[#noissue] Return bad request reason in response body

intr3p1d · intr3p1d · commit 1290a2ee2c81 · 2026-03-19T14:21:54.000+09:00
diff --git a/metric-module/metric/src/main/java/com/navercorp/pinpoint/metric/collector/controller/TelegrafMetricController.java b/metric-module/metric/src/main/java/com/navercorp/pinpoint/metric/collector/controller/TelegrafMetricController.java
@@ -60,9 +60,8 @@ public class TelegrafMetricController {
     private final TenantProvider tenantProvider;
 
     private static final String[] ignoreTags = {"host"};
-    private static final Pattern VALID_NAME = Pattern.compile("[a-zA-Z0-9._\\-]+");
-    private static final Pattern CONTROL_CHARS = Pattern.compile("[\\p{Cntrl}]");
-    private static final int MAX_LOG_LENGTH = 100;
+    private static final Pattern VALID_HOST_NAME = Pattern.compile("[a-z]([a-z0-9\\-._]{0,254}[a-z0-9])?");
+    private static final Pattern VALID_GROUP_NAME = Pattern.compile("[A-Za-z0-9][A-Za-z0-9.\\-_]*");
 
     public TelegrafMetricController(SystemMetricService systemMetricService,
                                     SystemMetricDataTypeService systemMetricMetadataService,
@@ -76,33 +75,34 @@ public TelegrafMetricController(SystemMetricService systemMetricService,
 
 
     @PostMapping(value = "/telegraf")
-    public ResponseEntity<Void> saveSystemMetric(
+    public ResponseEntity<String> saveSystemMetric(
             @RequestHeader(value = "hostGroupName") String hostGroupName,
             @RequestBody TelegrafMetrics telegrafMetrics, BindingResult bindingResult
     ) throws BindException {
         if (bindingResult.hasErrors()) {
             SimpleErrorMessage simpleErrorMessage = new SimpleErrorMessage(bindingResult);
-            logger.warn("metric binding error. header=hostGroupName:{} errorCount:{} {}", sanitizeForLog(hostGroupName), bindingResult.getErrorCount(), simpleErrorMessage);
+            logger.warn("metric binding error. header=hostGroupName:{} errorCount:{} {}", hostGroupName, bindingResult.getErrorCount(), simpleErrorMessage);
             throw new BindException(bindingResult);
         }
 
-        if (!VALID_NAME.matcher(hostGroupName).matches()) {
-            logger.warn("invalid hostGroupName='{}'", sanitizeForLog(hostGroupName));
+        if (!isValidGroupName(hostGroupName)) {
+            logger.warn("invalid hostGroupName='{}'", hostGroupName);
+            return ResponseEntity.badRequest().body("invalid hostGroupName='" + hostGroupName + "'");
         }
 
         String hostName = getHost(telegrafMetrics);
         if (StringUtils.isEmpty(hostName)) {
             // hostname null check
-            logger.info("hostName is empty. hostGroupName={}", sanitizeForLog(hostGroupName));
-            return ResponseEntity.badRequest().build();
+            logger.info("hostName is empty. hostGroupName={}", hostGroupName);
+            return ResponseEntity.badRequest().body("hostName is empty");
         }
 
-        if (!VALID_NAME.matcher(hostName).matches()) {
-            logger.warn("invalid hostName='{}', hostGroupName='{}'", sanitizeForLog(hostName), sanitizeForLog(hostGroupName));
+        if (!isValidHostName(hostName)) {
+            logger.warn("invalid hostName='{}', hostGroupName='{}'", hostName, hostGroupName);
         }
 
         if (logger.isDebugEnabled()) {
-            logger.debug("hostGroupName:{} host:{} size:{}", sanitizeForLog(hostGroupName), sanitizeForLog(hostName), telegrafMetrics.size());
+            logger.debug("hostGroupName:{} host:{} size:{}", hostGroupName, hostName, telegrafMetrics.size());
         }
 
         String tenantId = tenantProvider.getTenantId();
@@ -112,7 +112,7 @@ public ResponseEntity<Void> saveSystemMetric(
         updateMetadata(systemMetric);
         systemMetricService.insert(systemMetric);
 
-        return ResponseEntity.ok().build();
+        return ResponseEntity.ok(null);
     }
 
     private String getHost(TelegrafMetrics metrics) {
@@ -176,15 +176,12 @@ private Tag getHost(List<Tag> tTags) {
         return null;
     }
 
-    static String sanitizeForLog(String value) {
-        if (value == null) {
-            return null;
-        }
-        String sanitized = CONTROL_CHARS.matcher(value).replaceAll("_");
-        if (sanitized.length() > MAX_LOG_LENGTH) {
-            sanitized = sanitized.substring(0, MAX_LOG_LENGTH) + "...(truncated)";
-        }
-        return sanitized;
+    static boolean isValidHostName(String value) {
+        return VALID_HOST_NAME.matcher(value).matches();
+    }
+
+    static boolean isValidGroupName(String value) {
+        return VALID_GROUP_NAME.matcher(value).matches();
     }
 
     static List<Tag> filterTag(List<Tag> tTags, String[] ignoreTagName) {
diff --git a/metric-module/metric/src/test/java/com/navercorp/pinpoint/metric/collector/controller/TelegrafMetricControllerTest.java b/metric-module/metric/src/test/java/com/navercorp/pinpoint/metric/collector/controller/TelegrafMetricControllerTest.java
@@ -10,43 +10,62 @@
 class TelegrafMetricControllerTest {
 
