Unability to update rule files with specific rule file permissions

[Desvelao]

Wazuh	Rev	Browser
X.Y.Z	xyzw	Chrome, Firefox, Safari, etc

Description There is a bug in the validation of the user permission with specific rule files when trying to update a file that according to the action/resource configuration for the API user, this should be able to update. The button is disabled and the user can not update the file.

The error could happen with decoders and lists. It should be researched.

Reference: https://groups.google.com/g/wazuh/c/z2HzX-4o-b4/m/ZXxhQNriBAAJ

Side note: As part of the research of the case, I found a problem with the API endpoint to update the rule file that do not support the specific resource such as rule:file:<placeholder>

console $ TOKEN=$(curl -k -X POST -u "wazuh-wui:MyS3cr37P450r.*-" https://localhost:55000/security/user/authenticate/run_as?raw=true -d '{"user_name":"wzread"}' -H "content-type:application/json")
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   503  100   481  100    22   2101     96 --:--:-- --:--:-- --:--:--  2206
console $ curl -k -H "Authorization: Bearer ${TOKEN}" https://localhost:55000/security/users/me/policies
{"data": {"agent:read": {"agent:id:*": "allow", "agent:group:*": "allow"}, "group:read": {"group:id:*": "allow"}, "ciscat:read": {"agent:id:*": "allow"}, "cluster:status": {"*:*:*": "allow"}, "manager:read": {"*:*:*": "allow"}, "manager:read_api_config": {"*:*:*": "allow"}, "cluster:read_api_config": {"node:id:*": "allow"}, "cluster:read": {"node:id:*": "allow"}, "decoders:read": {"decoder:file:*": "allow"}, "lists:read": {"list:file:*": "allow"}, "rootcheck:read": {"agent:id:*": "allow"}, "rules:read": {"rule:file:*": "allow", "rule:file:specific-file.xml": "allow"}, "mitre:read": {"*:*:*": "allow"}, "sca:read": {"agent:id:*": "allow"}, "syscheck:read": {"agent:id:*": "allow"}, "syscollector:read": {"agent:id:*": "allow"}, "rules:delete": {"rule:file:specific-file.xml": "allow"}, "rules:update": {"rule:file:specific-file.xml": "allow"}, "rbac_mode": "white"}, "message": "Current user processed policies information was returned", "error": 0}console $ ^C
console $ curl -k -H "Authorization: Bearer ${TOKEN}" https://localhost:55000/rules/files/specific-file.xml -d @specific-file.xml -XPUT -H "content-type:application/octet-stream"
{"title": "Permission Denied", "detail": "Permission denied: Resource type: *:*", "remediation": "Please, make sure you have permissions to execute the current request. For more information on how to set up permissions, please visit https://documentation.wazuh.com/4.8/user-manual/api/rbac/configuration.html", "dapi_errors": {"node01": {"error": "Permission denied: Resource type: *:*"}}, "error": 4000}

Using the endpoint to delete the file works as expected:

console $ curl -k -H "Authorization: Bearer ${TOKEN}" https://localhost:55000/rules/files/specific-file.xml -XDELETE
{"data": {"affected_items": ["etc/rules/specific-file.xml"], "total_affected_items": 1, "total_failed_items": 0, "failed_items": []}, "message": "Rule was successfully deleted", "error": 0}

Preconditions

1. Create an API policy with permissions to read, update and delete a specific file with: actions: rules:read, rules:update and rules:delete resource: rule:file:<name-specific-file>.xml
2. Create a API role and assign the created policy
3. Assign the API role to an internal user of Wazuh dashboard (create the user as necessary)
4. Create the specific file and restart the Wazuh server

Steps to reproduce

1. Login with the user with restricted permissions
2. Navigate to the rule list
3. Click on the specific rule file

Expected Result

1. The button should not be disabled and not display a message related to missing permissions

Actual Result

1. The button to save the file is disabled and hovering on it displays a message related to missing permissions

Screenshots