Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fixes handling of Custom IOA Rule Group Versioning #216

Merged
merged 5 commits into from
Oct 22, 2024
Merged

Fixes handling of Custom IOA Rule Group Versioning #216

merged 5 commits into from
Oct 22, 2024

Conversation

hur
Copy link
Collaborator

@hur hur commented Oct 18, 2024

Fixes handling of Custom IOA Rule Group Versioning

  • Enhancement
  • Major feature update
  • Bug fixes
  • Breaking change
  • Updated unit tests
  • Documentation

Bandit analysis

(caracara-py3.11) redacted@redacted caracara-fork % bandit -r caracara
[main]	INFO	profile include tests: None
[main]	INFO	profile exclude tests: None
[main]	INFO	cli include tests: None
[main]	INFO	cli exclude tests: None
[main]	INFO	running on Python 3.11.9
[manager]	WARNING	Test in comment: The is not a test name or id, ignoring
[manager]	WARNING	Test in comment: password is not a test name or id, ignoring
[manager]	WARNING	Test in comment: infected is not a test name or id, ignoring
[manager]	WARNING	Test in comment: is is not a test name or id, ignoring
[manager]	WARNING	Test in comment: generic is not a test name or id, ignoring
[manager]	WARNING	Test in comment: and is not a test name or id, ignoring
[manager]	WARNING	Test in comment: always is not a test name or id, ignoring
[manager]	WARNING	Test in comment: the is not a test name or id, ignoring
[manager]	WARNING	Test in comment: same is not a test name or id, ignoring
Run started:2024-10-18 10:21:19.988242

Test results:
	No issues identified.

Code scanned:
	Total lines of code: 5522
	Total lines skipped (#nosec): 1

Run metrics:
	Total issues (by severity):
		Undefined: 0
		Low: 0
		Medium: 0
		High: 0
	Total issues (by confidence):
		Undefined: 0
		Low: 0
		Medium: 0
		High: 0
(caracara-py3.11) redacted@redacted tests % bandit -r . --skip=B101
[main]	INFO	Found project level .bandit file: ./.bandit
[utils]	WARNING	Unable to parse config file ./.bandit or missing [bandit] section
[main]	INFO	profile include tests: None
[main]	INFO	profile exclude tests: None
[main]	INFO	cli include tests: None
[main]	INFO	cli exclude tests: B101
[main]	INFO	running on Python 3.11.9
Run started:2024-10-18 10:20:41.486862

Test results:
	No issues identified.

Code scanned:
	Total lines of code: 1446
	Total lines skipped (#nosec): 0

Run metrics:
	Total issues (by severity):
		Undefined: 0
		Low: 0
		Medium: 0
		High: 0
	Total issues (by confidence):
		Undefined: 0
		Low: 0
		Medium: 0
		High: 0
Files skipped (0):

Added features and functionality

Fixed Issue #212.

Issues resolved

Other

  • Updated the relevant unit test
  • The function _create_update_delete_rules was changed to _update_create_delete_rules after adjusting the order of operations within the function.

@hur
Copy link
Collaborator Author

hur commented Oct 18, 2024

Adding some details/context on the implemented changes:

Updating a rule group, or a rule within a rule group, requires rulegroup_version to be passed along in the API request. This needs to match the current version of the rule group in Falcon, otherwise a 409 rule group mismatch seems to be returned. I suspect this is required to prevent conflicts from concurrent rule group updates.

When doing update operations on a rule group or its rules, the API returns the rule group with the updated version. However, when creating or deleting rules, the API also increments the rule group version, but as the rule group isn't returned to us, we can't leverage the API response to track the new rule group version, and need to track that locally.

I also changed the ordering of the create, update, and delete operations in _create_update_delete_rules to handle updates first. This feels like the right order to do things.

create->update->read can lead to create operations succeeding but the rest failing due to a concurrent update.
update->create->read will not have such issues with concurrent updated - if the update fails, creation and deletion do not occur, and the request should be safe to try again.

@hur hur changed the title Fixes handling of Custom IOA Rule Group Versioning DRAFT: Fixes handling of Custom IOA Rule Group Versioning Oct 18, 2024
@hur hur changed the title DRAFT: Fixes handling of Custom IOA Rule Group Versioning Fixes handling of Custom IOA Rule Group Versioning Oct 18, 2024
@hur hur changed the title Fixes handling of Custom IOA Rule Group Versioning DRAFT: Fixes handling of Custom IOA Rule Group Versioning Oct 18, 2024
@hur hur changed the title DRAFT: Fixes handling of Custom IOA Rule Group Versioning Fixes handling of Custom IOA Rule Group Versioning Oct 18, 2024
@ChristopherHammond13 ChristopherHammond13 added bug 🐛 Something isn't working enhancement 🌟 New feature or request labels Oct 21, 2024
@hur
Copy link
Collaborator Author

hur commented Oct 21, 2024

I think the linting issues should be fixed @ChristopherHammond13, but seems like the CI workflows need your approval to re-run.

@ChristopherHammond13
Copy link
Member

Thank you so much for your fix here, @hur! I'm happy to get this merged. We'll get this fix into 0.9.1.

@ChristopherHammond13 ChristopherHammond13 merged commit bbe3408 into CrowdStrike:main Oct 22, 2024
8 checks passed
@hur hur mentioned this pull request Oct 25, 2024
Merged
6 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ChristopherHammond13 ChristopherHammond13 ChristopherHammond13 approved these changes

Assignees

@hur hur

Labels
bug 🐛 Something isn't working enhancement 🌟 New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[ BUG ] 409 Rule group version mismatch error when updating rule group
2 participants
@hur @ChristopherHammond13