Error using release query param (again)

Question

Error using release query param (again)

freemanjp opened this issue 6 years ago · 0 comments

Before I get to the bug, I'd like to express my thanks to all involved for your efforts to make it easier to download OpenJDK.

This bug appears to be identical to #93 (which was fixed earlier). This time the bug appears to be caused by #98.

The validation regex was changed in the same way as #92 that caused the previous bug (i.e. adding ^ and $ to require a full rather than a partial match).

This breaks any release that doesn't match ^[a-zA-Z0-9-]+$ such as jdk-11+28, you can try for yourself with:

curl --verbose 'https://api.adoptopenjdk.net/v2/info/releases/openjdk11?openjdk_impl=hotspot&os=linux&arch=x64&release=jdk-11%2B28&type=jdk&heap_size=normal'

You'll get a 400 error with the body "Unknown release format".

You can find the releases that don't match the regex by running the following in bash:

for i in 8 9 10 11; \
  do (curl --silent "https://api.adoptopenjdk.net/v2/info/releases/openjdk$i" \
  | jq --raw-output '.[].release_name'); done \
  | grep --perl-regexp --invert-match '^[a-zA-Z0-9-]+$'

Which as of the time of writing was:

jdk8u162-b12_openj9-0.8.0
jdk8u181-b13_openj9-0.9.0
jdk8u192-b13-0.11.0
jdk-9.0.4+11
jdk-9.0.4+12_openj9-0.9.0
jdk-9+181
jdk-10.0.1+10
jdk-10.0.2+13_openj9-0.9.0
jdk-10.0.2+13
jdk-11+28
jdk-11.0.1+13

The releases that do match can be listed by running:

for i in 8 9 10 11; \
  do (curl --silent "https://api.adoptopenjdk.net/v2/info/releases/openjdk$i" \
  | jq --raw-output '.[].release_name'); done \
  | grep --perl-regexp '^[a-zA-Z0-9-]+$'

Which as of the time of writing was:

jdk8u172-b11
jdk8u181-b13
jdk8u192-b12

If you want to have strict validation on the whole string the following regex should work ^[a-zA-Z0-9\-\_\.\+]+$ (adds support for _, . and +). You can try it by running:

for i in 8 9 10 11; \
  do (curl --silent "https://api.adoptopenjdk.net/v2/info/releases/openjdk$i" \
  | jq --raw-output '.[].release_name'); done \
  | grep --perl-regexp --invert-match '^[a-zA-Z0-9\-\_\.\+]+$'

(Prints any releases that don't match. Obviously no substitute for a proper test using Mocha.)

Also, you're dealing with case insensitivity twice (once by using [a-zA-Z] and again by calling toLowerCase() on the value before testing it). It would be more concise to use the case insensitivity flag i on the regex, e.g. !/^[a-z0-9\-\_\.\+]+$/i.test(ROUTErelease) (and remove A-Z and .toLowerCase()).