From d300a828452686383adc9837a7014bd1604b7824 Mon Sep 17 00:00:00 2001
From: Henrik Levkowetz <henrik@levkowetz.com>
Date: Wed, 12 Jun 2019 22:06:53 +0000
Subject: [PATCH] Added validation of draft names extracted from XML submission
 files.  - Legacy-Id: 16239

---
 ietf/submit/forms.py | 5 ++++-
 ietf/submit/utils.py | 7 ++++++-
 2 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/ietf/submit/forms.py b/ietf/submit/forms.py
index 703e9fa08..cd99c9439 100644
--- a/ietf/submit/forms.py
+++ b/ietf/submit/forms.py
@@ -24,7 +24,7 @@ from ietf.meeting.models import Meeting
 from ietf.message.models import Message
 from ietf.name.models import FormalLanguageName, GroupTypeName
 from ietf.submit.models import Submission, Preapproval
-from ietf.submit.utils import validate_submission_rev, validate_submission_document_date
+from ietf.submit.utils import validate_submission_name, validate_submission_rev, validate_submission_document_date
 from ietf.submit.parsers.pdf_parser import PDFParser
 from ietf.submit.parsers.plain_parser import PlainParser
 from ietf.submit.parsers.ps_parser import PSParser
@@ -173,6 +173,9 @@ class SubmissionBaseUploadForm(forms.Form):
                 draftname = self.xmlroot.attrib.get('docName')
                 if draftname is None:
                     raise forms.ValidationError("No docName attribute found in the xml root element")
+                name_error = validate_submission_name(draftname)
+                if name_error:
+                    raise forms.ValidationError(name_error)
                 revmatch = re.search("-[0-9][0-9]$", draftname)
                 if revmatch:
                     self.revision = draftname[-2:]
diff --git a/ietf/submit/utils.py b/ietf/submit/utils.py
index 4d4516d51..bced88988 100644
--- a/ietf/submit/utils.py
+++ b/ietf/submit/utils.py
@@ -1,8 +1,9 @@
 # Copyright The IETF Trust 2011-2019, All Rights Reserved
 # -*- coding: utf-8 -*-
 
-import os
 import datetime
+import os
+import re
 import six                              # pyflakes:ignore
 import xml2rfc
 
@@ -78,6 +79,10 @@ def has_been_replaced_by(name):
 
     return None
 
+def validate_submission_name(name):
+    if not re.search(r'^draft-[a-z][-a-z0-9]{0,39}$', name):
+        return "Expected name 'draft-...' using lowercase ascii letters, digits, and hyphen; found '%s'." % name
+
 def validate_submission_rev(name, rev):
     if not rev:
         return 'Revision not found'