From 6fde6cc39e347b19196e05def301af1fcdd43798 Mon Sep 17 00:00:00 2001 From: DustInDark Date: Wed, 22 Jun 2022 23:02:58 +0900 Subject: [PATCH 01/25] changed 'c' option long name to avoid clearly difference rules/config and config --- src/detections/configs.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/detections/configs.rs b/src/detections/configs.rs index 883d7858..1a546774 100644 --- a/src/detections/configs.rs +++ b/src/detections/configs.rs @@ -82,7 +82,7 @@ pub struct Config { /// Specify custom rule config folder (default: ./rules/config) #[clap( short = 'c', - long, + long = "rules-config", default_value = "./rules/config", hide_default_value = true, value_name = "RULE_CONFIG_DIRECTORY" From 54009f346637f415fb8c79eb31be55eaf04d96c2 Mon Sep 17 00:00:00 2001 From: DustInDark Date: Thu, 23 Jun 2022 09:21:10 +0900 Subject: [PATCH 02/25] adjusted execution path to level_color.txt --- src/afterfact.rs | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/afterfact.rs b/src/afterfact.rs index a6edaa50..d7b9c272 100644 --- a/src/afterfact.rs +++ b/src/afterfact.rs @@ -1,5 +1,5 @@ use crate::detections::configs; -use crate::detections::configs::TERM_SIZE; +use crate::detections::configs::{TERM_SIZE, CURRENT_EXE_PATH}; use crate::detections::print; use crate::detections::print::{AlertMessage, IS_HIDE_RECORD_ID}; use crate::detections::utils; @@ -62,7 +62,7 @@ lazy_static! { /// level_color.txtファイルを読み込み対応する文字色のマッピングを返却する関数 pub fn set_output_color() -> HashMap { - let read_result = utils::read_csv("config/level_color.txt"); + let read_result = utils::read_csv(CURRENT_EXE_PATH.join("config/level_color.txt").to_str().unwrap()); let mut color_map: HashMap = HashMap::new(); if configs::CONFIG.read().unwrap().args.no_color { return color_map; From dc409681ca65e6d7e876a1503113a7ebc4c638f4 Mon Sep 17 00:00:00 2001 From: DustInDark Date: Thu, 23 Jun 2022 09:22:07 +0900 Subject: [PATCH 03/25] added execution path staic variable --- src/detections/configs.rs | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/src/detections/configs.rs b/src/detections/configs.rs index 1a546774..2ba70ec3 100644 --- a/src/detections/configs.rs +++ b/src/detections/configs.rs @@ -3,6 +3,7 @@ use crate::detections::pivot::PIVOT_KEYWORD; use crate::detections::print::AlertMessage; use crate::detections::utils; use chrono::{DateTime, Utc}; +use std::env::current_exe; use clap::{App, CommandFactory, Parser}; use hashbrown::HashMap; use hashbrown::HashSet; @@ -32,6 +33,7 @@ lazy_static! { pub static ref TERM_SIZE: Option<(Width, Height)> = terminal_size(); pub static ref TARGET_EXTENSIONS: HashSet = get_target_extensions(CONFIG.read().unwrap().args.evtx_file_ext.as_ref()); + pub static ref CURRENT_EXE_PATH: PathBuf = current_exe().unwrap().parent().unwrap().to_path_buf(); } pub struct ConfigReader<'a> { @@ -228,8 +230,8 @@ impl ConfigReader<'_> { app: build_cmd, args: parse, headless_help: String::default(), - event_timeline_config: load_eventcode_info("config/statistics_event_info.txt"), - target_eventids: load_target_ids("config/target_eventids.txt"), + event_timeline_config: load_eventcode_info(CURRENT_EXE_PATH.join("config/statistics_event_info.txt").to_str().unwrap()), + target_eventids: