Make sure that subject is validated in non-hot paths

[Jarema]

Overview

Some JetStream API uses values passed by the user as part of the subject.
Those values should be validated to:

• not contain spaces
• not contain \r\n or \t
• not end or start with subject token delimiter .

Examples of affected fields:

• name and durable when managing consumer
• name of Stream when managing Stream
• kv buckets and keys
• object store buckets

More to be added.

we are not yet decided on validating publish hot paths subjects, as we need to perform some benchmarks

The behavior is documented in ADR-X.

Clients and Tools

• Go @piotrpio
• Java @scottf Multiple Filter Subjects and Subject validation changes nats.java#965
• JavaScript @aricart [CHANGE] require consumer/stream names to not contain spaces, newlines, carriage returns or tabs nats.deno#585
• .Net @scottf https://github.com/nats-io/nats.net/pull/821
• C @levb
• Python @wallyqs
• Ruby @wallyqs
• Rust @Jarema @caspervonb

Other Tasks

• docs.nats.io updated @bruth
• Update ADR to Implemented
• Update client features spreadsheet

Client authors please update with your progress. If you open issues in your own repositories as a result of this request, please link them to this one by pasting the issue URL in a comment or main issue description.

[aricart]

Can we get clarification - currently, the javascript clients validate:

function minValidation(context: string, name = "") {
  // minimum validation on streams/consumers matches nats cli
  if (name === "") {
    throw Error(`${context} name required`);
  }
  const bad = [".", "*", ">", "/", "\\"];
  bad.forEach((v) => {
    if (name.indexOf(v) !== -1) {
      throw Error(
        `invalid ${context} name - ${context} name cannot contain '${v}'`,
      );
    }
  });
  return "";
}

Recently the validation that rejected spaces in the middle of the name had to be reverted, as some users already have constructs having such names.

[scottf]

this is java/.net validation. These clients limit subjects on management and subscribe to printable characters. I can remove the printable restriction if required, it would be backward compatible.

String[] segments = subject.split("\\.");
for (int x = 0; x < segments.length; x++) {
    String segment = segments[x];
    if (segment.equals(">")) {
        if (cantEndWithGt || x != segments.length - 1) { // if it can end with gt, gt must be last segment
            throw new IllegalArgumentException(label + " cannot contain '>'");
        }
    }
    else if (!segment.equals("*") && notPrintable(segment)) {
        throw new IllegalArgumentException(label + " must be printable characters only.");
    }
}

[ripienaar]

CLI/terraform/GitHub does this for names

func IsValidName(n string) bool {
	if n == "" {
		return false
	}

	return !strings.ContainsAny(n, ">*. /\\")
}