fix #5410: config: fix naming scheme for names in firewall config

This should bring the allowed names on par with the pve-firewall naming scheme, allowing also underscores together with minus, as long it isn't the first character [1]. [1] https://git.proxmox.com/?p=pve-firewall.git;a=blob;f=src/PVE/Firewall.pm;h=0abfeccffc94cec940760e69a894e392dc33f151;hb=29b48c381d14bf425232dc65c9c0d18f95c8f222#l51 Signed-off-by: Stefan Hanreich <s.hanreich@proxmox.com> [ TL: expand commit message slightly ] Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2025-10-04 11:38:13 +00:00 · 2024-04-24 18:15:20 +02:00 · 2024-04-24 18:15:20 +02:00 · 9165ab4b79
commit 9165ab4b79
parent 4c43f215bf
2 changed files with 21 additions and 1 deletions
--- a/proxmox-ve-config/src/firewall/parse.rs
+++ b/proxmox-ve-config/src/firewall/parse.rs
@ -2,6 +2,8 @@ use std::fmt;

 use anyhow::{bail, format_err, Error};

+const NAME_SPECIAL_CHARACTERS: [u8; 2] = [b'-', b'_'];
+
 /// Parses out a "name" which can be alphanumeric and include dashes.
 ///
 /// Returns `None` if the name part would be empty.
@ -16,10 +18,14 @@ use anyhow::{bail, format_err, Error};
 /// assert_eq!(match_name(" someremainder"), None);
 /// ```
 pub fn match_name(line: &str) -> Option<(&str, &str)> {
+    if !line.starts_with(|c: char| c.is_ascii_alphabetic()) {
+        return None;
+    }
+
    let end = line
        .as_bytes()
        .iter()
-        .position(|&b| !(b.is_ascii_alphanumeric() || b == b'-'));
+        .position(|&b| !(b.is_ascii_alphanumeric() || NAME_SPECIAL_CHARACTERS.contains(&b)));

    let (name, rest) = match end {
        Some(end) => line.split_at(end),
--- a/proxmox-ve-config/src/firewall/types/alias.rs
+++ b/proxmox-ve-config/src/firewall/types/alias.rs
@ -147,6 +147,20 @@ impl FromStr for Alias {
 mod tests {
    use super::*;

+    #[test]
+    fn test_parse_alias() {
+        for alias in [
+            "local_network 10.0.0.0/32",
+            "test-_123-___-a---- 10.0.0.1/32",
+        ] {
+            alias.parse::<Alias>().expect("valid alias");
+        }
+
+        for alias in ["-- 10.0.0.1/32", "0asd 10.0.0.1/32", "__test 10.0.0.0/32"] {
+            alias.parse::<Alias>().expect_err("invalid alias");
+        }
+    }
+
    #[test]
    fn test_parse_alias_name() {
        for name in ["dc/proxmox_123", "guest/proxmox-123"] {