load_target_ids(CURRENT_EXE_PATH.join("config/target_eventids.txt").to_str().unwrap()), } } } From 14a6f554b7089b4638c940ba7b9f62abe4080e25 Mon Sep 17 00:00:00 2001 From: DustInDark Date: Thu, 23 Jun 2022 09:22:53 +0900 Subject: [PATCH 04/25] adjusted execution path to channel_abbrevations and output_tag --- src/detections/print.rs | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/src/detections/print.rs b/src/detections/print.rs index d74875d7..84be1b0e 100644 --- a/src/detections/print.rs +++ b/src/detections/print.rs @@ -1,5 +1,6 @@ extern crate lazy_static; use crate::detections::configs; +use crate::detections::configs::CURRENT_EXE_PATH; use crate::detections::utils; use crate::detections::utils::get_serde_number_to_string; use crate::detections::utils::write_color_buffer; @@ -53,12 +54,12 @@ lazy_static! { pub static ref STATISTICS_FLAG: bool = configs::CONFIG.read().unwrap().args.statistics; pub static ref LOGONSUMMARY_FLAG: bool = configs::CONFIG.read().unwrap().args.logon_summary; pub static ref TAGS_CONFIG: HashMap = Message::create_output_filter_config( - "config/output_tag.txt", + CURRENT_EXE_PATH.join("config/output_tag.txt").to_str().unwrap(), true, configs::CONFIG.read().unwrap().args.all_tags ); pub static ref CH_CONFIG: HashMap = Message::create_output_filter_config( - "config/channel_abbreviations.txt", + CURRENT_EXE_PATH.join("config/channel_abbreviations.txt").to_str().unwrap(), false, configs::CONFIG.read().unwrap().args.all_tags ); From 37a1abf9ec23ffe8a94932a4613bd44875b1a822 Mon Sep 17 00:00:00 2001 From: DustInDark Date: Thu, 23 Jun 2022 09:24:15 +0900 Subject: [PATCH 05/25] adjusted execution path to pivot-keywords --- src/main.rs | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/main.rs b/src/main.rs index bf6a4797..94593132 100644 --- a/src/main.rs +++ b/src/main.rs @@ -23,6 +23,7 @@ use hayabusa::detections::rule::{get_detection_keys, RuleNode}; use hayabusa::omikuji::Omikuji; use hayabusa::options::level_tuning::LevelTuning; use hayabusa::yaml::ParseYaml; +use hayabusa::detections::configs::CURRENT_EXE_PATH; use hayabusa::{afterfact::after_fact, detections::utils}; use hayabusa::{detections::configs, timeline::timelines::Timeline}; use hayabusa::{detections::utils::write_color_buffer, filter}; @@ -82,7 +83,7 @@ impl App { fn exec(&mut self) { if *PIVOT_KEYWORD_LIST_FLAG { - load_pivot_keywords("config/pivot_keywords.txt"); + load_pivot_keywords(CURRENT_EXE_PATH.join("config/pivot_keywords.txt").to_str().unwrap()); } let analysis_start_time: DateTime = Local::now(); From 72f143bd7e81b0bb39f3f49c45ccbd60f16dd291 Mon Sep 17 00:00:00 2001 From: DustInDark Date: Thu, 23 Jun 2022 09:24:44 +0900 Subject: [PATCH 06/25] adjusted execution path to hayabusa config folder check --- src/main.rs | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/main.rs b/src/main.rs index 94593132..6fc3f521 100644 --- a/src/main.rs +++ b/src/main.rs @@ -132,8 +132,8 @@ impl App { println!(); return; } - - if !Path::new("./config").exists() { + // 実行時のexeファイルのパスをベースに変更する必要があるためデフォルトの値であった場合はそのexeファイルと同一階層を探すようにする + if !CURRENT_EXE_PATH.join("config").exists() { AlertMessage::alert( "Hayabusa could not find the config directory.\nPlease run it from the Hayabusa root directory.