From 8721599924408cd2399988a313217da8a5904cf1 Mon Sep 17 00:00:00 2001
From: Corey Ogburn <corey.ogburn@securityonionsolutions.com>
Date: Tue, 4 Jun 2024 14:37:07 -0600
Subject: [PATCH 1/2] Only disallow bulk action w/community rules on Delete

When adding BulkDelete, a check for the involvement of community rules was added since you can't delete community rules. However the check will fail Bulk Enables/Disables too. This is causing Cypress tests to fail.

In the sigma sync process, we had an extra bit of logic to copy over all the detections of existing community rules. This was removed as line 1044 accomplishes the task as well.

Added a coverage folder to the gitignore. Jest coverage reports shouldn't be checked in.
---
 .gitignore                              |  1 +
 server/detectionhandler.go              |  2 +-
 server/modules/elastalert/elastalert.go | 10 ----------
 3 files changed, 2 insertions(+), 11 deletions(-)

diff --git a/.gitignore b/.gitignore
index 07cacdab..46dd202b 100644
--- a/.gitignore
+++ b/.gitignore
@@ -5,6 +5,7 @@ sensoroni
 jobs/
 logs/
 nsm/
+coverage/
 .vscode/
 .DS_Store
 
diff --git a/server/detectionhandler.go b/server/detectionhandler.go
index b560e25a..93dc120c 100644
--- a/server/detectionhandler.go
+++ b/server/detectionhandler.go
@@ -433,7 +433,7 @@ func (h *DetectionHandler) bulkUpdateDetection(w http.ResponseWriter, r *http.Re
 		}
 	}
 
-	if containsCommunity {
+	if containsCommunity && body.Delete {
 		web.Respond(w, r, http.StatusBadRequest, "ERROR_BULK_COMMUNITY")
 		return
 	}
diff --git a/server/modules/elastalert/elastalert.go b/server/modules/elastalert/elastalert.go
index 31ac2ad6..4e4c00d4 100644
--- a/server/modules/elastalert/elastalert.go
+++ b/server/modules/elastalert/elastalert.go
@@ -1006,16 +1006,6 @@ func (e *ElastAlertEngine) syncCommunityDetections(ctx context.Context, detects
 		}
 	}
 
-	// carry forward existing overrides
-	for i := range detects {
-		det := detects[i]
-
-		comDet, exists := community[det.PublicID]
-		if exists {
-			det.Overrides = comDet.Overrides
-		}
-	}
-
 	results := struct {
 		Added     int
 		Updated   int

From 259ebe55a63dc293964604da0d62e50aef13633e Mon Sep 17 00:00:00 2001
From: Corey Ogburn <corey.ogburn@securityonionsolutions.com>
Date: Tue, 4 Jun 2024 15:06:16 -0600
Subject: [PATCH 2/2] Improve Performance

When not performing a delete, don't check for community status.
---
 server/detectionhandler.go | 20 +++++++++++---------
 1 file changed, 11 insertions(+), 9 deletions(-)

diff --git a/server/detectionhandler.go b/server/detectionhandler.go
index 93dc120c..ce2386ff 100644
--- a/server/detectionhandler.go
+++ b/server/detectionhandler.go
@@ -420,15 +420,17 @@ func (h *DetectionHandler) bulkUpdateDetection(w http.ResponseWriter, r *http.Re
 	} else {
 		for _, id := range body.IDs {
 			IDs = append(IDs, id)
-			det, err := h.server.Detectionstore.GetDetection(ctx, id)
-			if err != nil {
-				web.Respond(w, r, http.StatusInternalServerError, err)
-				return
-			}
-
-			if det.IsCommunity {
-				containsCommunity = true
-				break
+			if body.Delete {
+				det, err := h.server.Detectionstore.GetDetection(ctx, id)
+				if err != nil {
+					web.Respond(w, r, http.StatusInternalServerError, err)
+					return
+				}
+
+				if det.IsCommunity {
+					containsCommunity = true
+					break
+				}
 			}
 		}
 	}