diff --git a/src/main/java/org/opensearch/securityanalytics/rules/objects/SigmaRule.java b/src/main/java/org/opensearch/securityanalytics/rules/objects/SigmaRule.java index 4b507a863..6236713d1 100644 --- a/src/main/java/org/opensearch/securityanalytics/rules/objects/SigmaRule.java +++ b/src/main/java/org/opensearch/securityanalytics/rules/objects/SigmaRule.java @@ -11,8 +11,11 @@ import org.opensearch.securityanalytics.rules.exceptions.SigmaLevelError; import org.opensearch.securityanalytics.rules.exceptions.SigmaLogsourceError; import org.opensearch.securityanalytics.rules.exceptions.SigmaStatusError; +import org.yaml.snakeyaml.DumperOptions; +import org.yaml.snakeyaml.LoaderOptions; import org.yaml.snakeyaml.Yaml; import org.yaml.snakeyaml.constructor.SafeConstructor; +import org.yaml.snakeyaml.representer.Representer; import java.text.SimpleDateFormat; import java.util.ArrayList; @@ -168,7 +171,10 @@ protected static SigmaRule fromDict(Map rule, boolean collectErr } public static SigmaRule fromYaml(String rule, boolean collectErrors) throws SigmaError { - Yaml yaml = new Yaml(new SafeConstructor()); + LoaderOptions loaderOptions = new LoaderOptions(); + loaderOptions.setNestingDepthLimit(10); + + Yaml yaml = new Yaml(new SafeConstructor(), new Representer(), new DumperOptions(), loaderOptions); Map ruleMap = yaml.load(rule); return fromDict(ruleMap, collectErrors); } diff --git a/src/test/java/org/opensearch/securityanalytics/TestHelpers.java b/src/test/java/org/opensearch/securityanalytics/TestHelpers.java index 939b118f5..34afda245 100644 --- a/src/test/java/org/opensearch/securityanalytics/TestHelpers.java +++ b/src/test/java/org/opensearch/securityanalytics/TestHelpers.java @@ -320,7 +320,7 @@ public static User randomUserEmpty() { } public static String randomDetectorType() { - return "TEST_WINDOWS"; + return "test_windows"; } public static DetectorInput randomDetectorInput() { diff --git a/src/test/java/org/opensearch/securityanalytics/resthandler/DetectorRestApiIT.java b/src/test/java/org/opensearch/securityanalytics/resthandler/DetectorRestApiIT.java index e20f69161..1711a6ca3 100644 --- a/src/test/java/org/opensearch/securityanalytics/resthandler/DetectorRestApiIT.java +++ b/src/test/java/org/opensearch/securityanalytics/resthandler/DetectorRestApiIT.java @@ -585,12 +585,12 @@ public void testDeletingADetector_single_ruleTopicIndex() throws IOException { Response deleteResponse = makeRequest(client(), "DELETE", SecurityAnalyticsPlugin.DETECTOR_BASE_URI + "/" + detectorId1, Collections.emptyMap(), null); Assert.assertEquals("Delete detector failed", RestStatus.OK, restStatus(deleteResponse)); // We deleted 1 detector, but 1 detector with same type exists, so we expect queryIndex to be present - Assert.assertTrue(doesIndexExist(String.format(Locale.getDefault(), ".opensearch-sap-%s-detectors-queries-000001", "test_windows"))); + Assert.assertTrue(doesIndexExist(String.format(Locale.ROOT, ".opensearch-sap-%s-detectors-queries-000001", "test_windows"))); deleteResponse = makeRequest(client(), "DELETE", SecurityAnalyticsPlugin.DETECTOR_BASE_URI + "/" + detectorId2, Collections.emptyMap(), null); Assert.assertEquals("Delete detector failed", RestStatus.OK, restStatus(deleteResponse)); // We deleted all detectors of type windows, so we expect that queryIndex is deleted - Assert.assertFalse(doesIndexExist(String.format(Locale.getDefault(), ".opensearch-sap-%s-detectors-queries-000001", "test_windows"))); + Assert.assertFalse(doesIndexExist(String.format(Locale.ROOT, ".opensearch-sap-%s-detectors-queries-000001", "test_windows"))); request = "{\n" + " \"query\" : {\n" +