diff --git a/service/src/main/java/edu/harvard/hms/dbmi/avillach/hpds/service/PicSureService.java b/service/src/main/java/edu/harvard/hms/dbmi/avillach/hpds/service/PicSureService.java index 28baf105..d1d2fb71 100644 --- a/service/src/main/java/edu/harvard/hms/dbmi/avillach/hpds/service/PicSureService.java +++ b/service/src/main/java/edu/harvard/hms/dbmi/avillach/hpds/service/PicSureService.java @@ -262,11 +262,24 @@ public Response queryResult(@PathParam("resourceQueryId") UUID queryId, QueryReq } } + private Optional roundTripUUID(String uuid) { + try { + return Optional.ofNullable(UUID.fromString(uuid).toString()); + } catch (IllegalArgumentException ignored) { + return Optional.empty(); + } + } + @POST @Path("/write/{dataType}") public Response writeQueryResult( @RequestBody() Query query, @PathParam("dataType") String datatype ) { + if (roundTripUUID(query.getPicSureId()).map(id -> !id.equalsIgnoreCase(query.getPicSureId())).orElse(false)) { + return Response + .status(400, "The query pic-sure ID is not a UUID") + .build(); + } if (query.getExpectedResultType() != ResultType.DATAFRAME_TIMESERIES) { return Response .status(400, "The write endpoint only writes time series dataframes. Fix result type.")