\nExample: ./hayabusa-1.0.0-windows-x64.exe" ) From fb08d7ee09041988f774c6d071689adf39ba430f Mon Sep 17 00:00:00 2001 From: DustInDark Date: Thu, 23 Jun 2022 09:25:44 +0900 Subject: [PATCH 07/25] cargo fmt --- src/afterfact.rs | 9 +++++++-- src/detections/configs.rs | 19 +++++++++++++++---- src/detections/print.rs | 10 ++++++++-- src/main.rs | 9 +++++++-- 4 files changed, 37 insertions(+), 10 deletions(-) diff --git a/src/afterfact.rs b/src/afterfact.rs index d7b9c272..d94ee7b9 100644 --- a/src/afterfact.rs +++ b/src/afterfact.rs @@ -1,5 +1,5 @@ use crate::detections::configs; -use crate::detections::configs::{TERM_SIZE, CURRENT_EXE_PATH}; +use crate::detections::configs::{CURRENT_EXE_PATH, TERM_SIZE}; use crate::detections::print; use crate::detections::print::{AlertMessage, IS_HIDE_RECORD_ID}; use crate::detections::utils; @@ -62,7 +62,12 @@ lazy_static! { /// level_color.txtファイルを読み込み対応する文字色のマッピングを返却する関数 pub fn set_output_color() -> HashMap { - let read_result = utils::read_csv(CURRENT_EXE_PATH.join("config/level_color.txt").to_str().unwrap()); + let read_result = utils::read_csv( + CURRENT_EXE_PATH + .join("config/level_color.txt") + .to_str() + .unwrap(), + ); let mut color_map: HashMap = HashMap::new(); if configs::CONFIG.read().unwrap().args.no_color { return color_map; diff --git a/src/detections/configs.rs b/src/detections/configs.rs index 2ba70ec3..dafe2e5f 100644 --- a/src/detections/configs.rs +++ b/src/detections/configs.rs @@ -3,12 +3,12 @@ use crate::detections::pivot::PIVOT_KEYWORD; use crate::detections::print::AlertMessage; use crate::detections::utils; use chrono::{DateTime, Utc}; -use std::env::current_exe; use clap::{App, CommandFactory, Parser}; use hashbrown::HashMap; use hashbrown::HashSet; use lazy_static::lazy_static; use regex::Regex; +use std::env::current_exe; use std::path::PathBuf; use std::sync::RwLock; use terminal_size::{terminal_size, Height, Width}; @@ -33,7 +33,8 @@ lazy_static! { pub static ref TERM_SIZE: Option<(Width, Height)> = terminal_size(); pub static ref TARGET_EXTENSIONS: HashSet = get_target_extensions(CONFIG.read().unwrap().args.evtx_file_ext.as_ref()); - pub static ref CURRENT_EXE_PATH: PathBuf = current_exe().unwrap().parent().unwrap().to_path_buf(); + pub static ref CURRENT_EXE_PATH: PathBuf = + current_exe().unwrap().parent().unwrap().to_path_buf(); } pub struct ConfigReader<'a> { @@ -230,8 +231,18 @@ impl ConfigReader<'_> { app: build_cmd, args: parse, headless_help: String::default(), - event_timeline_config: load_eventcode_info(CURRENT_EXE_PATH.join("config/statistics_event_info.txt").to_str().unwrap()), - target_eventids: load_target_ids(CURRENT_EXE_PATH.join("config/target_eventids.txt").to_str().unwrap()), + event_timeline_config: load_eventcode_info( + CURRENT_EXE_PATH + .join("config/statistics_event_info.txt") + .to_str() + .unwrap(), + ), + target_eventids: load_target_ids( + CURRENT_EXE_PATH + .join("config/target_eventids.txt") + .to_str() + .unwrap(), + ), } } } diff --git a/src/detections/print.rs b/src/detections/print.rs index 84be1b0e..49b418b0 100644 --- a/src/detections/print.rs +++ b/src/detections/print.rs @@ -54,12 +54,18 @@ lazy_static! { pub static ref STATISTICS_FLAG: bool = configs::CONFIG.read().unwrap().args.statistics; pub static ref LOGONSUMMARY_FLAG: bool = configs::CONFIG.read().unwrap().args.logon_summary; pub