From 18b87d976ee28ab578daf4a4aa17c99c95a39a27 Mon Sep 17 00:00:00 2001
From: Sumukh Swamy <sumukhhs@amazon.com>
Date: Tue, 22 Oct 2024 16:12:20 -0700
Subject: [PATCH] [Bug] changed path for error handling for apis (#459)

* [Bug] changed path for error handling for apis

Signed-off-by: sumukhswamy <sumukhhs@amazon.com>

* added input validation for pipeline and index

Signed-off-by: sumukhswamy <sumukhhs@amazon.com>

---------

Signed-off-by: sumukhswamy <sumukhhs@amazon.com>
---
 server/routes/dsl_route.ts | 25 ++++++++++++++++++++++++-
 1 file changed, 24 insertions(+), 1 deletion(-)

diff --git a/server/routes/dsl_route.ts b/server/routes/dsl_route.ts
index c44c066..fae0a88 100644
--- a/server/routes/dsl_route.ts
+++ b/server/routes/dsl_route.ts
@@ -49,6 +49,19 @@ export function registerDslRoute(router: IRouter,  openSearchServiceSetup: OpenS
         const start = performance.now();
         try {
           let resp;
+          const invalidCharactersPattern = /[\s,:\"*+\/\\|?#><]/;
+          if (index !== index.toLowerCase() || index.startsWith('_') || index.startsWith('-') || invalidCharactersPattern.test(index)) {
+            resBody.errorMessage1 = {
+              statusCode: 400,
+              body: 'Invalid Index or missing',
+            };
+          }
+          if (pipeline !== '*' && pipeline !== '_none'  && pipeline !== '' && !(/^[a-zA-Z0-9_\-*]+(,[a-zA-Z0-9_\-*]+)*$/.test(pipeline))){
+            resBody.errorMessage1 = {
+              statusCode: 400,
+              body: 'Invalid Pipepline',
+            }; 
+          }
           if(dataSourceEnabled && dataSourceId1){
             const client = context.dataSource.opensearch.legacy.getClient(dataSourceId1);
             resp = await client.callAPI('search', params);
@@ -107,6 +120,16 @@ export function registerDslRoute(router: IRouter,  openSearchServiceSetup: OpenS
         const start = performance.now();
         try {
           let resp;
+          const invalidCharactersPattern = /[\s,:\"*+\/\\|?#><]/;
+          if (index !== index.toLowerCase() || index.startsWith('_') || index.startsWith('-') || invalidCharactersPattern.test(index)) {
+            throw new Error("Index invalid or missing.");
+          }
+          if (pipeline !== '*' && pipeline !== '_none'  && pipeline !== '' && !(/^[a-zA-Z0-9_\-*]+(,[a-zA-Z0-9_\-*]+)*$/.test(pipeline))){
+            resBody.errorMessage1 = {
+              statusCode: 400,
+              body: 'Invalid Pipepline',
+            }; 
+          }
           if(dataSourceEnabled && dataSourceId2){
             const client = context.dataSource.opensearch.legacy.getClient(dataSourceId2);
             resp = await client.callAPI('search', params);
@@ -195,7 +218,7 @@ export function registerDslRoute(router: IRouter,  openSearchServiceSetup: OpenS
         );
         if (error.statusCode !== 404) console.error(error);
         return response.custom({
-          statusCode: error.statusCode || 500,
+          statusCode: error.statusCode || 400,
           body: error.message,
         });
       }