[jira] [Created] (OLINGO-1602) Inconsistent validation of odataIdentifier

Thu, 06 Jul 2023 09:49:04 -0700 

Florent Albert created OLINGO-1602:
--------------------------------------

             Summary: Inconsistent validation of odataIdentifier
                 Key: OLINGO-1602
                 URL: https://issues.apache.org/jira/browse/OLINGO-1602
             Project: Olingo
          Issue Type: Bug
          Components: odata4-commons, odata4-server
    Affects Versions: (Java) V4 4.9.0
            Reporter: Florent Albert


According to the [OData specifications 
ABNF|http://docs.oasis-open.org/odata/odata/v4.0/os/abnf/odata-abnf-construction-rules.txt],
 entity type name and property name (among others) must be constructed 
according the following rule:
*_odataIdentifier             = identifierLeadingCharacter 
*127identifierCharacter_*
*_identifierLeadingCharacter  = ALPHA / "_"         ; plus Unicode characters 
from the categories L or Nl_*
*_identifierCharacter         = ALPHA / "_" / DIGIT ; plus Unicode characters 
from the categories L, Nl, Nd, Mn, Mc, Pc, or Cf_*

 

However, it is possible to generate an EDM with an entity type name or a 
property name starting with a digit (e.g.: 1TestType and 1testAttr), which is 
not compliant with the OData specifications.
Using those types/properties in requests leads to inconsistent results:
 * Types:
 ** Calling entity set with typecast ({_}GET /MyEntitySet/Model.1TestType{_}) 
results in HTTP 400 "URI is malformed"
 **  Filtering with isof ({_}GET /MyEntitySet?$filter=isof(Model.1TestType){_}) 
results in HTTP 400 "URI is malformed"
 ** Calling _POST /MyEntitySet_ with @odata.type set to "Model.1TestType" works
 * Properties:
 ** _POST /MyEntitySet_ with "1testAttr" in request body works
 ** _GET /MyEntitySet_ returns "1testAttr" in the response
 ** _GET /MyEntitySet?$select=1testAttr_ results in HTTP 400 "URI is malformed"
 ** _GET /MyEntitySet?$filter=1testAttr ne null_ results in HTTP 400 "The types 
'Edm.Boolean' and 'Edm.SByte' are not compatible"
 ** _GET /MyEntitySet?$filter=contains(1testAttr,'Value')_ results in HTTP 400 
"The types 'Edm.SByte' and '[String]' are not compatible."
 ** _GET /MyEntitySet?$orderby=1testAttr_ results in HTTP 400 "The system query 
option '$orderby' has the not-allowed value '1testAttr'"

 

The failed requests are expected, since they validate the OData Identifier in 
the URI (see {_}UriTokenizer.nextODataIdentifier(){_}). 

However, the EDM should not allow such names, and validate the OData 
identifiers compliance.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to