fix: constrain key description length and format

integrated-reasoning · Sep 24, 2024 · 1f955b7 · 1f955b7
1 parent 4e39fe2
commit 1f955b7
Showing 1 changed file with 4 additions and 0 deletions.
diff --git a/extension/keyhippo--0.0.40.sql b/extension/keyhippo--0.0.40.sql
@@ -842,6 +842,10 @@ BEGIN
     IF auth.uid () IS NULL OR auth.uid () != id_of_user::uuid THEN
         RAISE EXCEPTION '[KeyHippo] Unauthorized: Invalid user ID';
     END IF;
+    -- Validate key description length and format
+    IF LENGTH(key_description) > 255 OR key_description !~ '^[a-zA-Z0-9_ ]*$' THEN
+        RAISE EXCEPTION '[KeyHippo] Invalid key description';
+    END IF;
     -- Ensure the user exists in the user_ids table
     INSERT INTO keyhippo.user_ids (id)
         VALUES (id_of_user::uuid)