-
Notifications
You must be signed in to change notification settings - Fork 40.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Tighten rules around profile naming #43176
base: main
Are you sure you want to change the base?
Tighten rules around profile naming #43176
Conversation
@@ -163,6 +165,21 @@ private Set<StandardConfigDataReference> getProfileSpecificReferences(ConfigData | |||
return references; | |||
} | |||
|
|||
private void validateProfiles(Profiles profiles) { | |||
Pattern validProfilePattern = Pattern.compile("^[a-zA-Z0-9_\\-]+$"); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This can be simplified to Pattern validProfilePattern = Pattern.compile("^[\\w-]+$");
.
Hello! First of all, thank you for the PR! This currently breaks:
I think we can remove It also breaks:
|
Flagging this for team meeting as I want to talk about if the positive list is a good approach. Right now, it's very "western centric" by allowing only A-Z and digits. I wonder if we should approach it like this: private void validateProfiles(Profiles profiles) {
for (String profile : profiles) {
validateProfile(profile);
}
}
private void validateProfile(String profile) {
Assert.notNull(profile, "Profile must not be null");
Assert.hasText(profile, "Profile must not be empty");
Assert.state(!profile.startsWith("-") && !profile.startsWith("_"),
() -> String.format("Invalid profile '%s': must not start with '-' or '_'", profile));
Assert.state(!profile.endsWith("-") && !profile.endsWith("_"),
() -> String.format("Invalid profile '%s': must not end with '-' or '_'", profile));
profile.codePoints().forEach((codePoint) -> {
if (codePoint == '-' || codePoint == '_' || Character.isLetterOrDigit(codePoint)) {
return;
}
throw new IllegalStateException(String.format("Invalid profile '%s': must contain only letters or digits or '-' or '_'", profile));
});
} This would also block |
…tAndProfilesActive
I incorporated the feedback provided. @mhalbritter
|
...rc/main/java/org/springframework/boot/context/config/StandardConfigDataLocationResolver.java
Outdated
Show resolved
Hide resolved
To test empty string and Is there a better way to handle this testing? I've included example tests in a demo branch (f4ed4d1). |
I added the
validateProfiles()
method to enforce stricter rules for Spring profile names.Currently, only alphanumeric characters, hyphens (
-
), and underscores (_
) are allowed. Please let me know if additional characters should be permitted - I'll update accordingly.I've verified validation works in
application.properties
and@ActiveProfiles
.While
@Profile
doesn't perform validation, this seems acceptable since invalid profiles will fail during activation. Perhaps we could explore adding warnings as a potential enhancement in the future.Note: this change may break applications using non-conforming profile names.
Fixes gh-34062