fix(highlights): Stricter context field regex (#89925)

this regex was too permissive and didn't really validate anything.

Author: leeandher

src/sentry/issues/highlights.py

@@ -8,15 +8,16 @@
 from sentry.models.project import Project
 from sentry.utils.platform_categories import MOBILE
 
+VALID_KEY_PATTERN = re.compile(r"^[a-zA-Z0-9_.:-]+$")
+
 
 @extend_schema_field(field=OpenApiTypes.OBJECT)
 class HighlightContextField(serializers.Field):
-    def to_internal_value(self, data):
+    def to_internal_value(self, data: object) -> dict[str, list[str]]:
         if not isinstance(data, dict):
             raise serializers.ValidationError("Expected a dictionary.")
-
         for key, value in data.items():
-            if not re.match(r"^.+$", key):
+            if not VALID_KEY_PATTERN.match(key):
                 raise serializers.ValidationError(f"Key '{key}' is invalid.")
             if not isinstance(value, list) or not all(isinstance(item, str) for item in value):
                 raise serializers.ValidationError(f"Value for '{key}' must be a list of strings.")

tests/sentry/api/endpoints/test_project_details.py

@@ -956,6 +956,12 @@ def test_highlight_context(self):
             highlightContext={"": ["empty", "context", "type"]},
         )
         assert "Key '' is invalid" in resp.data["highlightContext"][0]
+        resp = self.get_error_response(
+            self.org_slug,
+            self.proj_slug,
+            highlightContext={"! {} #$%$?": ["empty", "context", "type"]},
+        )
+        assert "Key '! {} #$%$?' is invalid" in resp.data["highlightContext"][0]
         resp = self.get_error_response(
             self.org_slug,
             self.proj_slug,