static ref TAGS_CONFIG: HashMap = Message::create_output_filter_config( - CURRENT_EXE_PATH.join("config/output_tag.txt").to_str().unwrap(), + CURRENT_EXE_PATH + .join("config/output_tag.txt") + .to_str() + .unwrap(), true, configs::CONFIG.read().unwrap().args.all_tags ); pub static ref CH_CONFIG: HashMap = Message::create_output_filter_config( - CURRENT_EXE_PATH.join("config/channel_abbreviations.txt").to_str().unwrap(), + CURRENT_EXE_PATH + .join("config/channel_abbreviations.txt") + .to_str() + .unwrap(), false, configs::CONFIG.read().unwrap().args.all_tags ); diff --git a/src/main.rs b/src/main.rs index 6fc3f521..075a486e 100644 --- a/src/main.rs +++ b/src/main.rs @@ -11,6 +11,7 @@ use chrono::{DateTime, Datelike, Local, TimeZone}; use evtx::{EvtxParser, ParserSettings}; use git2::Repository; use hashbrown::{HashMap, HashSet}; +use hayabusa::detections::configs::CURRENT_EXE_PATH; use hayabusa::detections::configs::{load_pivot_keywords, TargetEventTime, TARGET_EXTENSIONS}; use hayabusa::detections::detection::{self, EvtxRecordInfo}; use hayabusa::detections::pivot::PivotKeyword; @@ -23,7 +24,6 @@ use hayabusa::detections::rule::{get_detection_keys, RuleNode}; use hayabusa::omikuji::Omikuji; use hayabusa::options::level_tuning::LevelTuning; use hayabusa::yaml::ParseYaml; -use hayabusa::detections::configs::CURRENT_EXE_PATH; use hayabusa::{afterfact::after_fact, detections::utils}; use hayabusa::{detections::configs, timeline::timelines::Timeline}; use hayabusa::{detections::utils::write_color_buffer, filter}; @@ -83,7 +83,12 @@ impl App { fn exec(&mut self) { if *PIVOT_KEYWORD_LIST_FLAG { - load_pivot_keywords(CURRENT_EXE_PATH.join("config/pivot_keywords.txt").to_str().unwrap()); + load_pivot_keywords( + CURRENT_EXE_PATH + .join("config/pivot_keywords.txt") + .to_str() + .unwrap(), + ); } let analysis_start_time: DateTime = Local::now(); From 3a493d6bebc22316949e2a779dd6b95e427c14e2 Mon Sep 17 00:00:00 2001 From: DustInDark Date: Thu, 23 Jun 2022 20:46:18 +0900 Subject: [PATCH 08/25] updated changelog #592 --- CHANGELOG-Japanese.md | 1 + CHANGELOG.md | 1 + 2 files changed, 2 insertions(+) diff --git a/CHANGELOG-Japanese.md b/CHANGELOG-Japanese.md index b8e75cb8..84ec4c75 100644 --- a/CHANGELOG-Japanese.md +++ b/CHANGELOG-Japanese.md @@ -11,6 +11,7 @@ - Clap Crateパッケージの更新 (#413) (@hitenkoku) - オプションの指定がないときに、`--help`と同じ画面出力を行うように変更した。(#387) (@hitenkoku) - ルール内に`details`フィールドがないときに、`rules/config/default_details.txt`に設定されたデフォルトの出力を行えるようにした。 (#359) (@hitenkoku) +- hayabusa.exeをワーキングディレクトリ以外から動作できるようにした。 (#592) (@hitenkoku) **バグ修正:** diff --git a/CHANGELOG.md b/CHANGELOG.md index 6f8a06e6..48bb1435 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -11,6 +11,7 @@ - Updated clap crate package to version 3. (#413) (@hitnekoku) - Updated the default usage and help menu. (#387) (@hitenkoku) - Added default details output based on `rules/config/default_details.txt` when no `details` field in a rule is specified. (i.e. Sigma rules) (#359) (@hitenkoku) +- Adjusted execution path is not working directory. (#592) (@hitenkoku) **Bug Fixes:** From ee934caf3c1726dfa59df83f216d2adca3c89a6b Mon Sep 17 00:00:00 2001 From: DustInDark Date: Thu, 23 Jun 2022 21:16:26 +0900 Subject: [PATCH 09/25] adjusted