fixed to include noisy and exclude rules when level tuning #511

2022-04-20 18:30:05 +09:00
parent c6b2879eb5
commit 06ccf8382b
4 changed files with 16 additions and 17 deletions
--- a/src/filter.rs
+++ b/src/filter.rs
@@ -19,10 +19,16 @@ pub struct RuleExclude {
    pub no_use_rule: HashSet<String>,
 }

+impl RuleExclude {
+    pub fn default() -> RuleExclude {
+        RuleExclude {
+            no_use_rule: HashSet::new(),
+        }
+    }
+}
+
 pub fn exclude_ids() -> RuleExclude {
-    let mut exclude_ids = RuleExclude {
-        no_use_rule: HashSet::new(),
-    };
+    let mut exclude_ids = RuleExclude::default();

    if !configs::CONFIG
        .read()
--- a/src/main.rs
+++ b/src/main.rs
@@ -775,9 +775,7 @@ impl App {
            .read_dir(
                rule_folder_path,
                "INFORMATIONAL",
-                &filter::RuleExclude {
-                    no_use_rule: HashSet::new(),
-                },
+                &filter::RuleExclude::default(),
            )
            .ok();

--- a/src/options/level_tuning.rs
+++ b/src/options/level_tuning.rs
@@ -1,5 +1,5 @@
 use crate::detections::{configs, utils};
-use crate::filter;
+use crate::filter::RuleExclude;
 use crate::yaml::ParseYaml;
 use std::collections::HashMap;
 use std::fs::{self, File};
@@ -45,8 +45,9 @@ impl LevelTuning {

        // Read Rule files
        let mut rulefile_loader = ParseYaml::new();
+        //noisy rules and exclude rules treats as update target
        let result_readdir =
-            rulefile_loader.read_dir(rules_path, "informational", &filter::exclude_ids());
+            rulefile_loader.read_dir(rules_path, "informational", &RuleExclude::default());
        if result_readdir.is_err() {
            return Result::Err(format!("{}", result_readdir.unwrap_err()));
        }
--- a/src/yaml.rs
+++ b/src/yaml.rs
@@ -290,9 +290,7 @@ mod tests {
        AlertMessage::create_error_log(ERROR_LOG_PATH.to_string());

        let mut yaml = yaml::ParseYaml::new();
-        let exclude_ids = RuleExclude {
-            no_use_rule: HashSet::new(),
-        };
+        let exclude_ids = RuleExclude::default();
        let _ = &yaml.read_dir(
            "test_files/rules/yaml/1.yml",
            &String::default(),
@@ -401,9 +399,7 @@ mod tests {

        let mut yaml = yaml::ParseYaml::new();
        let path = Path::new("test_files/rules/yaml");
-        let exclude_ids = RuleExclude {
-            no_use_rule: HashSet::new(),
-        };
+        let exclude_ids = RuleExclude::default();
        yaml.read_dir(path, "", &exclude_ids).unwrap();
        assert_eq!(yaml.ignorerule_count, 0);
    }
@@ -411,9 +407,7 @@ mod tests {
    fn test_exclude_deprecated_rules_file() {
        let mut yaml = yaml::ParseYaml::new();
        let path = Path::new("test_files/rules/deprecated");
-        let exclude_ids = RuleExclude {
-            no_use_rule: HashSet::new(),
-        };
+        let exclude_ids = RuleExclude::default();
        yaml.read_dir(path, "", &exclude_ids).unwrap();
        assert_eq!(yaml.ignorerule_count, 1);
    }