fix: validate sketch name

Author: Luca Bianconi

Diff for: commands/sketch/new.go

@@ -18,6 +18,7 @@ package sketch
 import (
 	"context"
 	"errors"
+	"regexp"
 
 	"github.com/arduino/arduino-cli/arduino"
 	"github.com/arduino/arduino-cli/arduino/globals"
@@ -34,6 +35,9 @@ void loop() {
 }
 `)
 
+var sketchNameValidationRegex = regexp.MustCompile(`^([A-Za-z\d]+[_.-]*)+$`)
+var sketchNameMaxLength = 63
+
 // NewSketch creates a new sketch via gRPC
 func NewSketch(ctx context.Context, req *rpc.NewSketchRequest) (*rpc.NewSketchResponse, error) {
 	var sketchesDir string
@@ -42,6 +46,19 @@ func NewSketch(ctx context.Context, req *rpc.NewSketchRequest) (*rpc.NewSketchRe
 	} else {
 		sketchesDir = configuration.Settings.GetString("directories.User")
 	}
+
+	if len(req.SketchName) > sketchNameMaxLength {
+		return nil, &arduino.CantCreateSketchError{Cause: errors.New(tr("sketch name too long (%d characters). Maximum allowed length is %d",
+			len(req.SketchName),
+			sketchNameMaxLength))}
+	}
+
+	if !sketchNameValidationRegex.MatchString(req.SketchName) {
+		return nil, &arduino.CantCreateSketchError{Cause: errors.New(tr("invalid sketch name \"%s\". Required pattern %s",
+			req.SketchName,
+			sketchNameValidationRegex.String()))}
+	}
+
 	sketchDirPath := paths.New(sketchesDir).Join(req.SketchName)
 	if err := sketchDirPath.MkdirAll(); err != nil {
 		return nil, &arduino.CantCreateSketchError{Cause: err}

Diff for: commands/sketch/new_test.go

@@ -0,0 +1,71 @@
+package sketch
+
+import (
+	"context"
+	"testing"
+
+	"github.com/arduino/arduino-cli/rpc/cc/arduino/cli/commands/v1"
+	"github.com/stretchr/testify/require"
+)
+
+func Test_SketchNameWrongPattern(t *testing.T) {
+	invalidNames := []string{
+		"&",
+		"",
+		".hello",
+		"_hello",
+		"-hello",
+		"hello*",
+		"||||||||||||||",
+		",`hack[}attempt{];",
+	}
+	for _, name := range invalidNames {
+		_, err := NewSketch(context.Background(), &commands.NewSketchRequest{
+			SketchName: name,
+			SketchDir:  t.TempDir(),
+		})
+		require.NotNil(t, err)
+
+		require.Error(t, err, `Can't create sketch: invalid sketch name "%s". Required pattern %s`,
+			name,
+			sketchNameValidationRegex)
+	}
+}
+
+func Test_SketchNameTooLong(t *testing.T) {
+	tooLongName := make([]byte, sketchNameMaxLength+1)
+	for i := range tooLongName {
+		tooLongName[i] = 'a'
+	}
+	_, err := NewSketch(context.Background(), &commands.NewSketchRequest{
+		SketchName: string(tooLongName),
+		SketchDir:  t.TempDir(),
+	})
+	require.NotNil(t, err)
+
+	require.Error(t, err, `Can't create sketch: sketch name too long (%d characters). Maximum allowed length is %d`,
+		len(tooLongName),
+		sketchNameMaxLength)
+}
+
+func Test_SketchNameOk(t *testing.T) {
+	lengthLimitName := make([]byte, sketchNameMaxLength)
+	for i := range lengthLimitName {
+		lengthLimitName[i] = 'a'
+	}
+	validNames := []string{
+		"h",
+		"h.ello",
+		"h..ello-world",
+		"h..ello-world.",
+		"hello_world__",
+		string(lengthLimitName),
+	}
+	for _, name := range validNames {
+		_, err := NewSketch(context.Background(), &commands.NewSketchRequest{
+			SketchName: name,
+			SketchDir:  t.TempDir(),
+		})
+		require.Nil(t, err)
+	}
+}