[Bug] test_preserve_upstream_protected_rule_id_name fails when `CUSTOM_RULES_DIR` is set

[hnguyen-coreweave]

Describe the Bug

The unit test test_preserve_upstream_protected_rule_id_name will fail when CUSTOM_RULES_DIR value is set because the load_rules() function does not load default rules when the CUSTOM_RULES_DIR is set

detection-rules/tests/base.py

Line 26 in 3a52db2

def load_rules() -> RuleCollection:

Error message:

        if failures:
            fail_msg = """
            The following protected prebuilt rules have missing/modified rule IDs or names \n
            """
>           self.fail(fail_msg + "\n".join(failures))
E           AssertionError: 
E                       The following protected prebuilt rules have missing/modified rule IDs or names 
E           
E                       Protected rule: Endpoint Security (Elastic Defend) rule_id: 9a1a2dae-0b5f-4c3d-8305-a268d404c306 missing/modified - review upstream impact

To Reproduce

1. set CUSTOM_RULES_DIR
2. run make test

Expected Behavior

Unit test test_preserve_upstream_protected_rule_id_name to pass even when the CUSTOM_RULES_DIR env var is set

Screenshots

No response

Desktop - OS

None

Desktop - Version

No response

Additional Context

No response