From 771579aaa0ac76228e486c8a99b0c7ff40abe446 Mon Sep 17 00:00:00 2001
From: FrankHassanabad <frank.hassanabad@elastic.co>
Date: Fri, 24 Jan 2020 15:16:53 -0700
Subject: [PATCH] Fixed import issue where you could flip the flags on import

---
 .../schemas/import_rules_schema.test.ts       | 41 +++++++++++++++----
 .../routes/schemas/import_rules_schema.ts     |  2 +-
 2 files changed, 33 insertions(+), 10 deletions(-)

diff --git a/x-pack/legacy/plugins/siem/server/lib/detection_engine/routes/schemas/import_rules_schema.test.ts b/x-pack/legacy/plugins/siem/server/lib/detection_engine/routes/schemas/import_rules_schema.test.ts
index f2d7c7f483b79..f761ba6198e74 100644
--- a/x-pack/legacy/plugins/siem/server/lib/detection_engine/routes/schemas/import_rules_schema.test.ts
+++ b/x-pack/legacy/plugins/siem/server/lib/detection_engine/routes/schemas/import_rules_schema.test.ts
@@ -857,7 +857,7 @@ describe('import rules schema', () => {
       );
     });
 
-    test('You can optionally set the immutable to be true', () => {
+    test('You can optionally set the immutable to be false', () => {
       expect(
         importRulesSchema.validate<Partial<ImportRuleAlertRest>>({
           rule_id: 'rule-1',
@@ -866,7 +866,7 @@ describe('import rules schema', () => {
           description: 'some description',
           from: 'now-5m',
           to: 'now',
-          immutable: true,
+          immutable: false,
           index: ['index-1'],
           name: 'some-name',
           severity: 'low',
@@ -880,6 +880,29 @@ describe('import rules schema', () => {
       ).toBeFalsy();
     });
 
+    test('You cannnot set immutable to be true', () => {
+      expect(
+        importRulesSchema.validate<Partial<ImportRuleAlertRest>>({
+          rule_id: 'rule-1',
+          output_index: '.siem-signals',
+          risk_score: 50,
+          description: 'some description',
+          from: 'now-5m',
+          to: 'now',
+          immutable: true,
+          index: ['index-1'],
+          name: 'some-name',
+          severity: 'low',
+          interval: '5m',
+          type: 'query',
+          references: ['index-1'],
+          query: 'some query',
+          language: 'kuery',
+          max_signals: 1,
+        }).error.message
+      ).toEqual('child "immutable" fails because ["immutable" must be one of [false]]');
+    });
+
     test('You cannot set the immutable to be a number', () => {
       expect(
         importRulesSchema.validate<
@@ -914,7 +937,7 @@ describe('import rules schema', () => {
           description: 'some description',
           from: 'now-5m',
           to: 'now',
-          immutable: true,
+          immutable: false,
           index: ['index-1'],
           name: 'some-name',
           severity: 'low',
@@ -937,7 +960,7 @@ describe('import rules schema', () => {
           description: 'some description',
           from: 'now-5m',
           to: 'now',
-          immutable: true,
+          immutable: false,
           index: ['index-1'],
           name: 'some-name',
           severity: 'low',
@@ -960,7 +983,7 @@ describe('import rules schema', () => {
           description: 'some description',
           from: 'now-5m',
           to: 'now',
-          immutable: true,
+          immutable: false,
           index: ['index-1'],
           name: 'some-name',
           severity: 'low',
@@ -983,7 +1006,7 @@ describe('import rules schema', () => {
           description: 'some description',
           from: 'now-5m',
           to: 'now',
-          immutable: true,
+          immutable: false,
           index: ['index-1'],
           name: 'some-name',
           severity: 'low',
@@ -1006,7 +1029,7 @@ describe('import rules schema', () => {
           description: 'some description',
           from: 'now-5m',
           to: 'now',
-          immutable: true,
+          immutable: false,
           index: ['index-1'],
           name: 'some-name',
           severity: 'low',
@@ -1032,7 +1055,7 @@ describe('import rules schema', () => {
           description: 'some description',
           from: 'now-5m',
           to: 'now',
-          immutable: true,
+          immutable: false,
           index: ['index-1'],
           name: 'some-name',
           severity: 'low',
@@ -1056,7 +1079,7 @@ describe('import rules schema', () => {
           description: 'some description',
           from: 'now-5m',
           to: 'now',
-          immutable: true,
+          immutable: false,
           index: ['index-1'],
           name: 'some-name',
           severity: 'low',
diff --git a/x-pack/legacy/plugins/siem/server/lib/detection_engine/routes/schemas/import_rules_schema.ts b/x-pack/legacy/plugins/siem/server/lib/detection_engine/routes/schemas/import_rules_schema.ts
index 8516585a2c055..672eb43d51773 100644
--- a/x-pack/legacy/plugins/siem/server/lib/detection_engine/routes/schemas/import_rules_schema.ts
+++ b/x-pack/legacy/plugins/siem/server/lib/detection_engine/routes/schemas/import_rules_schema.ts
@@ -61,7 +61,7 @@ export const importRulesSchema = Joi.object({
   filters,
   from: from.default('now-6m'),
   rule_id: rule_id.required(),
-  immutable: immutable.default(false),
+  immutable: immutable.default(false).valid(false),
   index,
   interval: interval.default('5m'),
   query: query.allow('').default(''),