Enforce schema character set on vital.name in Feature Operation APIs#3393
Enforce schema character set on vital.name in Feature Operation APIs#3393Valpertui wants to merge 1 commit into
Conversation
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 3e336d9064
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
Valpertui
force-pushed
the
valpertui/rum-operation-name-validation
branch
2 times, most recently
from
f36df5d to
025047d
Compare
The backend enforces [\w.@$-]* on vital.name via the vital-common-schema facet-path rule; until now the Android SDK only checked for blank names. This change validates the character set in featureOperationArgumentsValid: blank names are dropped with a WARN, names that fail the regex warn but are still emitted (backend is source of truth on the policy). operationKey has no schema character-set rule and is left untouched. Added VALID_OPERATION_NAME_REGEX and FO_ERROR_INVALID_NAME_CHARACTERS message.
Valpertui
force-pushed
the
valpertui/rum-operation-name-validation
branch
from
025047d to
16133cc
Compare
| @Suppress( | ||
| "UnsafeThirdPartyFunctionCall" | ||
| ) // Regex is a compile-time constant; matches() cannot throw on a non-null input | ||
| val nameMatchesBackendPattern = VALID_OPERATION_NAME_REGEX.matches(name) |
There was a problem hiding this comment.
You could instead do:
val nameMatchesBackendPattern = name.matches(VALID_OPERATION_NAME_REGEX)
This way you don't have to suppress the warning, because String.matches is already in detekt_custom_safe_calls.yml.
|
Please check #3390 and align with that, including using the new |
3 participants
What does this PR do?
Validates
vital.nameclient-side in the Feature Operation APIs (startFeatureOperation/succeedFeatureOperation/failFeatureOperation) against the backend's character-set regex[\w.@$-]*.InternalLogger.Level.WARN[\w.@$-]*→InternalLogger.Level.WARN, event still emittedoperationKeyhas no schema character-set rule and is left untouchedMotivation
The authoritative
_vital-common-schema.jsondocumentsvital.nameas restricted to letters, digits, and- _ . @ $— it is used as a facet path by the backend. Until now the Android SDK only checked for blank names; non-conforming values (e.g."user login") were silently shipped to intake, where they are rejected. Client-side validation gives developers immediate feedback at dev time.Names that fail the character-set regex still emit because the backend is the source of truth on the policy — a client-side drop would force customers to bump the SDK if the server rule is ever relaxed.
Additional Notes
internal:VALID_OPERATION_NAME_REGEXandFO_ERROR_INVALID_NAME_CHARACTERS. No public API surface changes;api/apiSurfaceandapi/dd-sdk-android-rum.apido not need to be regenerated.java.util.regex.Pattern's default\wis ASCII-only (noUNICODE_CHARACTER_CLASSflag) — the non-ASCII test case"ログイン"pins this behavior against future drift.Review checklist (to be filled by reviewers)