From 92c5c78f3ee62a7281b9fc0cc667ff852d00a912 Mon Sep 17 00:00:00 2001
From: Marco Enrico Piras <kikkomep@crs4.it>
Date: Thu, 23 Nov 2023 13:17:51 +0100
Subject: [PATCH] fix: always validate job_id before using it

---
 lifemonitor/tasks/controller.py |  2 ++
 lifemonitor/tasks/utils.py      | 10 ++++++++++
 2 files changed, 12 insertions(+)

diff --git a/lifemonitor/tasks/controller.py b/lifemonitor/tasks/controller.py
index cd5997bd1..2397cbba9 100644
--- a/lifemonitor/tasks/controller.py
+++ b/lifemonitor/tasks/controller.py
@@ -40,6 +40,8 @@
 @authorized
 @blueprint.route("/status/<job_id>", methods=("GET",))
 def get_job_status(job_id: str):
+    if not utils.validate_job_id(job_id):
+        raise ValueError(f"Invalid job id: {job_id}")
     serialized_job_data = cache.get(utils.get_job_key(job_id=job_id))
     if not serialized_job_data:
         return f"job ${job_id} not found", 404
diff --git a/lifemonitor/tasks/utils.py b/lifemonitor/tasks/utils.py
index 2ddde5610..96cda3a49 100644
--- a/lifemonitor/tasks/utils.py
+++ b/lifemonitor/tasks/utils.py
@@ -15,6 +15,16 @@ def make_job_id() -> str:
     return str(uuid4())
 
 
+def validate_job_id(job_id: str) -> bool:
+    '''Validate the job id defined as uuid4'''
+    from uuid import UUID
+    try:
+        UUID(job_id, version=4)
+        return True
+    except ValueError:
+        return False
+
+
 def get_job_key(job_id: str):
     return f"job-{job_id}"