Change doc level query name validation #630
Conversation
Signed-off-by: jowg-amazon <jowg@amazon.com>
Signed-off-by: jowg-amazon <jowg@amazon.com>
jowg-amazon
requested review from
lezzago,
qreshi,
bowenlan-amzn,
rishabhmaurya,
getsaurabh02,
eirsep,
sbcd90,
AWSHurneyt,
engechas and
riysaxen-amzn
as code owners
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## main #630 +/- ##
============================================
- Coverage 73.91% 73.91% -0.01%
Complexity 891 891
============================================
Files 133 133
Lines 5870 5873 +3
Branches 717 718 +1
============================================
+ Hits 4339 4341 +2
Misses 1219 1219
- Partials 312 313 +1 ☔ View full report in Codecov by Sentry. |
| @@ -160,15 +161,20 @@ data class DocLevelQuery( | |||
| } | |||
|
|
|||
| // TODO: add test for this | |||
There was a problem hiding this comment.
Do you want to address this as part of this PR?
There was a problem hiding this comment.
This PR modifies the existing test in DocLevelMonitorInputTests, should we add more testing for this? If not I will remove this comment.
There was a problem hiding this comment.
If there is no test for the part of the code that the TODO was added for, then let's add one?
There was a problem hiding this comment.
These two unit tests should be sufficient to test the two validation functions. I think the TODO may have been left in after the tests were created. These two tests create an invalid doc level query so that validation for a doc level query name and doc level query tag exceptions are caught.
Will take out the TODO comment
| @@ -80,6 +80,7 @@ data class DocLevelQuery( | |||
| const val QUERY_FIELD_NAMES_FIELD = "query_field_names" | |||
| const val NO_ID = "" | |||
| val INVALID_CHARACTERS: List<String> = listOf(" ", "[", "]", "{", "}", "(", ")") | |||
| val QUERY_NAME_REGEX = "^.{0,256}$".toRegex() // regex to restrict string length 256 chars | |||
There was a problem hiding this comment.
Doubt: How did we decide to cap the length at 256?
There was a problem hiding this comment.
Another comment - this regex differs from the one in alerting: https://github.com/opensearch-project/alerting/pull/1506/files#diff-c8b7d067c22deb1581efc7a7286769d1c24d1a96146f8a4ecb92ef0dec16c44aR53
What's the reason for a difference?
There was a problem hiding this comment.
I chose 256 as the cap based on security analytics front end validation for a rule name in hopes of remaining somewhat consistent:
https://github.com/opensearch-project/security-analytics-dashboards-plugin/blob/3e01e1631fa8aaff4e0968c68424a81abff03981/public/utils/validation.ts#L14
I had to change the length to 0-256 because when security analytics creates findings from bucket level monitors, it will create a doc level query with an empty name.
https://github.com/opensearch-project/security-analytics/blob/0507239054d238dac1e9cf53cfde488aeb4be1c2/src/main/java/org/opensearch/securityanalytics/findings/FindingsService.java#L302
There was a problem hiding this comment.
The regex is different from alerting and security analytics because when security analytics converts the prepackaged sigma rules into doc level queries, there are some existing prepackaged rules that have some of the special characters like ( so we can't include all the validation at the doc level query level.
| repeat(256) { | ||
| stringBuilder.append("a") | ||
| } | ||
| val badString = stringBuilder.toString() + "b".repeat(256) |
There was a problem hiding this comment.
Minor: Looks like this is testing a string of length 512. Would be better to test at the limit (257) imo
There was a problem hiding this comment.
changed testing to 257 chars
| @@ -80,6 +80,7 @@ data class DocLevelQuery( | |||
| const val QUERY_FIELD_NAMES_FIELD = "query_field_names" | |||
| const val NO_ID = "" | |||
| val INVALID_CHARACTERS: List<String> = listOf(" ", "[", "]", "{", "}", "(", ")") | |||
| val QUERY_NAME_REGEX = "^.{0,256}$".toRegex() // regex to restrict string length 256 chars | |||
Signed-off-by: jowg-amazon <jowg@amazon.com>
Signed-off-by: jowg-amazon <jowg@amazon.com>
Signed-off-by: jowg-amazon <jowg@amazon.com>
| Assertions.fail("Expecting an illegal argument exception") | ||
| } catch (e: IllegalArgumentException) { | ||
| Assertions.assertEquals( | ||
| "The query name, $emptyString, can be max 256 characters.", |
There was a problem hiding this comment.
Minor: the error message should say between 1-256 characters
Signed-off-by: jowg-amazon <jowg@amazon.com>
* change validation and tests Signed-off-by: jowg-amazon <jowg@amazon.com> * change regex to 0-256 chars Signed-off-by: jowg-amazon <jowg@amazon.com> * moved validation to common utils and fix test Signed-off-by: jowg-amazon <jowg@amazon.com> * remove TODO Signed-off-by: jowg-amazon <jowg@amazon.com> * ensure name is at lest 1 char Signed-off-by: jowg-amazon <jowg@amazon.com> * change error message Signed-off-by: jowg-amazon <jowg@amazon.com> --------- Signed-off-by: jowg-amazon <jowg@amazon.com> (cherry picked from commit 9beae87) Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
* change validation and tests Signed-off-by: jowg-amazon <jowg@amazon.com> * change regex to 0-256 chars Signed-off-by: jowg-amazon <jowg@amazon.com> * moved validation to common utils and fix test Signed-off-by: jowg-amazon <jowg@amazon.com> * remove TODO Signed-off-by: jowg-amazon <jowg@amazon.com> * ensure name is at lest 1 char Signed-off-by: jowg-amazon <jowg@amazon.com> * change error message Signed-off-by: jowg-amazon <jowg@amazon.com> --------- Signed-off-by: jowg-amazon <jowg@amazon.com> (cherry picked from commit 9beae87) Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
* change validation and tests * change regex to 0-256 chars * moved validation to common utils and fix test * remove TODO * ensure name is at lest 1 char * change error message --------- (cherry picked from commit 9beae87) Signed-off-by: jowg-amazon <jowg@amazon.com> Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
* change validation and tests * change regex to 0-256 chars * moved validation to common utils and fix test * remove TODO * ensure name is at lest 1 char * change error message --------- (cherry picked from commit 9beae87) Signed-off-by: jowg-amazon <jowg@amazon.com> Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
* change validation and tests Signed-off-by: jowg-amazon <jowg@amazon.com> * change regex to 0-256 chars Signed-off-by: jowg-amazon <jowg@amazon.com> * moved validation to common utils and fix test Signed-off-by: jowg-amazon <jowg@amazon.com> * remove TODO Signed-off-by: jowg-amazon <jowg@amazon.com> * ensure name is at lest 1 char Signed-off-by: jowg-amazon <jowg@amazon.com> * change error message Signed-off-by: jowg-amazon <jowg@amazon.com> --------- Signed-off-by: jowg-amazon <jowg@amazon.com> (cherry picked from commit 9beae87) Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
Description
Changes the doc level query name validation to restrict the name from 0-256 characters, similar to the validation done on the front end
Name validation regex modified from https://github.com/opensearch-project/alerting/blob/d2a590e744c920820536efc5e1a88a4185eeed74/alerting/src/main/kotlin/org/opensearch/alerting/util/IndexUtils.kt#L29
Issues Resolved
[List any issues this PR will resolve]
Check List
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.