From a7ed57d764071289673b18fcd3888136534ff637 Mon Sep 17 00:00:00 2001
From: Jakub Kadlcik <frostyx@email.cz>
Date: Tue, 12 Dec 2023 12:35:31 +0100
Subject: [PATCH] frontend: allow dot and plus characters in chroot denylist

Fix #3012
---
 frontend/coprs_frontend/coprs/forms.py      |  4 ++--
 frontend/coprs_frontend/tests/test_forms.py | 26 ++++++++++++++++++++-
 2 files changed, 27 insertions(+), 3 deletions(-)

diff --git a/frontend/coprs_frontend/coprs/forms.py b/frontend/coprs_frontend/coprs/forms.py
index 719a5f41d..d9f64c15b 100644
--- a/frontend/coprs_frontend/coprs/forms.py
+++ b/frontend/coprs_frontend/coprs/forms.py
@@ -27,6 +27,7 @@
 
 FALSE_VALUES = {False, "false", ""}
 REGEX_BOOTSTRAP_IMAGE = r"^[-\./\w]+(:\w+)?$"
+REGEX_CHROOT_DENYLIST = r"^[a-z0-9-_*.+]+$"
 
 
 class NoneFilter():
@@ -823,8 +824,7 @@ def validate_chroot_denylist(_form, field):
         string = field.data
         items = [x.lstrip().rstrip() for x in string.split(',')]
         for item in items:
-            pattern = r'^[a-z0-9-_*]+$'
-            if not re.match(pattern, item):
+            if not re.match(REGEX_CHROOT_DENYLIST, item):
                 raise wtforms.ValidationError('Pattern "{0}" does not match "{1}"'.format(item, pattern))
 
             matched = set()
diff --git a/frontend/coprs_frontend/tests/test_forms.py b/frontend/coprs_frontend/tests/test_forms.py
index 99339f9da..e5666a1b0 100644
--- a/frontend/coprs_frontend/tests/test_forms.py
+++ b/frontend/coprs_frontend/tests/test_forms.py
@@ -3,7 +3,13 @@
 import flask
 from tests.coprs_test_case import CoprsTestCase
 from coprs import app
-from coprs.forms import PinnedCoprsForm, CoprFormFactory, CreateModuleForm, REGEX_BOOTSTRAP_IMAGE
+from coprs.forms import (
+    PinnedCoprsForm,
+    CoprFormFactory,
+    CreateModuleForm,
+    REGEX_BOOTSTRAP_IMAGE,
+    REGEX_CHROOT_DENYLIST,
+)
 
 
 class TestCoprsFormFactory(CoprsTestCase):
@@ -103,3 +109,21 @@ def test_form_regexes():
     assert re.match(REGEX_BOOTSTRAP_IMAGE, "registry.fedoraproject.org/fedora:rawhide")
     assert re.match(REGEX_BOOTSTRAP_IMAGE, "registry.fedoraproject.org/fedora")
     assert not re.match(REGEX_BOOTSTRAP_IMAGE, "docker://example.com/test:30")
+
+    items = [
+        "fedora",
+        "fedora-*-x86_64",
+        "fedora-*-*",
+        "fedora-39-x86_64",
+        "fedora-rawhide-aarch64",
+        "amazonlinux-2023-aarch64",
+        "centos-stream+epel-next-9-x86_64",
+        "openeuler-22.03-x86_64",
+        "opensuse-leap-15.4-x86_64",
+        "opensuse-leap-15.4-x86_64",
+    ]
+    for item in items:
+        assert re.match(REGEX_CHROOT_DENYLIST, item)
+
+    for item in ["fe|ora", "#fedora", "fedora/39", "fedora:39"]:
+        assert not re.match(REGEX_CHROOT_DENYLIST, item)