base on execution path case of execution path is not working directory --- src/main.rs | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/src/main.rs b/src/main.rs index 075a486e..d8eab8ff 100644 --- a/src/main.rs +++ b/src/main.rs @@ -145,7 +145,10 @@ impl App { .ok(); return; } - + // ワーキングディレクトリ以外からの実行の際にrules-configオプションの指定がないとエラーが発生することを防ぐための処理 + if configs::CONFIG.read().unwrap().args.config.to_str().unwrap() == "./rules/config" { + configs::CONFIG.write().unwrap().args.config = CURRENT_EXE_PATH.join("rules/config"); + } if let Some(csv_path) = &configs::CONFIG.read().unwrap().args.output { let pivot_key_unions = PIVOT_KEYWORD.read().unwrap(); pivot_key_unions.iter().for_each(|(key, _)| { From 4c4d078b4bc5fe7de4eaa9c87b7a9167fdd53329 Mon Sep 17 00:00:00 2001 From: DustInDark Date: Thu, 23 Jun 2022 21:17:58 +0900 Subject: [PATCH 10/25] adjusted output logo when execution path is not working directory. --- src/main.rs | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/src/main.rs b/src/main.rs index d8eab8ff..46da95ca 100644 --- a/src/main.rs +++ b/src/main.rs @@ -668,7 +668,7 @@ impl App { /// output logo fn output_logo(&self) { - let fp = &"art/logo.txt".to_string(); + let fp = CURRENT_EXE_PATH.join("art/logo.txt"); let content = fs::read_to_string(fp).unwrap_or_default(); let output_color = if configs::CONFIG.read().unwrap().args.no_color { None @@ -694,7 +694,8 @@ impl App { match eggs.get(exec_datestr) { None => {} Some(path) => { - let content = fs::read_to_string(path).unwrap_or_default(); + let egg_path = CURRENT_EXE_PATH.join(path); + let content = fs::read_to_string(egg_path).unwrap_or_default(); write_color_buffer(BufferWriter::stdout(ColorChoice::Always), None, &content).ok(); } } From 36a6f796623bc3a23af882ad3d81803aa09ba6b7 Mon Sep 17 00:00:00 2001 From: DustInDark Date: Thu, 23 Jun 2022 21:19:00 +0900 Subject: [PATCH 11/25] cargo fmt --- src/main.rs | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/src/main.rs b/src/main.rs index 46da95ca..1681b349 100644 --- a/src/main.rs +++ b/src/main.rs @@ -146,7 +146,15 @@ impl App { return; } // ワーキングディレクトリ以外からの実行の際にrules-configオプションの指定がないとエラーが発生することを防ぐための処理 - if configs::CONFIG.read().unwrap().args.config.to_str().unwrap() == "./rules/config" { + if configs::CONFIG + .read() + .unwrap() + .args + .config + .to_str() + .unwrap() + == "./rules/config" + { configs::CONFIG.write().unwrap().args.config = CURRENT_EXE_PATH.join("rules/config"); } if let Some(csv_path) = &configs::CONFIG.read().unwrap().args.output { From 8c377b21954dca3a0f9ef777e8d5242a8646bcda Mon Sep 17 00:00:00 2001 From: DustInDark Date: Thu, 23 Jun 2022 21:34:24 +0900 Subject: [PATCH 12/25] update readme --- README-Japanese.md | 70 +++++++++++++++++++++++----------------------- README.md | 70 +++++++++++++++++++++++----------------------- 2 files changed, 70 insertions(+), 70 deletions(-) diff --git a/README-Japanese.md b/README-Japanese.md index 621efc54..e70c762f 100644 --- a/README-Japanese.md +++ b/README-Japanese.md @@ -323,41 +323,41 @@ USAGE: hayabusa.exe -f file.evtx [OPTIONS] / hayabusa.exe -d evtx-directory [OPTIONS] OPTIONS: - --European-time ヨーロッパ形式で日付と時刻を出力する (例: 22-02-2022 22:00:00.123 +02:00) - --RFC-2822 RFC 2822形式で日付と時刻を出力する (例: Fri, 22 Feb 2022 22:00:00 -0600) - --RFC-3339 RFC 3339形式で日付と時刻を出力する (例: 2022-02-22 22:00:00.123456-06:00) - --US-military-time 24時間制(ミリタリータイム)のアメリカ形式で日付と時刻を出力する (例: 02-22-2022 22:00:00.123 -06:00) - --US-time アメリカ形式で日付と時刻を出力する (例: 02-22-2022 10:00:00.123 PM -06:00) - --target-file-ext ... evtx以外の拡張子を解析対象に追加する。 (例1: evtx_data 例2:evtx1 evtx2) - --all-tags 出力したCSVファイルにルール内のタグ情報を全て出力する - -c, --config ルールフォルダのコンフィグディレクトリ (デフォルト: ./rules/config) - --contributors コントリビュータの一覧表示 - -d, --directory .evtxファイルを持つディレクトリのパス - -D, --enable-deprecated-rules Deprecatedルールを有効にする - --end-timeline 解析対象とするイベントログの終了時刻 (例: "2022-02-22 23:59:59 +09:00") - -f, --filepath 1つの.evtxファイルに対して解析を行う - -F, --full-data 全てのフィールド情報を出力する - -h, --help ヘルプ情報を表示する - -l, --live-analysis ローカル端末のC:\Windows\System32\winevt\Logsフォルダを解析する - -L, --logon-summary 成功と失敗したログオン情報の要約を出力する - --level-tuning ルールlevelのチューニング (デフォルト: ./rules/config/level_tuning.txt) - -m, --min-level 結果出力をするルールの最低レベル (デフォルト: informational) - -n, --enable-noisy-rules Noisyルールを有効にする - --no_color カラー出力を無効にする - -o, --output タイムラインをCSV形式で保存する (例: results.csv) - -p, --pivot-keywords-list ピボットキーワードの一覧作成 - -q, --quiet Quietモード: 起動バナーを表示しない - -Q, --quiet-errors Quiet errorsモード: エラーログを保存しない - -r, --rules ルールファイルまたはルールファイルを持つディレクトリ (デフォルト: ./rules) - -R, --hide-record-id イベントレコードIDを表示しない - -s, --statistics イベントIDの統計情報を表示する - --start-timeline 解析対象とするイベントログの開始時刻 (例: "2020-02-22 00:00:00 +09:00") - -t, --thread-number スレッド数 (デフォルト: パフォーマンスに最適な数値) - -u, --update-rules rulesフォルダをhayabusa-rulesのgithubリポジトリの最新版に更新する - -U, --UTC UTC形式で日付と時刻を出力する (デフォルト: 現地時間) - -v, --verbose 詳細な情報を出力する - -V, --visualize-timeline イベント頻度タイムラインを出力する - --version バージョン情報を表示する + --European-time ヨーロッパ形式で日付と時刻を出力する (例: 22-02-2022 22:00:00.123 +02:00) + --RFC-2822 RFC 2822形式で日付と時刻を出力する (例: Fri, 22 Feb 2022 22:00:00 -0600) + --RFC-3339 RFC 3339形式で日付と時刻を出力する (例: 2022-02-22 22:00:00.123456-06:00) + --US-military-time 24時間制(ミリタリータイム)のアメリカ形式で日付と時刻を出力する (例: 02-22-2022 22:00:00.123 -06:00) + --US-time アメリカ形式で日付と時刻を出力する (例: 02-22-2022 10:00:00.123 PM -06:00) + --target-file-ext ... evtx以外の拡張子を解析対象に追加する。 (例1: evtx_data 例2:evtx1 evtx2) + --all-tags 出力したCSVファイルにルール内のタグ情報を全て出力する + -c, --rules-config ルールフォルダのコンフィグディレクトリ (デフォルト: ./rules/config) + --contributors コントリビュータの一覧表示 + -d, --directory .evtxファイルを持つディレクトリのパス + -D, --enable-deprecated-rules Deprecatedルールを有効にする + --end-timeline 解析対象とするイベントログの終了時刻 (例: "2022-02-22 23:59:59 +09:00") + -f, --filepath 1つの.evtxファイルに対して解析を行う + -F, --full-data 全てのフィールド情報を出力する + -h, --help ヘルプ情報を表示する + -l, --live-analysis ローカル端末のC:\Windows\System32\winevt\Logsフォルダを解析する + -L, --logon-summary 成功と失敗したログオン情報の要約を出力する + --level-tuning ルールlevelのチューニング (デフォルト: ./rules/config/level_tuning.txt) + -m, --min-level 結果出力をするルールの最低レベル (デフォルト: informational) + -n, --enable-noisy-rules Noisyルールを有効にする + --no_color カラー出力を無効にする + -o, --output タイムラインをCSV形式で保存する (例: results.csv) + -p, --pivot-keywords-list ピボットキーワードの一覧作成 + -q, --quiet Quietモード: 起動バナーを表示しない + -Q, --quiet-errors Quiet errorsモード: エラーログを保存しない + -r, --rules ルールファイルまたはルールファイルを持つディレクトリ (デフォルト: ./rules) + -R, --hide-record-id イベントレコードIDを表示しない + -s, --statistics イベントIDの統計情報を表示する + --start-timeline 解析対象とするイベントログの開始時刻 (例: "2020-02-22 00:00:00 +09:00") + -t, --thread-number スレッド数 (デフォルト: パフォーマンスに最適な数値) + -u, --update-rules