From 931f43f6be81bcc65b693f66d2c7d09c3c53a969 Mon Sep 17 00:00:00 2001 From: Max Timchenko Date: Fri, 24 Sep 2021 11:25:31 +0300 Subject: [PATCH] fix: add validation of GuardDuty filter name This addresses issue #19893. --- aws/resource_aws_guardduty_filter.go | 6 +++++- website/docs/r/guardduty_filter.html.markdown | 2 +- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/aws/resource_aws_guardduty_filter.go b/aws/resource_aws_guardduty_filter.go index 148b21092fb..b1881dd66dc 100644 --- a/aws/resource_aws_guardduty_filter.go +++ b/aws/resource_aws_guardduty_filter.go @@ -40,7 +40,11 @@ func resourceAwsGuardDutyFilter() *schema.Resource { Type: schema.TypeString, Required: true, ForceNew: true, - ValidateFunc: validation.StringLenBetween(3, 64), + validateFunc: validation.All( + validation.StringLenBetween(3, 64), + validation.StringMatch(regexp.MustCompile(`^[a-zA-Z0-9_.-]+$`), + "only alphanumeric characters, hyphens, underscores, and periods are allowed"), + ) }, "description": { Type: schema.TypeString, diff --git a/website/docs/r/guardduty_filter.html.markdown b/website/docs/r/guardduty_filter.html.markdown index 04d90a44f6a..00da7bd8364 100644 --- a/website/docs/r/guardduty_filter.html.markdown +++ b/website/docs/r/guardduty_filter.html.markdown @@ -49,7 +49,7 @@ resource "aws_guardduty_filter" "MyFilter" { The following arguments are supported: * `detector_id` - (Required) ID of a GuardDuty detector, attached to your account. -* `name` - (Required) The name of your filter. +* `name` - (Required) The name of your filter. Names can be between 3 and 64 characters long and the valid characters are a-z, A-Z, 0-9, '_' (underscore), '-' (hyphen), and '.' (period). * `description` - (Optional) Description of the filter. * `rank` - (Required) Specifies the position of the filter in the list of current filters. Also specifies the order in which this filter is applied to the findings. * `action` - (Required) Specifies the action that is to be applied to the findings that match the filter. Can be one of `ARCHIVE` or `NOOP`.