Core-metadata doesn't validate device names against reserved characters #5313
Description
🐞 Bug Report
Affected Services [REQUIRED]
At least Metadata
The issue is located in:internal/core/metadata/controller/http/device.go:AddDevice
Is this a regression?
As far as I know, there is some validation implemented in `go-mod-core-contracts/dtos/requests/device.go` at the moment, but it doesn't seem to actually run.Description and Minimal Reproduction [REQUIRED]
Core-metadata (and potentially other services) does not run validation against device names (and potentially other names). This allows devices with invalid characters in their names to be created, such as MQTT/NATS wildcards, spaces, special characters...
To reproduce, one can simply POST a new device to the core-metadata /device API, containing an invalid device name (e.g. "Invalid@Device*Name#"). The POST will succeed and the device will be added to metadata, potentially creating issues afterwards on the message bus due to topic/subject name constraints.
🔥 Exception or Error
No exceptions or errors are returned from core-metadata itself, but it can cause the message bus (MQTT or NATS) to refuse topic/subject creation/publication/subscription depending on the characters present in the name.
🌍 Your Environment
Deployment Environment:
EdgeX containers in Docker on WSL, with a custom device service implemented using the C SDK. However, just using core-metadata's API is sufficient for the issue to show itself.
EdgeX Version [REQUIRED]:
3.1.1, but issue is also present in the latest 4.1.0-dev.
Anything else relevant?