rulesフォルダをhayabusa-rulesのgithubリポジトリの最新版に更新する + -U, --UTC UTC形式で日付と時刻を出力する (デフォルト: 現地時間) + -v, --verbose 詳細な情報を出力する + -V, --visualize-timeline イベント頻度タイムラインを出力する + --version バージョン情報を表示する ``` ## 使用例 diff --git a/README.md b/README.md index b4f48494..5b19140b 100644 --- a/README.md +++ b/README.md @@ -319,41 +319,41 @@ USAGE: hayabusa.exe -f file.evtx [OPTIONS] / hayabusa.exe -d evtx-directory [OPTIONS] OPTIONS: - --European-time Output timestamp in European time format (ex: 22-02-2022 22:00:00.123 +02:00) - --RFC-2822 Output timestamp in RFC 2822 format (ex: Fri, 22 Feb 2022 22:00:00 -0600) - --RFC-3339 Output timestamp in RFC 3339 format (ex: 2022-02-22 22:00:00.123456-06:00) - --US-military-time Output timestamp in US military time format (ex: 02-22-2022 22:00:00.123 -06:00) - --US-time Output timestamp in US time format (ex: 02-22-2022 10:00:00.123 PM -06:00) - --target-file-ext ... Specify additional target file extensions (ex: evtx_data) (ex: evtx1 evtx2) - --all-tags Output all tags when saving to a CSV file - -c, --config Specify custom rule config folder (default: ./rules/config) - --contributors Print the list of contributors - -d, --directory Directory of multiple .evtx files - -D, --enable-deprecated-rules Enable rules marked as deprecated - --end-timeline End time of the event logs to load (ex: "2022-02-22 23:59:59 +09:00") - -f, --filepath File path to one .evtx file - -F, --full-data Print all field information - -h, --help Print help information - -l, --live-analysis Analyze the local C:\Windows\System32\winevt\Logs folder - -L, --logon-summary Print a summary of successful and failed logons - --level-tuning Tune alert levels (default: ./rules/config/level_tuning.txt) - -m, --min-level Minimum level for rules (default: informational) - -n, --enable-noisy-rules Enable rules marked as noisy - --no-color Disable color output - -o, --output Save the timeline in CSV format (ex: results.csv) - -p, --pivot-keywords-list Create a list of pivot keywords - -q, --quiet Quiet mode: do not display the launch banner - -Q, --quiet-errors Quiet errors mode: do not save error logs - -r, --rules Specify a rule directory or file (default: ./rules) - -R, --hide-record-ID Do not display EventRecordID numbers - -s, --statistics Print statistics of event IDs - --start-timeline Start time of the event logs to load (ex: "2020-02-22 00:00:00 +09:00") - -t, --thread-number Thread number (default: optimal number for performance) - -u, --update-rules Update to the latest rules in the hayabusa-rules github repository - -U, --UTC Output time in UTC format (default: local time) - -v, --verbose Output verbose information - -V, --visualize-timeline Output event frequency timeline - --version Print version information + --European-time Output timestamp in European time format (ex: 22-02-2022 22:00:00.123 +02:00) + --RFC-2822 Output timestamp in RFC 2822 format (ex: Fri, 22 Feb 2022 22:00:00 -0600) + --RFC-3339 Output timestamp in RFC 3339 format (ex: 2022-02-22 22:00:00.123456-06:00) + --US-military-time Output timestamp in US military time format (ex: 02-22-2022 22:00:00.123 -06:00) + --US-time Output timestamp in US time format (ex: 02-22-2022 10:00:00.123 PM -06:00) + --target-file-ext ... Specify additional