add validation for sandbox set command secret-name (#2352)

Author: rtpascual

.changeset/old-hornets-type.md

@@ -0,0 +1,5 @@
+---
+'@aws-amplify/backend-cli': patch
+---
+
+add validation for sandbox set command secret-name

packages/cli/src/commands/sandbox/sandbox-secret/sandbox_secret_set_command.test.ts

@@ -1,7 +1,10 @@
 import { beforeEach, describe, it, mock } from 'node:test';
 import { AmplifyPrompter, printer } from '@aws-amplify/cli-core';
 import yargs, { CommandModule } from 'yargs';
-import { TestCommandRunner } from '../../../test-utils/command_runner.js';
+import {
+  TestCommandError,
+  TestCommandRunner,
+} from '../../../test-utils/command_runner.js';
 import assert from 'node:assert';
 import { SandboxBackendIdResolver } from '../sandbox_id_resolver.js';
 import {
@@ -11,6 +14,7 @@ import {
 import { SandboxSecretSetCommand } from './sandbox_secret_set_command.js';
 import { ReadStream } from 'node:tty';
 import { PassThrough } from 'node:stream';
+import { AmplifyError } from '@aws-amplify/platform-core';
 
 const testSecretName = 'testSecretName';
 const testSecretValue = 'testSecretValue';
@@ -145,6 +149,23 @@ void describe('sandbox secret set command', () => {
     ]);
   });
 
+  void it('throws AmplifyUserError if invalid secret name is provided', async () => {
+    const invalidSecretName = 'invalid@';
+    await assert.rejects(
+      () => commandRunner.runCommand(`set ${invalidSecretName}`),
+      (err: TestCommandError) => {
+        assert.ok(AmplifyError.isAmplifyError(err.error));
+        assert.strictEqual(
+          err.error.message,
+          'Invalid secret name provided: invalid@'
+        );
+        assert.strictEqual(err.error.name, 'InvalidCommandInputError');
+        return true;
+      }
+    );
+    assert.equal(secretSetMock.mock.callCount(), 0);
+  });
+
   void it('show --help', async () => {
     const output = await commandRunner.runCommand('set --help');
     assert.match(output, /Set a sandbox secret/);

packages/cli/src/commands/sandbox/sandbox-secret/sandbox_secret_set_command.ts

@@ -6,6 +6,7 @@ import { ArgumentsKebabCase } from '../../../kebab_case.js';
 import { SandboxCommandGlobalOptions } from '../option_types.js';
 import { once } from 'events';
 import { ReadStream } from 'node:tty';
+import { AmplifyUserError } from '@aws-amplify/platform-core';
 
 /**
  * Command to set sandbox secret.
@@ -57,11 +58,24 @@ export class SandboxSecretSetCommand
    * @inheritDoc
    */
   builder = (yargs: Argv): Argv<SecretSetCommandOptionsKebabCase> => {
-    return yargs.positional('secret-name', {
-      describe: 'Name of the secret to set',
-      type: 'string',
-      demandOption: true,
-    });
+    return yargs
+      .positional('secret-name', {
+        describe: 'Name of the secret to set',
+        type: 'string',
+        demandOption: true,
+      })
+      .check(async (argv) => {
+        if (argv['secret-name']) {
+          const secretNameRegex = /^[a-zA-Z0-9_.-]+$/;
+          if (!argv['secret-name'].match(secretNameRegex)) {
+            throw new AmplifyUserError('InvalidCommandInputError', {
+              message: `Invalid secret name provided: ${argv['secret-name']}`,
+              resolution: 'Use a secret name that matches [a-zA-Z0-9_.-]+',
+            });
+          }
+        }
+        return true;
+      });
   };
 
   /**