Add validation to secret names

database/func.go

@@ -3,6 +3,7 @@ package database
 import (
 	"context"
 	"fmt"
+	"regexp"
 
 	"github.com/google/uuid"
 	"github.com/jackc/pgx/v5"
@@ -445,13 +446,23 @@ WHERE id=$1;`
 }
 
 func (db *Database) CreateSecret(name string, secret string) (Secret, error) {
-	// TODO: we need to validate that we can convert the name to a valid environment variable
+	s := Secret{}
+
+	// validate that the secret is only A-Z or underscores and less than 256 characters
+	if len(name) > 256 {
+		return s, fmt.Errorf("secret name must be 256 characters or less")
+	}
+
+	validName := regexp.MustCompile(`^[A-Z0-9_]+$`)
+	if !validName.MatchString(name) {
+		return s, fmt.Errorf("secren name must be made up of only uppercase letters, numbers, and underscores")
+	}
+
 	query := `
 INSERT INTO secrets (id, name, secret)
 VALUES (uuid_generate_v4(), $1, $2)
 RETURNING id, name, secret;`
 
-	s := Secret{}
 	var idStr string
 	err := db.Conn.QueryRow(context.Background(), query, name, secret).Scan(&idStr, &s.Name, &s.Secret)
 	if err != nil {

pipeline_executor/pipeline_executor.go

@@ -172,7 +172,7 @@ func ExecutePipeline(pe PipelineExecution, db database.Database, pipelineConf co
 	}
 
 	for _, secret := range secrets {
-		// TODO: this doesn't validate either of these strings
+		// the env name is validated to be just uppercase letters, numbers, and underscores on ingestion
 		env = append(env, fmt.Sprintf("%v=%v", strings.ToUpper(secret.Name), secret.Secret))
 	}