fix: Validate custom tool names for forbidden chars (#8878)

packages/workflow/src/Interfaces.ts

@@ -2341,6 +2341,7 @@ export interface ResourceMapperField {
 
 export type FieldType =
 	| 'string'
+	| 'string-alphanumeric'
 	| 'number'
 	| 'dateTime'
 	| 'boolean'

packages/workflow/src/TypeValidation.ts

@@ -26,7 +26,14 @@ export const tryToParseString = (value: unknown): string => {
 
 	return String(value);
 };
-
+export const tryToParseAlphanumericString = (value: unknown): string => {
+	const parsed = tryToParseString(value);
+	const regex = /^[a-zA-Z_][a-zA-Z0-9_]*$/;
+	if (!regex.test(parsed)) {
+		throw new ApplicationError('Value is not a valid alphanumeric string', { extra: { value } });
+	}
+	return parsed;
+};
 export const tryToParseBoolean = (value: unknown): value is boolean => {
 	if (typeof value === 'boolean') {
 		return value;
@@ -180,6 +187,17 @@ export const validateFieldType = (
 				return { valid: false, errorMessage: defaultErrorMessage };
 			}
 		}
+		case 'string-alphanumeric': {
+			try {
+				return { valid: true, newValue: tryToParseAlphanumericString(value) };
+			} catch (e) {
+				return {
+					valid: false,
+					errorMessage:
+						'Value is not a valid alphanumeric string, only letters, numbers and underscore allowed',
+				};
+			}
+		}
 		case 'number': {
 			try {
 				if (strict && typeof value !== 'number') {