     @Test
-    void filterTag() {
-        List<Tag> tags = List.of(
-                new Tag("tag1", "value1"),
-                new Tag("host", "host1")
-        );
-        List<Tag> tags1 = TelegrafMetricController.filterTag(tags, new String[]{"host"});
-        assertThat(tags1)
-                .hasSize(1)
-                .containsExactly(new Tag("tag1", "value1"));
+    void isValidHostName_valid() {
+        assertThat(TelegrafMetricController.isValidHostName("hostname")).isTrue();
+        assertThat(TelegrafMetricController.isValidHostName("host-name")).isTrue();
+        assertThat(TelegrafMetricController.isValidHostName("host1")).isTrue();
+        assertThat(TelegrafMetricController.isValidHostName("a")).isTrue();
+        assertThat(TelegrafMetricController.isValidHostName("a1")).isTrue();
+        assertThat(TelegrafMetricController.isValidHostName("abc-123-def")).isTrue();
+        assertThat(TelegrafMetricController.isValidHostName("host.name")).isTrue();
+        assertThat(TelegrafMetricController.isValidHostName("host_name")).isTrue();
+    }
+
+    @Test
+    void isValidHostName_invalid() {
+        assertThat(TelegrafMetricController.isValidHostName("-hostname")).isFalse();
+        assertThat(TelegrafMetricController.isValidHostName("hostname-")).isFalse();
+        assertThat(TelegrafMetricController.isValidHostName("1hostname")).isFalse();
+        assertThat(TelegrafMetricController.isValidHostName("HostName")).isFalse();
+        assertThat(TelegrafMetricController.isValidHostName("host name")).isFalse();
+        assertThat(TelegrafMetricController.isValidHostName("")).isFalse();
     }
 
     @Test
-    void sanitizeForLog_null() {
-        assertThat(TelegrafMetricController.sanitizeForLog(null)).isNull();
+    void isValidHostName_exceedsMaxLabelLength() {
+        String longName = "a".repeat(300);
+        assertThat(TelegrafMetricController.isValidHostName(longName)).isFalse();
     }
 
     @Test
-    void sanitizeForLog_replaceControlChars() {
-        assertThat(TelegrafMetricController.sanitizeForLog("host\ninjected"))
-                .isEqualTo("host_injected");
-        assertThat(TelegrafMetricController.sanitizeForLog("host\r\ninjected"))
-                .isEqualTo("host__injected");
-        assertThat(TelegrafMetricController.sanitizeForLog("normal-host_name.01"))
-                .isEqualTo("normal-host_name.01");
+    void isValidGroupName_valid() {
+        assertThat(TelegrafMetricController.isValidGroupName("group1")).isTrue();
+        assertThat(TelegrafMetricController.isValidGroupName("Group-Name")).isTrue();
+        assertThat(TelegrafMetricController.isValidGroupName("group.name")).isTrue();
+        assertThat(TelegrafMetricController.isValidGroupName("Group.Name-01")).isTrue();
+        assertThat(TelegrafMetricController.isValidGroupName("group_name")).isTrue();
+        assertThat(TelegrafMetricController.isValidGroupName("A")).isTrue();
     }
 
     @Test
-    void sanitizeForLog_truncate() {
-        String longValue = "a".repeat(150);
-        String result = TelegrafMetricController.sanitizeForLog(longValue);
-        assertThat(result).hasSize(100 + "...(truncated)".length());
-        assertThat(result).endsWith("...(truncated)");
+    void isValidGroupName_invalid() {
+        assertThat(TelegrafMetricController.isValidGroupName("{groupname}")).isFalse();
+        assertThat(TelegrafMetricController.isValidGroupName("-group")).isFalse();
+        assertThat(TelegrafMetricController.isValidGroupName(".group")).isFalse();
+        assertThat(TelegrafMetricController.isValidGroupName("group name")).isFalse();
+        assertThat(TelegrafMetricController.isValidGroupName("")).isFalse();
     }
 
     @Test
-    void sanitizeForLog_exactlyMaxLength() {
-        String value = "a".repeat(100);
-        assertThat(TelegrafMetricController.sanitizeForLog(value)).isEqualTo(value);
+    void filterTag() {
+        List<Tag> tags = List.of(
+                new Tag("tag1", "value1"),
+                new Tag("host", "host1")
+        );
+        List<Tag> tags1 = TelegrafMetricController.filterTag(tags, new String[]{"host"});
+        assertThat(tags1)
+                .hasSize(1)
+                .containsExactly(new Tag("tag1", "value1"));
     }
+
 }
