From cf7dda354e5e93954afc965349de8c563143a3d1 Mon Sep 17 00:00:00 2001
From: Eric Leblond <el@stamus-networks.com>
Date: Mon, 9 Jun 2025 11:30:26 +0200
Subject: [PATCH] detect/dataset: check context_key validity

As context_key is an user entry and as it is used to build the JSON
string of alert, we could end up with an invalid event if the string
contains improper characters.
---
 src/detect-dataset.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/src/detect-dataset.c b/src/detect-dataset.c
index 2812ec8532..d68c804cf6 100644
--- a/src/detect-dataset.c
+++ b/src/detect-dataset.c
@@ -288,6 +288,13 @@ static int DetectDatasetParse(const char *str, char *cmd, int cmd_len, char *nam
                 }
                 strlcpy(array_key, val, array_key_size);
             } else if (strcmp(key, "context_key") == 0) {
+                for (size_t i = 0; i < strlen(val); i++) {
+                    if (!isalnum(val[i]) && val[i] != '_') {
+                        SCLogError("context_key can only contain alphanumeric characters and "
+                                   "underscores");
+                        return -1;
+                    }
+                }
                 if (strlen(val) > enrichment_key_size) {
                     SCLogError("'key' value too long (limit is %zu)", enrichment_key_size);
                     return -1;
-- 
2.47.2