Merge pull request #535 from Security-Onion-Solutions/cogburn/fix-build

Only disallow bulk action w/community rules on Delete
Security-Onion-Solutions · Jun 4, 2024 · 95dc1c4 · 95dc1c4
2 parents fe95817 + 259ebe5
commit 95dc1c4
Show file tree

Hide file tree

Showing 3 changed files with 13 additions and 20 deletions.
diff --git a/.gitignore b/.gitignore
@@ -5,6 +5,7 @@ sensoroni
 jobs/
 logs/
 nsm/
+coverage/
 .vscode/
 .DS_Store
 

diff --git a/server/detectionhandler.go b/server/detectionhandler.go
@@ -420,20 +420,22 @@ func (h *DetectionHandler) bulkUpdateDetection(w http.ResponseWriter, r *http.Re
 	} else {
 		for _, id := range body.IDs {
 			IDs = append(IDs, id)
-			det, err := h.server.Detectionstore.GetDetection(ctx, id)
-			if err != nil {
-				web.Respond(w, r, http.StatusInternalServerError, err)
-				return
-			}
-
-			if det.IsCommunity {
-				containsCommunity = true
-				break
+			if body.Delete {
+				det, err := h.server.Detectionstore.GetDetection(ctx, id)
+				if err != nil {
+					web.Respond(w, r, http.StatusInternalServerError, err)
+					return
+				}
+
+				if det.IsCommunity {
+					containsCommunity = true
+					break
+				}
 			}
 		}
 	}
 
-	if containsCommunity {
+	if containsCommunity && body.Delete {
 		web.Respond(w, r, http.StatusBadRequest, "ERROR_BULK_COMMUNITY")
 		return
 	}

diff --git a/server/modules/elastalert/elastalert.go b/server/modules/elastalert/elastalert.go
@@ -1006,16 +1006,6 @@ func (e *ElastAlertEngine) syncCommunityDetections(ctx context.Context, detects
 		}
 	}
 
-	// carry forward existing overrides
-	for i := range detects {
-		det := detects[i]
-
-		comDet, exists := community[det.PublicID]
-		if exists {
-			det.Overrides = comDet.Overrides
-		}
-	}
-
 	results := struct {
 		Added     int
 		Updated   int
-Original file line number
+Diff line change
@@ Expand Up / @@ -5,6 +5,7 @@ sensoroni @@
     jobs/
     logs/
     nsm/
+    coverage/
     .vscode/
     .DS_Store
@@ Expand Down @@