From 511aa9355975739efab266eca8d90dbd14530da6 Mon Sep 17 00:00:00 2001 From: dasokkk <60160607+dasokkk@users.noreply.github.com> Date: Sun, 28 Jun 2026 03:57:47 +0300 Subject: [PATCH] fix: require full string match in is_uuid4 is_uuid4 used re.match, which only checks the start of the string, so a value that just begins with a uuid was accepted (for example "-extra" returned True). is_uuid4 decides how identifiers are handled in a few input-sensitive places: payload lookup from the agent "file" header in file_svc, fact source classification in fact_api_manager, and #{payload:...} resolution in c_agent. Use re.fullmatch so the whole string has to be a uuid. Identifiers are generated with uuid.uuid4() and still pass; only trailing or leading junk is rejected. Adds tests for is_uuid4, which had none before. --- app/utility/base_world.py | 2 +- tests/utility/test_base_world.py | 9 +++++++++ 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/app/utility/base_world.py b/app/utility/base_world.py index 5fe028aa7..acdf6cc58 100644 --- a/app/utility/base_world.py +++ b/app/utility/base_world.py @@ -125,7 +125,7 @@ def is_base64(s): @staticmethod def is_uuid4(s): - if BaseWorld.re_base64.match(s): + if BaseWorld.re_base64.fullmatch(s): return True return False diff --git a/tests/utility/test_base_world.py b/tests/utility/test_base_world.py index e9ecc0307..00d599e10 100644 --- a/tests/utility/test_base_world.py +++ b/tests/utility/test_base_world.py @@ -91,3 +91,12 @@ def test_is_not_base64(self): def test_is_base64(self): b64str = 'aGVsbG8gd29ybGQgZnJvbSB1bml0IHRlc3QgbGFuZAo=' assert BaseWorld.is_base64(b64str) + + def test_is_uuid4(self): + assert BaseWorld.is_uuid4('a3f1c2d4-5b6e-4f7a-8c9d-0e1f2a3b4c5d') + + def test_is_not_uuid4(self): + assert not BaseWorld.is_uuid4('not a uuid') + + def test_is_not_uuid4_with_trailing_characters(self): + assert not BaseWorld.is_uuid4('a3f1c2d4-5b6e-4f7a-8c9d-0e1f2a3b4c5d-extra')