From cc95f5c16ea9e8ff39d680384ff1b467545dd9a0 Mon Sep 17 00:00:00 2001
From: Phil Rzewski <phil@brimdata.io>
Date: Mon, 16 Oct 2023 13:23:53 -0700
Subject: [PATCH] Filter out Suricata rules when assembling zdeps on Windows
 (#2858)

---
 apps/zui/scripts/download-zdeps/index.js | 15 ++++++++++++++-
 1 file changed, 14 insertions(+), 1 deletion(-)

diff --git a/apps/zui/scripts/download-zdeps/index.js b/apps/zui/scripts/download-zdeps/index.js
index bfe48ffdcd..fb0577f7b3 100644
--- a/apps/zui/scripts/download-zdeps/index.js
+++ b/apps/zui/scripts/download-zdeps/index.js
@@ -111,11 +111,24 @@ async function zedDevBuild(destPath) {
   }
 }
 
+// Suricata rules are dropped from the Windows build to fix a false positive
+// malware flagging. See https://github.com/brimdata/zui/issues/2857.
+const filterBrimcapZdeps = (src, dest) => {
+  if (process.platform == "win32" &&
+      (/suricata\.rules$/.test(src) || /emerging\.rules\.tar\.gz$/.test(src)) &&
+      fs.statSync(src).isFile()) {
+    return false
+  } else {
+    return true
+  }
+}
+
 async function main() {
   try {
     fs.copySync(
       path.resolve("..", "..", "node_modules", "brimcap", "build", "dist"),
-      zdepsPath
+      zdepsPath,
+      { filter: filterBrimcapZdeps }
     )
     const brimcapVersion = child_process
       .execSync(path.join(zdepsPath, "brimcap") + " -version")