From ec8e5d986bce81fe0454ede93e844f21389cf001 Mon Sep 17 00:00:00 2001
From: Joanne Wang <jowg@amazon.com>
Date: Tue, 29 Oct 2024 16:23:05 -0700
Subject: [PATCH] add additional validation

Signed-off-by: Joanne Wang <jowg@amazon.com>
---
 .../common/SourceConfigDtoValidator.java      | 19 ++++++++++++++++---
 1 file changed, 16 insertions(+), 3 deletions(-)

diff --git a/src/main/java/org/opensearch/securityanalytics/threatIntel/common/SourceConfigDtoValidator.java b/src/main/java/org/opensearch/securityanalytics/threatIntel/common/SourceConfigDtoValidator.java
index 80c56c46e..4a5ab1446 100644
--- a/src/main/java/org/opensearch/securityanalytics/threatIntel/common/SourceConfigDtoValidator.java
+++ b/src/main/java/org/opensearch/securityanalytics/threatIntel/common/SourceConfigDtoValidator.java
@@ -5,7 +5,6 @@
 
 package org.opensearch.securityanalytics.threatIntel.common;
 
-import org.opensearch.securityanalytics.commons.model.IOC;
 import org.opensearch.securityanalytics.commons.model.IOCType;
 import org.opensearch.securityanalytics.threatIntel.model.IocUploadSource;
 import org.opensearch.securityanalytics.threatIntel.model.S3Source;
@@ -13,9 +12,8 @@
 import org.opensearch.securityanalytics.threatIntel.model.UrlDownloadSource;
 
 import java.util.ArrayList;
-import java.util.Arrays;
 import java.util.List;
-import java.util.stream.Collectors;
+import java.util.regex.Pattern;
 
 /**
  * Source config dto validator
@@ -24,12 +22,27 @@ public class SourceConfigDtoValidator {
     public List<String> validateSourceConfigDto(SATIFSourceConfigDto sourceConfigDto) {
         List<String> errorMsgs = new ArrayList<>();
 
+        String nameRegex = "^[a-zA-Z0-9 _-]{1,128}$";
+        Pattern namePattern = Pattern.compile(nameRegex);
+
+        int MAX_RULE_DESCRIPTION_LENGTH = 65535;
+        String descriptionRegex = "^.{0," + MAX_RULE_DESCRIPTION_LENGTH + "}$";
+        Pattern descriptionPattern = Pattern.compile(descriptionRegex);
+
         if (sourceConfigDto.getName() == null || sourceConfigDto.getName().isEmpty()) {
             errorMsgs.add("Name must not be empty");
+        } else if (sourceConfigDto.getName() != null && namePattern.matcher(sourceConfigDto.getName()).matches() == false) {
+            errorMsgs.add("Name must be less than 128 characters and only consist of upper and lowercase letters, numbers 0-9, hyphens, spaces, and underscores");
         }
 
         if (sourceConfigDto.getFormat() == null || sourceConfigDto.getFormat().isEmpty()) {
             errorMsgs.add("Format must not be empty");
+        } else if (sourceConfigDto.getFormat() != null && sourceConfigDto.getFormat().length() > 50) {
+            errorMsgs.add("Format must be 50 characters or less");
+        }
+
+        if (sourceConfigDto.getDescription() != null && descriptionPattern.matcher(sourceConfigDto.getDescription()).matches() == false) {
+            errorMsgs.add("Description must be " + MAX_RULE_DESCRIPTION_LENGTH + " characters or less");
         }
 
         if (sourceConfigDto.getSource() == null) {