From b2ed78a459343fd777a281a81081c0a34bae9bce Mon Sep 17 00:00:00 2001
From: Davis Plumlee <davis.plumlee@elastic.co>
Date: Wed, 9 Oct 2024 14:46:32 -0400
Subject: [PATCH] updates test utils

---
 .../methods/patch_rule.ts                     |  5 +----
 .../methods/update_rule.ts                    |  5 +----
 .../rule_management/utils/validate.ts         | 22 ++++++++++++-------
 .../get_custom_query_rule_params.ts           |  1 +
 4 files changed, 17 insertions(+), 16 deletions(-)

diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/logic/detection_rules_client/methods/patch_rule.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/logic/detection_rules_client/methods/patch_rule.ts
index fe7ec902d6153..113576e8d02e2 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/logic/detection_rules_client/methods/patch_rule.ts
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/logic/detection_rules_client/methods/patch_rule.ts
@@ -52,10 +52,7 @@ export const patchRule = async ({
 
   await validateMlAuth(mlAuthz, rulePatch.type ?? existingRule.type);
 
-  // We don't allow non-customizable fields to be changed for prebuilt rules
-  if (existingRule.rule_source && existingRule.rule_source.type === 'external') {
-    validateNonCustomizablePatchFields(rulePatch, existingRule);
-  }
+  validateNonCustomizablePatchFields(rulePatch, existingRule);
 
   const patchedRule = await applyRulePatch({
     prebuiltRuleAssetClient,
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/logic/detection_rules_client/methods/update_rule.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/logic/detection_rules_client/methods/update_rule.ts
index 91f909c312fdb..8fd7f7a89dcb7 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/logic/detection_rules_client/methods/update_rule.ts
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/logic/detection_rules_client/methods/update_rule.ts
@@ -51,10 +51,7 @@ export const updateRule = async ({
     throw new ClientError(error.message, error.statusCode);
   }
 
-  // We don't allow non-customizable fields to be changed for prebuilt rules
-  if (existingRule.rule_source && existingRule.rule_source.type === 'external') {
-    validateNonCustomizableUpdateFields(ruleUpdate, existingRule);
-  }
+  validateNonCustomizableUpdateFields(ruleUpdate, existingRule);
 
   const ruleWithUpdates = await applyRuleUpdate({
     prebuiltRuleAssetClient,
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/utils/validate.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/utils/validate.ts
index 25c0e3a40b8d0..5ff9d2d97f2b0 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/utils/validate.ts
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/utils/validate.ts
@@ -124,10 +124,13 @@ export const validateNonCustomizableUpdateFields = (
   ruleUpdate: RuleUpdateProps,
   existingRule: RuleResponse
 ) => {
-  if (!isEqual(ruleUpdate.author, existingRule.author)) {
-    throw new ClientError(`Cannot update "author" field for prebuilt rules`, 400);
-  } else if (ruleUpdate.license !== existingRule.license) {
-    throw new ClientError(`Cannot update "license" field for prebuilt rules`, 400);
+  // We don't allow non-customizable fields to be changed for prebuilt rules
+  if (existingRule.rule_source && existingRule.rule_source.type === 'external') {
+    if (!isEqual(ruleUpdate.author, existingRule.author)) {
+      throw new ClientError(`Cannot update "author" field for prebuilt rules`, 400);
+    } else if (ruleUpdate.license !== existingRule.license) {
+      throw new ClientError(`Cannot update "license" field for prebuilt rules`, 400);
+    }
   }
 };
 
@@ -135,9 +138,12 @@ export const validateNonCustomizablePatchFields = (
   rulePatch: RulePatchProps,
   existingRule: RuleResponse
 ) => {
-  if (rulePatch.author && !isEqual(rulePatch.author, existingRule.author)) {
-    throw new ClientError(`Cannot update "author" field for prebuilt rules`, 400);
-  } else if (rulePatch.license && rulePatch.license !== existingRule.license) {
-    throw new ClientError(`Cannot update "license" field for prebuilt rules`, 400);
+  // We don't allow non-customizable fields to be changed for prebuilt rules
+  if (existingRule.rule_source && existingRule.rule_source.type === 'external') {
+    if (rulePatch.author && !isEqual(rulePatch.author, existingRule.author)) {
+      throw new ClientError(`Cannot update "author" field for prebuilt rules`, 400);
+    } else if (rulePatch.license != null && rulePatch.license !== existingRule.license) {
+      throw new ClientError(`Cannot update "license" field for prebuilt rules`, 400);
+    }
   }
 };
diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/utils/rules/get_rule_params/get_custom_query_rule_params.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/utils/rules/get_rule_params/get_custom_query_rule_params.ts
index b561d3e8dc023..a5c5fe00ed700 100644
--- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/utils/rules/get_rule_params/get_custom_query_rule_params.ts
+++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/utils/rules/get_rule_params/get_custom_query_rule_params.ts
@@ -29,6 +29,7 @@ export function getCustomQueryRuleParams(
     index: ['logs-*'],
     interval: '100m',
     from: 'now-6m',
+    author: [],
     enabled: false,
     ...rewrites,
   };