query_field_names bugfix (#335) (#342)

Signed-off-by: Petar Dzepina <[email protected]>
opensearch-project · Feb 21, 2023 · f7d042c · f7d042c
1 parent de48737
commit f7d042c
Show file tree

Hide file tree

Showing 5 changed files with 8 additions and 3 deletions.
diff --git a/src/main/java/org/opensearch/securityanalytics/mapper/MapperService.java b/src/main/java/org/opensearch/securityanalytics/mapper/MapperService.java
@@ -294,7 +294,7 @@ public void onResponse(GetMappingsResponse getMappingsResponse) {
 
                     if (appliedAliases.size() == 0) {
                         actionListener.onFailure(SecurityAnalyticsException.wrap(
-                                new OpenSearchStatusException("No applied aliases not found", RestStatus.NOT_FOUND))
+                                new OpenSearchStatusException("No applied aliases found", RestStatus.NOT_FOUND))
                         );
                         return;
                     }

diff --git a/src/main/java/org/opensearch/securityanalytics/rules/backend/QueryBackend.java b/src/main/java/org/opensearch/securityanalytics/rules/backend/QueryBackend.java
@@ -180,6 +180,10 @@ public Map<String, Object> getQueryFields() {
         return queryFields;
     }
 
+    public void resetQueryFields() {
+        queryFields.clear();
+    }
+
     public abstract Object convertConditionAsInExpression(Either<ConditionAND, ConditionOR> condition);
 
     public abstract Object convertConditionAnd(ConditionAND condition);

diff --git a/src/main/java/org/opensearch/securityanalytics/util/RuleIndices.java b/src/main/java/org/opensearch/securityanalytics/util/RuleIndices.java
@@ -284,6 +284,7 @@ private List<Rule> getQueries(QueryBackend backend, String category, List<String
         List<Rule> queries = new ArrayList<>();
         for (String ruleStr: rules) {
             SigmaRule rule = SigmaRule.fromYaml(ruleStr, true);
+            backend.resetQueryFields();
             List<Object> ruleQueries = backend.convertRule(rule);
             Set<String> queryFieldNames = backend.getQueryFields().keySet();
 

diff --git a/src/main/resources/mappings/rules.json b/src/main/resources/mappings/rules.json
@@ -100,7 +100,7 @@
             }
           }
         },
-        "query_fields": {
+        "query_field_names": {
           "type": "nested",
           "properties": {
             "value": {

diff --git a/src/test/java/org/opensearch/securityanalytics/mapper/MapperRestApiIT.java b/src/test/java/org/opensearch/securityanalytics/mapper/MapperRestApiIT.java
@@ -254,7 +254,7 @@ public void testUpdateAndGetMapping_notFound_Success() throws IOException {
             fail();
         } catch (ResponseException e) {
             assertEquals(HttpStatus.SC_NOT_FOUND, e.getResponse().getStatusLine().getStatusCode());
-            assertTrue(e.getMessage().contains("No applied aliases not found"));
+            assertTrue(e.getMessage().contains("No applied aliases found"));
         }
     }