address review: move validator to codechecker_common.util

Per #4830 review feedback: is_valid_postgresql_db_name belongs with
the other generic helpers in codechecker_common.util, not in the web
server's routing module. The function and its tests are unchanged;
only the import paths in product_server.py and test_request_routing.py
are adjusted.

Author: bishara74

codechecker_common/util.py

@@ -251,3 +251,26 @@ def format_size(num: float, suffix: str = 'B') -> str:
             return f"{num:3.1f} {unit}{suffix}"
         num /= 1024.0
     return f"{num:.1f} Qi{suffix}"
+
+
+def is_valid_postgresql_db_name(db_name):
+    """
+    Returns whether or not the given string is a safe PostgreSQL database
+    name for CodeChecker to use.
+
+    CodeChecker quotes the database identifier when issuing CREATE DATABASE,
+    so dashes, leading digits, and PostgreSQL reserved keywords are all
+    allowed. However, characters that would break even a quoted
+    identifier, or that are
+    plainly dangerous in an SQL context, are rejected here so we fail fast
+    with a clear error rather than producing broken SQL or an unusable
+    product.
+    """
+    if not db_name or not isinstance(db_name, str):
+        return False
+
+    if len(db_name.encode('utf-8')) > 63:
+        return False
+
+    forbidden = set('"\'\\;\x00\r\n\t ')
+    return not any(c in forbidden for c in db_name)

web/server/codechecker_server/api/product_server.py

@@ -31,7 +31,8 @@
 from .. import permissions
 from ..database.config_db_model import IDENTIFIER, Product, ProductPermission
 from ..database.database import DBSession, SQLServer, conv, escape_like
-from ..routing import is_valid_product_endpoint, is_valid_postgresql_db_name
+from ..routing import is_valid_product_endpoint
+from codechecker_common.util import is_valid_postgresql_db_name
 
 from .thrift_enum_helper import confidentiality_enum, \
         confidentiality_str

web/server/codechecker_server/routing.py

@@ -63,37 +63,6 @@ def is_valid_product_endpoint(uripart):
     return True
 
 
-def is_valid_postgresql_db_name(db_name):
-    """
-    Returns whether or not the given string is a safe PostgreSQL database
-    name for CodeChecker to use.
-
-    CodeChecker quotes the database identifier when issuing CREATE DATABASE,
-    so dashes, leading digits, and PostgreSQL reserved keywords are all
-    allowed (e.g. "test-product", "1team", "user" are accepted). However,
-    characters that would break even a quoted identifier, or that are
-    plainly dangerous in an SQL context, are rejected here so we fail fast
-    with a clear error rather than producing broken SQL or an unusable
-    product.
-    """
-    if not db_name or not isinstance(db_name, str):
-        return False
-
-    # PostgreSQL identifiers (even quoted) cannot exceed 63 bytes by
-    # default. Names longer than this are silently truncated by the
-    # server, which would produce a product that cannot be reconnected
-    # to under the name the user provided. Reject them outright.
-    if len(db_name.encode('utf-8')) > 63:
-        return False
-
-    # Forbidden characters: anything that would prematurely terminate
-    # the quoted identifier, embed a statement separator, or corrupt the
-    # connection string. Whitespace is also rejected because a name with
-    # spaces is almost certainly a typo rather than an intent.
-    forbidden = set('"\'\\;\x00\r\n\t ')
-    return not any(c in forbidden for c in db_name)
-
-
 def is_supported_version(version):
     """
     Returns whether or not the given version tag is supported by the current

web/server/tests/unit/test_request_routing.py

@@ -13,7 +13,7 @@
 
 from codechecker_server.routing import split_client_GET_request
 from codechecker_server.routing import split_client_POST_request
-from codechecker_server.routing import is_valid_postgresql_db_name
+from codechecker_common.util import is_valid_postgresql_db_name
 
 
 def get(path, host="http://localhost:8001/"):