From 6c3d4071746179dde30f615602592c2523daa56e Mon Sep 17 00:00:00 2001 From: Jonne Kaunisto Date: Tue, 9 Mar 2021 09:53:10 -0800 Subject: [PATCH] fix(stepfunctions): no validation on state machine name (#13387) closes #13289 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- .../aws-stepfunctions/lib/state-machine.ts | 15 +++++++++- .../test/state-machine.test.ts | 30 +++++++++++++++++++ 2 files changed, 44 insertions(+), 1 deletion(-) diff --git a/packages/@aws-cdk/aws-stepfunctions/lib/state-machine.ts b/packages/@aws-cdk/aws-stepfunctions/lib/state-machine.ts index cced1d4519660..fa97eccad71f4 100644 --- a/packages/@aws-cdk/aws-stepfunctions/lib/state-machine.ts +++ b/packages/@aws-cdk/aws-stepfunctions/lib/state-machine.ts @@ -46,7 +46,7 @@ export enum LogLevel { /** * Log all errors */ - ERROR= 'ERROR', + ERROR = 'ERROR', /** * Log fatal errors */ @@ -379,6 +379,10 @@ export class StateMachine extends StateMachineBase { physicalName: props.stateMachineName, }); + if (props.stateMachineName != undefined) { + this.validateStateMachineName(props.stateMachineName); + } + this.role = props.role || new iam.Role(this, 'Role', { assumedBy: new iam.ServicePrincipal('states.amazonaws.com'), }); @@ -426,6 +430,15 @@ export class StateMachine extends StateMachineBase { this.role.addToPrincipalPolicy(statement); } + private validateStateMachineName(stateMachineName: string) { + if (stateMachineName.length < 1 || stateMachineName.length > 80) { + throw new Error(`State Machine name must be between 1 and 80 characters. Received: ${stateMachineName}`); + } + if (!stateMachineName.match('^[0-9a-zA-Z+!@._-]+$')) { + throw new Error(`State Machine name must match "^[0-9a-zA-Z+!@._-]+$". Received: ${stateMachineName}`); + } + } + private buildLoggingConfiguration(logOptions: LogOptions): CfnStateMachine.LoggingConfigurationProperty { // https://docs.aws.amazon.com/step-functions/latest/dg/cw-logs.html#cloudwatch-iam-policy this.addToRolePolicy(new iam.PolicyStatement({ diff --git a/packages/@aws-cdk/aws-stepfunctions/test/state-machine.test.ts b/packages/@aws-cdk/aws-stepfunctions/test/state-machine.test.ts index e721b460a5358..1c26947659a54 100644 --- a/packages/@aws-cdk/aws-stepfunctions/test/state-machine.test.ts +++ b/packages/@aws-cdk/aws-stepfunctions/test/state-machine.test.ts @@ -62,6 +62,36 @@ describe('State Machine', () => { }), + test('State Machine with invalid name', () => { + // GIVEN + const stack = new cdk.Stack(); + + // WHEN + const createStateMachine = (name: string) => { + new stepfunctions.StateMachine(stack, name + 'StateMachine', { + stateMachineName: name, + definition: stepfunctions.Chain.start(new stepfunctions.Pass(stack, name + 'Pass')), + stateMachineType: stepfunctions.StateMachineType.EXPRESS, + }); + }; + const tooShortName = ''; + const tooLongName = 'M'.repeat(81); + const invalidCharactersName = '*'; + + // THEN + expect(() => { + createStateMachine(tooShortName); + }).toThrow(`State Machine name must be between 1 and 80 characters. Received: ${tooShortName}`); + + expect(() => { + createStateMachine(tooLongName); + }).toThrow(`State Machine name must be between 1 and 80 characters. Received: ${tooLongName}`); + + expect(() => { + createStateMachine(invalidCharactersName); + }).toThrow(`State Machine name must match "^[0-9a-zA-Z+!@._-]+$". Received: ${invalidCharactersName}`); + }); + test('log configuration', () => { // GIVEN const stack = new cdk.Stack();