From fa75876322f3ad459a626affdd838d9231cf8d1c Mon Sep 17 00:00:00 2001
From: Eric Forte <119343520+eric-forte-elastic@users.noreply.github.com>
Date: Thu, 4 Apr 2024 17:37:13 -0400
Subject: [PATCH] [Bug] New Terms Rule Import Failing (#3569)

* initial patch

* Update definitions to allow for brackets in name

* Update to prompt for required fields.

* Update detection_rules/cli_utils.py

Co-authored-by: Mika Ayenson <Mikaayenson@users.noreply.github.com>

---------

Co-authored-by: Mika Ayenson <Mikaayenson@users.noreply.github.com>
---
 detection_rules/cli_utils.py           | 15 ++++++++++++++-
 detection_rules/schemas/definitions.py |  2 +-
 2 files changed, 15 insertions(+), 2 deletions(-)

diff --git a/detection_rules/cli_utils.py b/detection_rules/cli_utils.py
index 4eb865615..710ae8b67 100644
--- a/detection_rules/cli_utils.py
+++ b/detection_rules/cli_utils.py
@@ -165,7 +165,20 @@ def rule_prompt(path=None, rule_type=None, required_only=True, save=True, verbos
             contents[name] = schema_prompt(name, value=kwargs.pop(name))
             continue
 
-        result = schema_prompt(name, is_required=name in required_fields, **options.copy())
+        if name == "new_terms":
+            # patch to allow new_term imports
+            result = {"field": "new_terms_fields"}
+            result["value"] = schema_prompt("new_terms_fields", value=kwargs.pop("new_terms_fields"))
+            history_window_start_value = kwargs.pop("history_window_start", None)
+            result["history_window_start"] = [
+                {
+                    "field": "history_window_start",
+                    "value": schema_prompt("history_window_start", value=history_window_start_value),
+                }
+            ]
+
+        else:
+            result = schema_prompt(name, is_required=name in required_fields, **options.copy())
 
         if result:
             if name not in required_fields and result == options.get('default', ''):
diff --git a/detection_rules/schemas/definitions.py b/detection_rules/schemas/definitions.py
index cc6e392d9..a64dcd6ac 100644
--- a/detection_rules/schemas/definitions.py
+++ b/detection_rules/schemas/definitions.py
@@ -17,7 +17,7 @@ SAVED_OBJECT_TYPE = "security-rule"
 DATE_PATTERN = r'^\d{4}/\d{2}/\d{2}$'
 MATURITY_LEVELS = ['development', 'experimental', 'beta', 'production', 'deprecated']
 OS_OPTIONS = ['windows', 'linux', 'macos']
-NAME_PATTERN = r'^[a-zA-Z0-9].+?[a-zA-Z0-9()]$'
+NAME_PATTERN = r'^[a-zA-Z0-9].+?[a-zA-Z0-9\[\]()]$'
 PR_PATTERN = r'^$|\d+$'
 SHA256_PATTERN = r'^[a-fA-F0-9]{64}$'
 UUID_PATTERN = r'^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$'