From 0c6c3afb71167fdb254c6f8ffa7cb626410905c0 Mon Sep 17 00:00:00 2001
From: MDeLuise <66636702+MDeLuise@users.noreply.github.com>
Date: Wed, 7 Jun 2023 17:06:01 +0200
Subject: [PATCH] fix(console): permit valid URL to be use in the device
 packages tab.

- Some valid URL was considered illegal in the device packages tab.
- Add the URL validation check even on the backend side
---
 .../api/client/util/validator/TextFieldValidator.java     | 3 +--
 .../internal/DevicePackageManagementServiceImpl.java      | 8 ++++++++
 2 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/console/module/api/src/main/java/org/eclipse/kapua/app/console/module/api/client/util/validator/TextFieldValidator.java b/console/module/api/src/main/java/org/eclipse/kapua/app/console/module/api/client/util/validator/TextFieldValidator.java
index 7c9c7cbd755..c1a6894ead1 100644
--- a/console/module/api/src/main/java/org/eclipse/kapua/app/console/module/api/client/util/validator/TextFieldValidator.java
+++ b/console/module/api/src/main/java/org/eclipse/kapua/app/console/module/api/client/util/validator/TextFieldValidator.java
@@ -16,7 +16,6 @@
 import com.extjs.gxt.ui.client.widget.form.TextField;
 import com.extjs.gxt.ui.client.widget.form.Validator;
 import com.google.gwt.core.client.GWT;
-
 import org.eclipse.kapua.app.console.module.api.client.messages.ValidationMessages;
 
 import java.util.MissingResourceException;
@@ -70,7 +69,7 @@ public enum FieldType {
         ALPHANUMERIC("alphanumeric", "^[a-zA-Z0-9_]+$"),
         NUMERIC("numeric", "^[+0-9.]+$"),
         PACKAGE_VERSION("package_version", "^[a-zA-Z0-9.\\-\\_]*$"),
-        URL("url", "(http(s)?:\\/\\/.)?(www\\.)?[-a-zA-Z0-9@:%._\\+~#=]{2,256}\\.[a-z]{2,6}\\b([-a-zA-Z0-9@:%_\\+.~#?&//=]*)");
+        URL("url", "^(https?:\\/\\/)?(www\\.)?[-a-zA-Z0-9@:%._\\+~#=//]{1,256}\\.[a-zA-Z0-9()//]{2,6}\\b(?:[-a-zA-Z0-9()@:%_\\+.~#?&\\/=]*)$");
 
         private String name;
         private String regex;
diff --git a/service/device/management/packages/internal/src/main/java/org/eclipse/kapua/service/device/management/packages/internal/DevicePackageManagementServiceImpl.java b/service/device/management/packages/internal/src/main/java/org/eclipse/kapua/service/device/management/packages/internal/DevicePackageManagementServiceImpl.java
index e4f7bc0f845..bfecbe64b43 100644
--- a/service/device/management/packages/internal/src/main/java/org/eclipse/kapua/service/device/management/packages/internal/DevicePackageManagementServiceImpl.java
+++ b/service/device/management/packages/internal/src/main/java/org/eclipse/kapua/service/device/management/packages/internal/DevicePackageManagementServiceImpl.java
@@ -14,6 +14,7 @@
 
 import com.google.common.base.MoreObjects;
 import org.eclipse.kapua.KapuaException;
+import org.eclipse.kapua.KapuaIllegalArgumentException;
 import org.eclipse.kapua.commons.model.id.IdGenerator;
 import org.eclipse.kapua.commons.model.id.KapuaEid;
 import org.eclipse.kapua.commons.util.ArgumentValidator;
@@ -50,6 +51,7 @@
 import org.eclipse.kapua.service.device.management.packages.model.uninstall.DevicePackageUninstallRequest;
 
 import javax.inject.Singleton;
+import java.net.MalformedURLException;
 import java.util.Date;
 
 /**
@@ -143,6 +145,12 @@ public KapuaId downloadExec(KapuaId scopeId, KapuaId deviceId, DevicePackageDown
         // Check Access
         AUTHORIZATION_SERVICE.checkPermission(PERMISSION_FACTORY.newPermission(DeviceManagementDomains.DEVICE_MANAGEMENT_DOMAIN, Actions.write, scopeId));
 
+        try {
+            packageDownloadRequest.getUri().toURL();
+        } catch (MalformedURLException | IllegalArgumentException ignored) {
+            throw new KapuaIllegalArgumentException("packageDownloadRequest.uri", packageDownloadRequest.getUri().toString());
+        }
+
         //
         // Generate requestId
         KapuaId operationId = new KapuaEid(IdGenerator.generate());