From 1349ea714e3f09971ca8183e804e7d5b310043bf Mon Sep 17 00:00:00 2001
From: Iain Sproat <68657+iainsproat@users.noreply.github.com>
Date: Wed, 28 May 2025 08:43:31 +0100
Subject: [PATCH] fix(server): ensure object IDs are like MD5 hashes; 32
 character hexadecimal (#4392)

---
 packages/server/modules/core/services/objects/management.ts | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/packages/server/modules/core/services/objects/management.ts b/packages/server/modules/core/services/objects/management.ts
index c8c3a0039..fe665ba02 100644
--- a/packages/server/modules/core/services/objects/management.ts
+++ b/packages/server/modules/core/services/objects/management.ts
@@ -34,6 +34,12 @@ const prepInsertionObject = (
     obj.id =
       obj.id || crypto.createHash('md5').update(JSON.stringify(obj)).digest('hex') // generate a hash if none is present
 
+  if (obj.id.length !== 32) {
+    throw new ObjectHandlingError(
+      `Invalid object ID. Object ID: ${obj.id}. Object ID's must be hashes represented by a string of 32 characters.`
+    )
+  }
+
   const stringifiedObj = JSON.stringify(obj)
   const objectByteSize = estimateStringMegabyteSize(stringifiedObj)
   if (objectByteSize > MAX_OBJECT_SIZE_MB) {