Skip to content

Commit 4b95057

Browse files
eric-forte-elastictradebot-elastic
eric-forte-elastic
authored and
tradebot-elastic
committed
[Bug] Annotated Fields Ignored (#5125)
* Add Note for stop gap (cherry picked from commit 80c01cf)
1 parent c8dde06 commit 4b95057

File tree

2 files changed

+8
-5
lines changed

2 files changed

+8
-5
lines changed

detection_rules/schemas/definitions.py

Lines changed: 6 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -66,8 +66,11 @@ def validator_wrapper(value: Any) -> Any:
6666
NAME_PATTERN = re.compile(r"^[a-zA-Z0-9].+?[a-zA-Z0-9\[\]()]$")
6767
PR_PATTERN = re.compile(r"^$|\d+$")
6868
SHA256_PATTERN = re.compile(r"^[a-fA-F0-9]{64}$")
69-
UUID_PATTERN = re.compile(r"^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$")
70-
69+
# NOTE this additional bad UUID pattern is a stop gap until the rule has been deprecated
70+
UUID_PATTERN = re.compile(
71+
r"^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$" # UUID pattern
72+
r"|^7eb54028-ca72-4eb7-8185-b6864572347db$" # Additional pattern of known bad UUID
73+
)
7174
_version = r"\d+\.\d+(\.\d+[\w-]*)*"
7275
CONDITION_VERSION_PATTERN = re.compile(rf"^\^{_version}$")
7376
VERSION_PATTERN = f"^{_version}$"
@@ -108,7 +111,7 @@ def validator_wrapper(value: Any) -> Any:
108111
QUERY_FIELD_OP_EXCEPTIONS = ["powershell.file.script_block_text"]
109112

110113
# we had a bad rule ID make it in before tightening up the pattern, and so we have to let it bypass
111-
KNOWN_BAD_RULE_IDS = Literal["119c8877-8613-416d-a98a-96b6664ee73a5"]
114+
KNOWN_BAD_RULE_IDS = Literal["119c8877-8613-416d-a98a-96b6664ee73a5", "7eb54028-ca72-4eb7-8185-b6864572347db"]
112115
KNOWN_BAD_DEPRECATED_DATES = Literal["2021-03-03"]
113116
# Known Null values that cannot be handled in TOML due to lack of Null value support via compound dicts
114117
KNOWN_NULL_ENTRIES = [{"rule.actions": "frequency.throttle"}]

pyproject.toml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
[project]
22
name = "detection_rules"
3-
version = "1.4.4"
3+
version = "1.4.5"
44
description = "Detection Rules is the home for rules used by Elastic Security. This repository is used for the development, maintenance, testing, validation, and release of rules for Elastic Security’s Detection Engine."
55
readme = "README.md"
66
requires-python = ">=3.12"
@@ -25,7 +25,7 @@ dependencies = [
2525
"jsl==0.2.4",
2626
"jsonschema>=4.21.1",
2727
"marko==2.0.3",
28-
"marshmallow-dataclass[union]==8.6.1",
28+
"marshmallow-dataclass==8.7.1",
2929
"marshmallow-jsonschema~=0.13.0",
3030
"marshmallow-union~=0.1.15",
3131
"marshmallow~=3.26.1",

0 commit comments

Comments
 (0)