Fix/entity name validation v2

[jaya6400]

Describe your changes:

Fixes #23268

I updated the regex patterns in JSON schema definitions to block reserved
FQN separator characters (::, >, ") and newlines (\n) from being
used in entity and column names.

The backend was accepting entity names with special characters like double
quotes and newlines, which caused issues in FQN construction since these
are reserved separator characters in OpenMetadata's FQN system.

Changes made:

• openmetadata-spec/src/main/resources/json/schema/type/basic.json — updated pattern for entityName and testCaseEntityName
• openmetadata-spec/src/main/resources/json/schema/entity/data/table.json — updated pattern for columnName

Pattern changed from ^((?!::).)*$ to ^((?!::)[^><\"|\\x00-\\x1f])*$

Unit Test: #27521 (comment)

Type of change:

• Bug fix

Checklist:

• I have read the CONTRIBUTING document.
• My PR title is Fixes #23268: <short explanation>
• I have commented on my code, particularly in hard-to-understand areas.
• For JSON Schema changes: I updated the migration scripts or explained why it is not needed.

Migration scripts are not needed for this change as it only tightens input validation at the schema level. Existing data is not affected — only new entity creation requests will be validated against the updated pattern.

---

Summary by Gitar

• CSV Import logic updates:
  • Improved EntityCsv by fixing row count tracking logic and introducing rowEntityType to handle entity types dynamically.
  • Added validation for custom properties using effectiveEntityType to ensure schema consistency during CSV import.
• Infrastructure enhancements:
  • Updated TestSuiteBootstrap to support Redis caching in integration tests and increased memory buffers (sort_buffer_size, work_mem) for database containers to resolve sort-related failures.
• UI Constants and cleanup:
  • Removed unused CUSTOM_PROPERTY_NAME_REGEX from regex.constants.ts and added new block regex patterns for sections and admonitions.

_{This will update automatically on new commits.}

[github-actions]

Hi there 👋 Thanks for your contribution!

The OpenMetadata team will review the PR shortly! Once it has been labeled as safe to test, the CI workflows
will start executing and we'll be able to make sure everything is working as expected.

Let us know if you need any help!

[github-actions]

Hi there 👋 Thanks for your contribution!

The OpenMetadata team will review the PR shortly! Once it has been labeled as safe to test, the CI workflows
will start executing and we'll be able to make sure everything is working as expected.

Let us know if you need any help!

[jaya6400]

Hi @aniketkatkar97,

Created this new PR to replace #27521, the previous one had unintended files from a mvn spotless:apply run. Cherry-picked only the relevant commits for a clean diff (15 files).

Updates since last review:

• Fixed ValidatorUtilTest.java assertion to match updated regex pattern
• Fixed EntityCsv.java contains() string to match actual validator output
• Added missing | pipe character test case in regex.constants.test.ts

Could a maintainer add the safe to test label? @harshach @sonika-shah @Rohit0301 @anuj-kumary

Thanks!

[github-actions]

The Java checkstyle failed.

Please run mvn spotless:apply in the root of your repository and commit the changes to this PR.
You can also use pre-commit to automate the Java code formatting.

You can install the pre-commit hooks with make install_test precommit_install.

[gitar-bot]

Code Review 👍 Approved with suggestions 1 resolved / 2 findings

Tightens entity and column name validation regex to reject reserved FQN characters and control codes, resolving the missing pipe character test coverage. Consider whether silently skipping empty extension values in CSV imports might mask user configuration errors.

💡 Edge Case: Silently skipping empty extension values may hide user errors

📄 openmetadata-service/src/main/java/org/openmetadata/csv/EntityCsv.java:613-615

The change at line 613-615 converts an empty extension value from an error (previously reported via deferredFailure) to a silent skip (continue). While this may be intentional to allow partial extension definitions, it means users who accidentally leave a value blank in their CSV will receive no feedback that data was dropped. Consider at minimum logging a warning, or documenting this as intentional lenient behavior.

Suggested fix

if (value.isEmpty()) {
  LOG.debug("Skipping empty extension value for key '{}' in record {}", key, csvRecord.getRecordNumber());
  continue;
}

✅ 1 resolved

✅ Quality: Missing test coverage for pipe | character rejection

📄 openmetadata-ui/src/main/resources/ui/src/constants/regex.constants.test.ts:162-170
The updated regex blocks | (pipe) along with >, <, ", and control characters, but the frontend test suite (regex.constants.test.ts) does not include a test case for |. All other newly-blocked characters have corresponding test assertions. Adding this ensures the full intent of the regex is validated.

Also worth noting: according to the ANTLR grammar in Fqn.g4, the actual FQN-reserved characters are . and " (with \ as escape). Characters >, <, and | are not FQN separators per the grammar. The PR description calls them "reserved FQN separator characters" — consider updating documentation/comments to clarify these are blocked for safety/consistency rather than being FQN separators.

🤖 Prompt for agents

Code Review: Tightens entity and column name validation regex to reject reserved FQN characters and control codes, resolving the missing pipe character test coverage. Consider whether silently skipping empty extension values in CSV imports might mask user configuration errors.

1. 💡 Edge Case: Silently skipping empty extension values may hide user errors
   Files: openmetadata-service/src/main/java/org/openmetadata/csv/EntityCsv.java:613-615

   The change at line 613-615 converts an empty extension value from an error (previously reported via `deferredFailure`) to a silent skip (`continue`). While this may be intentional to allow partial extension definitions, it means users who accidentally leave a value blank in their CSV will receive no feedback that data was dropped. Consider at minimum logging a warning, or documenting this as intentional lenient behavior.

   Suggested fix:
   if (value.isEmpty()) {
     LOG.debug("Skipping empty extension value for key '{}' in record {}", key, csvRecord.getRecordNumber());
     continue;
   }

Options

Display: compact → Showing less information.

Comment with these commands to change:

Compact

gitar display:verbose

_{Was this helpful? React with 👍 / 👎 | Gitar}

[github-actions]

Jest test Coverage

UI tests summary

Lines	Statements	Branches	Functions
	62.42% (62939/100817)	42.75% (33918/79324)	45.75% (10035/21934)

[sonarqubecloud]

Quality Gate passed for 'open-metadata-ui'

Issues
1067 New issues
0 Accepted issues

Measures
17 Security Hotspots
0.0% Coverage on New Code
3.8% Duplication on New Code

See analysis details on SonarQube Cloud