-
Notifications
You must be signed in to change notification settings - Fork 104
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add validation check for doc level query name during monitor creation #1506
Changes from 2 commits
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -16,6 +16,7 @@ import org.opensearch.commons.alerting.action.AlertingActions | |
import org.opensearch.commons.alerting.action.IndexMonitorRequest | ||
import org.opensearch.commons.alerting.action.IndexMonitorResponse | ||
import org.opensearch.commons.alerting.model.BucketLevelTrigger | ||
import org.opensearch.commons.alerting.model.DocLevelMonitorInput | ||
import org.opensearch.commons.alerting.model.DocumentLevelTrigger | ||
import org.opensearch.commons.alerting.model.Monitor | ||
import org.opensearch.commons.alerting.model.QueryLevelTrigger | ||
|
@@ -46,6 +47,11 @@ private val log = LogManager.getLogger(RestIndexMonitorAction::class.java) | |
*/ | ||
class RestIndexMonitorAction : BaseRestHandler() { | ||
|
||
// allowed characters [- : , ( ) [ ] ' _] | ||
private val allowedChars = "-:,\\(\\)\\[\\]\'_" | ||
// regex to restrict string to alphanumeric and allowed chars, must be between 0 - 256 characters | ||
val regex = "[\\w\\s$allowedChars]{0,256}" | ||
|
||
override fun getName(): String { | ||
return "index_monitor_action" | ||
} | ||
|
@@ -116,9 +122,11 @@ class RestIndexMonitorAction : BaseRestHandler() { | |
if (it !is DocumentLevelTrigger) { | ||
throw IllegalArgumentException("Illegal trigger type, ${it.javaClass.name}, for document level monitor") | ||
} | ||
validateDocLevelQueryName(monitor) | ||
} | ||
} | ||
} | ||
|
||
val seqNo = request.paramAsLong(IF_SEQ_NO, SequenceNumbers.UNASSIGNED_SEQ_NO) | ||
val primaryTerm = request.paramAsLong(IF_PRIMARY_TERM, SequenceNumbers.UNASSIGNED_PRIMARY_TERM) | ||
val refreshPolicy = if (request.hasParam(REFRESH)) { | ||
|
@@ -133,6 +141,19 @@ class RestIndexMonitorAction : BaseRestHandler() { | |
} | ||
} | ||
|
||
private fun validateDocLevelQueryName(monitor: Monitor) { | ||
monitor.inputs.filterIsInstance<DocLevelMonitorInput>().forEach { docLevelMonitorInput -> | ||
docLevelMonitorInput.queries.forEach { dlq -> | ||
if (!dlq.name.matches(Regex(regex))) { | ||
throw IllegalArgumentException( | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Just to confirm, does this end up throwing an There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Never mind, I see in your integ test that the expected error status is |
||
"Doc level query name, ${dlq.name}, may only contain alphanumeric values and " + | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. We shouldn't return user input in error messages; so could we reword this error message to leave out There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Reworded the error message to remove dlq.name |
||
"these special characters: ${allowedChars.replace("\\","")}" | ||
) | ||
} | ||
} | ||
} | ||
} | ||
|
||
private fun validateDataSources(monitor: Monitor) { // Data Sources will currently be supported only at transport layer. | ||
if (monitor.dataSources != null) { | ||
if ( | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks like this is iterating through each trigger configured for the monitor, and then validating all of the query names during each iteration. Since queries are at the monitor level, not the trigger level, would it make sense to move this validation check out of the
forEach
loop?There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes agreed, moved the validation outside the forEach loop