Reviews (16): Last reviewed commit: "fix: correct quote escaping in validator..." | Re-trigger Greptile
Context used (3)