fix!: restrict dfx identity new to safe characters (#3217)

With weird characters in identity name (like `/` or a space), weird things can happen or usability is bad. This PR restricts the set of valid identity names when creating new ones to make sure the identities will not cause unexpected behaviour.
dfinity · Jul 11, 2023 · 0b7a8e1 · 0b7a8e1
1 parent 2b08415
commit 0b7a8e1
Show file tree

Hide file tree

Showing 4 changed files with 40 additions and 0 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -34,6 +34,12 @@ Note that this can be combined to also disable the dfx version check warning:
 export DFX_WARNING="-version_check,-mainnet_plaintext_identity"
 ```
 
+### fix!: restrict `dfx identity new` to safe characters
+
+New identities like `dfx identity new my/identity` or `dfx identity new 'my identity'` can easily lead to problems, either for dfx internals or for usability.
+New identities are now restricted to the characters `ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz.-_@0123456789`.
+Existing identities are not affected by this change.
+
 ## Dependencies
 
 ### Motoko

diff --git a/docs/cli-reference/dfx-identity.md b/docs/cli-reference/dfx-identity.md
@@ -172,6 +172,7 @@ In this example, the `bob_standard` identity is the currently-active user contex
 ## dfx identity new
 
 Use the `dfx identity new` command to add new user identities. You should note that the identities you add are global. They are not confined to a specific project context. Therefore, you can use any identity you add using the `dfx identity new` command in any project.
+Only the characters `ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz.-_@0123456789` are valid in identity names.
 
 ### Basic usage
 

diff --git a/e2e/tests-dfx/identity.bash b/e2e/tests-dfx/identity.bash
@@ -14,6 +14,29 @@ teardown() {
     standard_teardown
 }
 
+@test "identity new: name validation" {
+    assert_command_fail dfx identity new iden%tity --storage-mode plaintext
+    assert_match "Invalid identity name"
+
+    assert_command_fail dfx identity new 'iden tity' --storage-mode plaintext
+    assert_match "Invalid identity name"
+
+    assert_command_fail dfx identity new "iden\$tity" --storage-mode plaintext
+    assert_match "Invalid identity name"
+
+    assert_command_fail dfx identity new iden\\tity --storage-mode plaintext
+    assert_match "Invalid identity name"
+
+    assert_command_fail dfx identity new 'iden\ttity' --storage-mode plaintext
+    assert_match "Invalid identity name"
+
+    assert_command_fail dfx identity new iden/tity --storage-mode plaintext
+    assert_match "Invalid identity name"
+
+    assert_command dfx identity new i_den.ti-ty --storage-mode plaintext
+
+    assert_command dfx identity new i_den@ti-ty --storage-mode plaintext
+}
 
 @test "identity get-principal: the get-principal is the same as sender id" {
     install_asset identity

diff --git a/src/dfx/src/commands/identity/new.rs b/src/dfx/src/commands/identity/new.rs
@@ -1,4 +1,5 @@
 use anyhow::Context;
+use regex::Regex;
 use std::str::FromStr;
 
 use crate::lib::environment::Environment;
@@ -16,6 +17,7 @@ use slog::{info, warn, Logger};
 /// Creates a new identity.
 #[derive(Parser)]
 pub struct NewIdentityOpts {
+    #[arg(value_parser = identity_name_validator)]
     /// The name of the identity to create.
     new_identity: String,
 
@@ -50,6 +52,14 @@ pub struct NewIdentityOpts {
     force: bool,
 }
 
+fn identity_name_validator(name: &str) -> Result<String, String> {
+    let valid_name = Regex::new(r"^[A-Za-z0-9\.\-_@]+$").unwrap();
+    if !valid_name.is_match(name) {
+        return Err("Invalid identity name. Please only use the characters ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz.-_@0123456789".to_string());
+    }
+    Ok(name.into())
+}
+
 pub fn exec(env: &dyn Environment, opts: NewIdentityOpts) -> DfxResult {
     let log = env.get_logger();