IBM-Cloud · oliviagolden0 · May 15, 2024 · May 16, 2024 · May 16, 2024 · May 16, 2024
diff --git a/rules/engine.go b/rules/engine.go
@@ -3,6 +3,7 @@ package rules
 import (
 	"fmt"
 	"os"
+	"regexp"
 	"strings"
 	"time"
 
@@ -166,11 +167,18 @@ func (e *v3Engine) SetWatcherWrapper(watcherWrapper WrapWatcher) {
 	e.watcherWrapper = watcherWrapper
 }
 
+// valid path patterns must be alphanumeric and may only contain select special characters (:/"'_.,*=-)
+var validPath = regexp.MustCompile(`^[[:alnum:] \:\/\"\'\_\.\,\*\=\-]*$`)
+
 func (e *v3Engine) AddRule(rule DynamicRule,
 	lockPattern string,
 	callback V3RuleTaskCallback,
 	options ...RuleOption) {
-	e.addRuleWithIface(rule, lockPattern, callback, options...)
+	if !validPath.MatchString(lockPattern) {
+		e.logger.Fatal("Path contains an invalid character")
+	} else {
+		e.addRuleWithIface(rule, lockPattern, callback, options...)
+	}
 }
 
 func (e *baseEngine) Stop() {