X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=ONAP-PAP-REST%2Fsrc%2Fmain%2Fjava%2Forg%2Fonap%2Fpolicy%2Fpap%2Fxacml%2Frest%2Fhandler%2FDeleteHandler.java;fp=ONAP-PAP-REST%2Fsrc%2Fmain%2Fjava%2Forg%2Fonap%2Fpolicy%2Fpap%2Fxacml%2Frest%2Fhandler%2FDeleteHandler.java;h=f3dda33fcca0bee1aa19741a64f19e53328619a5;hb=89e06a653ef40d5fc91ad89be4722e02d67d8ebd;hp=85b6e24a194ff24afa3ad654f2e1cb400f889c3c;hpb=aff7dbd3713e42412bcc7b5f6416896e16e82898;p=policy%2Fengine.git

diff --git a/ONAP-PAP-REST/src/main/java/org/onap/policy/pap/xacml/rest/handler/DeleteHandler.java b/ONAP-PAP-REST/src/main/java/org/onap/policy/pap/xacml/rest/handler/DeleteHandler.java
index 85b6e24a1..f3dda33fc 100644
--- a/ONAP-PAP-REST/src/main/java/org/onap/policy/pap/xacml/rest/handler/DeleteHandler.java
+++ b/ONAP-PAP-REST/src/main/java/org/onap/policy/pap/xacml/rest/handler/DeleteHandler.java
@@ -64,7 +64,7 @@ public class DeleteHandler {
 	public static final String POLICY_IN_PDP = "PolicyInPDP";
 	public static final String ERROR = "error";
 	public static final String UNKNOWN = "unknown";
-
+	private static final String REGEX = "[0-9a-zA-Z._]*";
 
 	public void doAPIDeleteFromPAP(HttpServletRequest request, HttpServletResponse response) throws IOException, SQLException  {
 		// get the request content into a String
@@ -320,6 +320,13 @@ public class DeleteHandler {
 		String groupId = request.getParameter("groupId");
 		String responseString = null;
 		
+		if(groupId != null && !groupId.matches(REGEX) ){
+			response.setStatus(HttpServletResponse.SC_BAD_REQUEST);
+			response.addHeader("error",ERROR);
+			response.addHeader("message", "Group Id is not valid");
+			return;
+		}
+				
 		PolicyLogger.info("JSON request from API to Delete Policy from the PDP: " + policyName);
 
 		// for PUT operations the group may or may not need to exist before the operation can be done