Restrict User Input

clinical-domain-agent/src/main/java/care/smith/fts/cda/rest/TransferProcessController.java

@@ -30,7 +30,7 @@ public TransferProcessController(
     this.processes = processes;
   }
 
-  @PostMapping(value = "/{project:\\w+}/start")
+  @PostMapping(value = "/{project:[\\w-]+}/start")
   Mono<ResponseEntity<Object>> start(
       @PathVariable("project") String project, UriComponentsBuilder uriBuilder) {
     var process = findProcess(project);
@@ -48,7 +48,7 @@ Mono<ResponseEntity<Object>> start(
     } else {
       log.warn("Project '{}' not found", project);
       return internalServerError(
-          new IllegalStateException("Project %s could not be found".formatted(project)));
+          new IllegalStateException("Project '%s' could not be found".formatted(project)));
     }
   }
 

clinical-domain-agent/src/test/java/care/smith/fts/cda/rest/TransferProcessDefinitionControllerTest.java → clinical-domain-agent/src/test/java/care/smith/fts/cda/rest/TransferProcessControllerTest.java

@@ -64,7 +64,7 @@ void startNonExistingProjectErrors() {
             ResponseEntity.of(
                     ProblemDetail.forStatusAndDetail(
                         HttpStatus.INTERNAL_SERVER_ERROR,
-                        "Project non-existent could not be found"))
+                        "Project 'non-existent' could not be found"))
                 .build())
         .verifyComplete();
   }

clinical-domain-agent/src/test/java/care/smith/fts/cda/rest/it/GeneralIT.java

@@ -73,7 +73,7 @@ void invalidProject() {
                         c.bodyToMono(ProblemDetail.class)
                             .flatMap(p -> Mono.error(new IllegalStateException(p.getDetail()))))
                 .toBodilessEntity())
-        .expectErrorMessage("Project non-existent could not be found")
+        .expectErrorMessage("Project 'non-existent' could not be found")
         .verifyThenAssertThat()
         .hasOperatorErrors();
   }