Checks for invalid denylist regex patterns

Adds new field check method DenyListFields to validate
the pattern string. in addition, check for a zero
length string as well.

Closes-Bug: #1934252
Change-Id: I2b69025fc11125bb73a4e0f8c0dedad951399cbf

2 files changed, 24 insertions, 2 deletions

diff --git a/designate/objects/blacklist.py b/designate/objects/blacklist.py
index 1a5eb388..a0dd4fcf 100644
--- a/designate/objects/blacklist.py
+++ b/designate/objects/blacklist.py
@@ -20,8 +20,8 @@ from designate.objects import fields
 class Blacklist(base.DictObjectMixin, base.PersistentObjectMixin,
                 base.DesignateObject):
     fields = {
-        'pattern': fields.StringFields(maxLength=255),
-        'description': fields.StringFields(maxLength=160, nullable=True),
+        'pattern': fields.DenylistFields(maxLength=255),
+        'description': fields.DenylistFields(maxLength=160, nullable=True),
     }
 
     STRING_KEYS = [
diff --git a/designate/objects/fields.py b/designate/objects/fields.py
index 19a52c0d..7f2f76ff 100644
--- a/designate/objects/fields.py
+++ b/designate/objects/fields.py
@@ -425,3 +425,25 @@ class IPOrHost(IPV4AndV6AddressField):
             if not re.match(StringFields.RE_ZONENAME, value):
                 raise ValueError("%s is not IP address or host name" % value)
         return value
+
+
+class DenylistFields(StringFields):
+    def __init__(self, **kwargs):
+        super(DenylistFields, self).__init__(**kwargs)
+
+    def coerce(self, obj, attr, value):
+        value = super(DenylistFields, self).coerce(obj, attr, value)
+
+        if value is None:
+            return self._null(obj, attr)
+
+        # determine the validity if a regex expression filter has been used.
+        msg = ("%s is not a valid regular expression" % value)
+        if not len(value):
+            raise ValueError(msg)
+        try:
+            re.compile(value)
+        except Exception:
+            raise ValueError(msg)
+
+        return value