From 61017e2bfdc6b46a865e02bbeae7637366eda66f Mon Sep 17 00:00:00 2001
From: Thorsten Hans <thorsten.hans@fermyon.com>
Date: Fri, 21 Mar 2025 16:58:51 +0100
Subject: [PATCH 1/2] chore: validate keys before persisting for Azure CosmosDB
 key-value stores

Signed-off-by: Thorsten Hans <thorsten.hans@fermyon.com>
---
 crates/key-value-azure/src/store.rs | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/crates/key-value-azure/src/store.rs b/crates/key-value-azure/src/store.rs
index a1321eec56..1a56347d2a 100644
--- a/crates/key-value-azure/src/store.rs
+++ b/crates/key-value-azure/src/store.rs
@@ -154,6 +154,15 @@ impl Store for AzureCosmosStore {
     }
 
     async fn set(&self, key: &str, value: &[u8]) -> Result<(), Error> {
+        let illegal_chars = ['/', '\\', '?', '#'];
+
+        if key.contains(|c| illegal_chars.contains(&c)) {
+            return Err(Error::Other(format!(
+                "Key contains an illegal character. Allowed characters do not include: {}",
+                illegal_chars.iter().collect::<String>()
+            )));
+        }
+
         let pair = Pair {
             id: key.to_string(),
             value: value.to_vec(),

From 4e0944a6c46e1a2055cd28f2f26bc5ee45c051c0 Mon Sep 17 00:00:00 2001
From: Brian <brian.hardock@fermyon.com>
Date: Mon, 24 Mar 2025 11:10:31 -0600
Subject: [PATCH 2/2] Update crates/key-value-azure/src/store.rs

Co-authored-by: itowlson <github@hestia.cc>
---
 crates/key-value-azure/src/store.rs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/crates/key-value-azure/src/store.rs b/crates/key-value-azure/src/store.rs
index 1a56347d2a..0b60439caf 100644
--- a/crates/key-value-azure/src/store.rs
+++ b/crates/key-value-azure/src/store.rs
@@ -158,7 +158,7 @@ impl Store for AzureCosmosStore {
 
         if key.contains(|c| illegal_chars.contains(&c)) {
             return Err(Error::Other(format!(
-                "Key contains an illegal character. Allowed characters do not include: {}",
+                "Key contains an illegal character. Keys must not include any of: {}",
                 illegal_chars.iter().collect::<String>()
             )));
         }