feat(types): validate snapshot name length and shape#61
Merged
Conversation
cocoon snapshot save/import previously accepted any string for --name.
A snapshot named with 100 chars or shell-unsafe chars would write
straight into the DB / OCI annotation / cidata propagation chain,
breaking downstream consumers (Linux HOST_NAME_MAX=64, DNS-1123
labels, etc.).
Mirror VMConfig.Validate's `^[a-zA-Z0-9][a-zA-Z0-9._-]{0,62}$` regex
on SnapshotConfig:
- types.SnapshotConfig.Validate() enforces ≤63 chars + safe charset
(empty Name still allowed — name is optional for snapshots).
- cmd/snapshot/handler.go Save+Import validate the --name flag early
to fail before the expensive snapshot/import operation.
- snapshot/localfile Create+Import call Validate as defense-in-depth
so programmatic callers (vk-cocoon, future API) can't bypass.
Empty name remains valid (existing behavior — auto-generated ID is
the fallback identifier).
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
`cocoon snapshot save`/`import` previously accepted any string for `--name` — no length cap, no charset check. A snapshot named with 100+ chars or shell-unsafe chars would write straight into the DB, the OCI annotation on push, and any downstream propagation (Linux `HOST_NAME_MAX=64`, K8s DNS-1123 labels in pod name concatenation, etc).
This PR closes the gap by mirroring `VMConfig.Validate`'s rule on `SnapshotConfig`:
```go
validName = regexp.MustCompile(`^[a-zA-Z0-9][a-zA-Z0-9._-]{0,62}$`)
```
(1 leading char + ≤62 trailing = max 63 chars, fitting under Linux's HOST_NAME_MAX boundary.)
Changes
Behavior
Before:
```
$ cocoon snapshot save vm --name "my-very-very-long-name-that-keeps-going-and-going-and-blows-past-63-chars"
snapshot saved: ULID... # silently OK, downstream breaks later
```
After:
```
$ cocoon snapshot save vm --name "my-very-very-long-name-...-blows-past-63-chars"
Error: snapshot name "my-very..." is invalid: must match ^[a-zA-Z0-9][a-zA-Z0-9._-]{0,62}$ (max 63 chars)
```
Same for `cocoon snapshot import --name X`.
Empty `--name` is still allowed (name is optional, ID is the fallback identifier).
Why
Reported by @doge: CH-bound hostname (set via cloud-init cidata or kernel cmdline) hits Linux `HOST_NAME_MAX=64` boundary. When vk-cocoon concatenates pod names → `cocoon snapshot save --name `, an overly long name would have been silently accepted, then surface as a downstream failure. `VMConfig` already validated this; SnapshotConfig didn't.
Verification
```
✓ go build ./...
✓ make lint (0 issues × Linux + Darwin)
✓ go test ./... (all green; 9 new SnapshotConfig.Validate subtests pass)
```
Test plan