call validation from common utils

Signed-off-by: Joanne Wang <[email protected]>

src/main/java/org/opensearch/securityanalytics/rules/objects/SigmaRule.java

@@ -27,6 +27,9 @@
 import java.util.UUID;
 import java.util.regex.Pattern;
 
+import static org.opensearch.commons.utils.ValidationHelpersKt.getInvalidNameChars;
+import static org.opensearch.commons.utils.ValidationHelpersKt.isValidName;
+
 public class SigmaRule {
 
     private String title;
@@ -183,15 +186,10 @@ public static SigmaRule fromYaml(String rule, boolean collectErrors) throws Sigm
 
     public static void validateSigmaRuleTitle(String title, List<SigmaError> errors)
     {
-        // allowed characters [- : , ( ) [ ] ' _]
-        String allowedChars = "-:,\\(\\)\\[\\]\'_";
-        // regex to restrict string to alphanumeric and allowed chars, must be between 0 - 256 characters
-        String regex = "[\\w\\s" + Pattern.quote(allowedChars) + "]{0,256}";
-
-        if (!Pattern.matches(regex, title))
+        if (!isValidName(title))
         {
-            errors.add(new SigmaTitleError("Sigma rule title, " + title + ", may only contain alphanumeric values " +
-                    "and these special characters: " + allowedChars.replace("\\", "")));
+            errors.add(new SigmaTitleError("Sigma rule title may not start with [_, +, -], contain '..', or contain: " +
+                    getInvalidNameChars().replace("\\", "")));
         }
     }
 

src/test/java/org/opensearch/securityanalytics/resthandler/RuleRestApiIT.java

@@ -36,6 +36,7 @@
 import java.util.stream.Collectors;
 import org.opensearch.securityanalytics.rules.exceptions.SigmaError;
 
+import static org.opensearch.commons.utils.ValidationHelpersKt.getInvalidNameChars;
 import static org.opensearch.securityanalytics.TestHelpers.randomDetectorType;
 import static org.opensearch.securityanalytics.TestHelpers.countAggregationTestRule;
 import static org.opensearch.securityanalytics.TestHelpers.randomDetectorWithInputs;
@@ -158,17 +159,18 @@ public void testCreatingAggregationRule() throws SigmaError, IOException {
 
     @SuppressWarnings("unchecked")
     public void testCreatingARuleWithWrongSyntax() throws IOException {
-        String invalidSigmaRuleTitle = "Remote Encrypting File System Abuse!";
+        String invalidSigmaRuleTitle = "_Invalid # Rule";
         String rule = randomRuleWithErrors(invalidSigmaRuleTitle);
 
         try {
             makeRequest(client(), "POST", SecurityAnalyticsPlugin.RULE_BASE_URI, Collections.singletonMap("category", randomDetectorType()),
                     new StringEntity(rule), new BasicHeader("Content-Type", "application/json"));
+            fail("Invalid rule syntax, creation should have failed");
         } catch (ResponseException ex) {
             Map<String, Object> responseBody = asMap(ex.getResponse());
             String reason = ((Map<String, Object>) responseBody.get("error")).get("reason").toString();
             Assert.assertEquals("{\"error\":\"Sigma rule must have a log source\",\"error\":\"Sigma rule must have a detection definitions\"," +
-                    "\"error\":\"Sigma rule title, " + invalidSigmaRuleTitle + ", may only contain alphanumeric values and these special characters: -:,()[]'_\"}", reason);
+                    "\"error\":\"Sigma rule title may not start with [_, +, -], contain '..', or contain: "+ getInvalidNameChars().replace("\\", "") + "\"}", reason);
         }
     }
 
@@ -432,7 +434,7 @@ public void testUpdatingUnusedRuleWithWrongSyntax() throws IOException {
         Map<String, Object> responseBody = asMap(createResponse);
         String createdId = responseBody.get("_id").toString();
 
-        String invalidSigmaRuleTitle = "Remote Encrypting File System Abuse!";
+        String invalidSigmaRuleTitle = "..Remote Encrypting File System Abuse";
         String updatedRule = randomEditedRuleInvalidSyntax(invalidSigmaRuleTitle);
 
         try {
@@ -442,7 +444,8 @@ public void testUpdatingUnusedRuleWithWrongSyntax() throws IOException {
         } catch (ResponseException ex) {
             responseBody = asMap(ex.getResponse());
             String reason = ((Map<String, Object>) responseBody.get("error")).get("reason").toString();
-            Assert.assertEquals("Sigma rule title, " + invalidSigmaRuleTitle + ", may only contain alphanumeric values and these special characters: -:,()[]'_", reason);
+            Assert.assertEquals("Sigma rule title may not start with [_, +, -], contain '..', or contain: " +
+                    getInvalidNameChars().replace("\\", ""), reason);
         }
     }
 

src/test/java/org/opensearch/securityanalytics/rules/objects/SigmaRuleTests.java

@@ -5,6 +5,7 @@
 package org.opensearch.securityanalytics.rules.objects;
 
 import org.junit.Assert;
+import org.junit.Rule;
 import org.opensearch.securityanalytics.rules.condition.ConditionOR;
 import org.opensearch.securityanalytics.rules.exceptions.SigmaDateError;
 import org.opensearch.securityanalytics.rules.exceptions.SigmaDetectionError;
@@ -36,6 +37,8 @@
 import java.util.Map;
 import java.util.UUID;
 
+import static org.opensearch.commons.utils.ValidationHelpersKt.getInvalidNameChars;
+
 public class SigmaRuleTests extends OpenSearchTestCase {
 
     public void testSigmaRuleBadUuid() {
@@ -91,17 +94,16 @@ public void testSigmaRuleBadDate() {
     }
 
     public void testSigmaRuleBadTitle() {
-        String invalidSigmaRuleTitle = "Invalid @ title";
+        String invalidSigmaRuleTitle = "_invalid ..title?";
         List<SigmaError> errors = new ArrayList<>();
-        SigmaTitleError expectedError = new SigmaTitleError("Sigma rule title, " + invalidSigmaRuleTitle + ", " +
-                "may only contain alphanumeric values and these special characters: -:,()[]'_");
+        SigmaTitleError expectedError = new SigmaTitleError("Sigma rule title may not start with [_, +, -], contain '..', or contain: " + getInvalidNameChars().replace("\\", ""));
 
         SigmaRule.validateSigmaRuleTitle(invalidSigmaRuleTitle, errors);
 
         assertEquals(1, errors.size());
         assertEquals(expectedError.getMessage(), errors.get(0).getMessage());
 
-        String validSigmaRuleTitle = "acceptable_title";
+        String validSigmaRuleTitle = "acceptable [title]";
         errors.clear();
         SigmaRule.validateSigmaRuleTitle(validSigmaRuleTitle, errors);
         assertEquals(0, errors.size());