Skip to content

Commit

Permalink
Cleanup of Constants
Browse files Browse the repository at this point in the history
  • Loading branch information
coreyogburn committed May 1, 2024
1 parent 900e4fe commit 9d21133
Show file tree
Hide file tree
Showing 7 changed files with 19 additions and 15 deletions.
10 changes: 10 additions & 0 deletions module/common.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
// Copyright 2019 Jason Ertel (github.com/jertel).
// Copyright 2020-2023 Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
// or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at
// https://securityonion.net/license; you may not use this file except in compliance with the
// Elastic License 2.0.

package module

const RulesetCustom = "__custom__"
const AuthorSOC = "__soc_import__"
4 changes: 2 additions & 2 deletions server/detectionhandler.go
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,7 @@ import (

"github.com/apex/log"
"github.com/security-onion-solutions/securityonion-soc/model"
"github.com/security-onion-solutions/securityonion-soc/module"
"github.com/security-onion-solutions/securityonion-soc/web"

"github.com/go-chi/chi/v5"
Expand All @@ -23,7 +24,6 @@ import (

var errPublicIdExists = errors.New("publicId already exists for this engine")

const customRuleset = "__custom__"

type BulkOp struct {
IDs []string `json:"ids"`
Expand Down Expand Up @@ -140,7 +140,7 @@ func (h *DetectionHandler) createDetection(w http.ResponseWriter, r *http.Reques
}

detect.Language = model.SigLanguage(strings.ToLower(string(detect.Language)))
detect.Ruleset = customRuleset
detect.Ruleset = module.RulesetCustom

switch detect.Language {
case "sigma":
Expand Down
4 changes: 1 addition & 3 deletions server/modules/elastalert/elastalert.go
Original file line number Diff line number Diff line change
Expand Up @@ -46,8 +46,6 @@ var acceptedExtensions = map[string]bool{
".yaml": true,
}

var socAuthor = "__soc_import__"

type IOManager interface {
ReadFile(path string) ([]byte, error)
WriteFile(path string, contents []byte, perm fs.FileMode) error
Expand Down Expand Up @@ -1085,7 +1083,7 @@ func (e *ElastAlertEngine) DuplicateDetection(ctx context.Context, detection *mo
rule.Title += " (copy)"
rule.ID = &id

det := rule.ToDetection("__custom__", model.LicenseUnknown, false)
det := rule.ToDetection(module.RulesetCustom, model.LicenseUnknown, false)

err = e.ExtractDetails(det)
if err != nil {
Expand Down
4 changes: 2 additions & 2 deletions server/modules/elastalert/elastalert_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -396,7 +396,7 @@ modified: 2023/11/03
engine.denyRegex = regexp.MustCompile("deny")

expected := &model.Detection{
Author: "__soc_import__",
Author: module.AuthorSOC,
PublicID: "00000000-0000-0000-0000-00000000",
Title: "Always Alert",
Severity: model.SeverityHigh,
Expand Down Expand Up @@ -463,7 +463,7 @@ license: Elastic-2.0
engine.denyRegex = regexp.MustCompile("deny")

expected := &model.Detection{
Author: "__soc_import__",
Author: module.AuthorSOC,
PublicID: "bf86ef21-41e6-417b-9a05-b9ea6bf28a38",
Title: "Security Onion - SOC Login Failure",
Severity: model.SeverityHigh,
Expand Down
4 changes: 1 addition & 3 deletions server/modules/strelka/strelka.go
Original file line number Diff line number Diff line change
Expand Up @@ -34,8 +34,6 @@ import (

var errModuleStopped = fmt.Errorf("strelka module has stopped running")

var socAuthor = "__soc_import__"

type IOManager interface {
ReadFile(path string) ([]byte, error)
WriteFile(path string, contents []byte, perm fs.FileMode) error
Expand Down Expand Up @@ -786,7 +784,7 @@ func (e *StrelkaEngine) DuplicateDetection(ctx context.Context, detection *model

rule.Identifier += "_copy"

det := rule.ToDetection(model.LicenseUnknown, "__custom__", false)
det := rule.ToDetection(model.LicenseUnknown, module.RulesetCustom, false)

err = e.ExtractDetails(det)
if err != nil {
Expand Down
4 changes: 1 addition & 3 deletions server/modules/suricata/suricata.go
Original file line number Diff line number Diff line change
Expand Up @@ -43,8 +43,6 @@ var licenseBySource = map[string]string{
"etpro": model.LicenseCommercial,
}

var socAuthor = "__soc_import__"

type IOManager interface {
ReadFile(path string) ([]byte, error)
WriteFile(path string, contents []byte, perm fs.FileMode) error
Expand Down Expand Up @@ -1242,7 +1240,7 @@ func (e *SuricataEngine) DuplicateDetection(ctx context.Context, detection *mode
}
}

dets, err := e.ParseRules(rule.String(), "__custom__")
dets, err := e.ParseRules(rule.String(), module.RulesetCustom)
if err != nil {
return nil, err
}
Expand Down
4 changes: 2 additions & 2 deletions server/modules/suricata/suricata_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -320,7 +320,7 @@ func TestParse(t *testing.T) {
},
ExpectedDetections: []*model.Detection{
{
Author: "__soc_import__",
Author: module.AuthorSOC,
PublicID: SimpleRuleSID,
Title: `GPL ATTACK_RESPONSE id check returned root`,
Category: `GPL ATTACK_RESPONSE`,
Expand All @@ -333,7 +333,7 @@ func TestParse(t *testing.T) {
License: "Unknown",
},
{
Author: "__soc_import__",
Author: module.AuthorSOC,
PublicID: "20000",
Title: `a \"tricky";\ msg`,
Category: ``,
Expand Down

0 comments on commit 9d21133

Please sign in to comment.