Open Desvelao opened 2 months ago
Discussing with the team, the creation of rules (it could apply to decoders and cdb lists) uses the rules:update
action that is resourceless ( *:*:*
). This means does not support the usage of specific rule files using rule:files:<placeholder>
.
So in this scenario, we could review the user permissions validation service works for the virtual requirement and should replace the specific permission for the resourceless to the button to save the file.
Description There is a bug in the validation of the user permission with specific rule files when trying to update a file that according to the action/resource configuration for the API user, this should be able to update. The button is disabled and the user can not update the file.
The error could happen with decoders and lists. It should be researched.
Reference: https://groups.google.com/g/wazuh/c/z2HzX-4o-b4/m/ZXxhQNriBAAJ
Side note: As part of the research of the case, I found a problem with the API endpoint to update the rule file that do not support the specific resource such as
rule:file:<placeholder>
Preconditions
rules:read
,rules:update
andrules:delete
resource:rule:file:<name-specific-file>.xml
Steps to reproduce
Expected Result
Actual Result
Screenshots