target file extensions (ex: evtx_data) (ex: evtx1 evtx2) + --all-tags Output all tags when saving to a CSV file + -c, --rules-config Specify custom rule config folder (default: ./rules/config) + --contributors Print the list of contributors + -d, --directory Directory of multiple .evtx files + -D, --enable-deprecated-rules Enable rules marked as deprecated + --end-timeline End time of the event logs to load (ex: "2022-02-22 23:59:59 +09:00") + -f, --filepath File path to one .evtx file + -F, --full-data Print all field information + -h, --help Print help information + -l, --live-analysis Analyze the local C:\Windows\System32\winevt\Logs folder + -L, --logon-summary Print a summary of successful and failed logons + --level-tuning Tune alert levels (default: ./rules/config/level_tuning.txt) + -m, --min-level Minimum level for rules (default: informational) + -n, --enable-noisy-rules Enable rules marked as noisy + --no-color Disable color output + -o, --output Save the timeline in CSV format (ex: results.csv) + -p, --pivot-keywords-list Create a list of pivot keywords + -q, --quiet Quiet mode: do not display the launch banner + -Q, --quiet-errors Quiet errors mode: do not save error logs + -r, --rules Specify a rule directory or file (default: ./rules) + -R, --hide-record-ID Do not display EventRecordID numbers + -s, --statistics Print statistics of event IDs + --start-timeline Start time of the event logs to load (ex: "2020-02-22 00:00:00 +09:00") + -t, --thread-number Thread number (default: optimal number for performance) + -u, --update-rules Update to the latest rules in the hayabusa-rules github repository + -U, --UTC Output time in UTC format (default: local time) + -v, --verbose Output verbose information + -V, --visualize-timeline Output event frequency timeline + --version Print version information ``` ## Usage Examples From 0c6316d75b33a02935e4c96646eb331aa792de09 Mon Sep 17 00:00:00 2001 From: DustInDark Date: Thu, 23 Jun 2022 22:11:56 +0900 Subject: [PATCH 13/25] fixed test --- src/afterfact.rs | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/src/afterfact.rs b/src/afterfact.rs index 87c7db0d..246c37e1 100644 --- a/src/afterfact.rs +++ b/src/afterfact.rs @@ -700,8 +700,7 @@ mod tests { use crate::afterfact::emit_csv; use crate::afterfact::format_time; use crate::detections::print; - use crate::detections::print::DetectInfo; - use crate::detections::print::CH_CONFIG; + use crate::detections::print::{DetectInfo ,Message}; use chrono::{Local, TimeZone, Utc}; use hashbrown::HashMap; use serde_json::Value; @@ -717,6 +716,11 @@ mod tests { } fn test_emit_csv_output() { + let mock_ch_filter = Message::create_output_filter_config( + "config/channel_abbreviations.txt", + true, + false, + ); let test_filepath: &str = "test.evtx"; let test_rulepath: &str = "test-rule.yml"; let test_title = "test_title"; @@ -755,7 +759,7 @@ mod tests { level: test_level.to_string(), computername: test_computername.to_string(), eventid: test_eventid.to_string(), - channel: CH_CONFIG + channel: mock_ch_filter .get("Security") .unwrap_or(&String::default()) .to_string(), From 4bae30124ddea9a0395b4b5b368555e35852016f Mon Sep 17 00:00:00 2001 From: DustInDark Date: Thu, 23 Jun 2022 22:12:28 +0900 Subject: [PATCH 14/25] cargo fmt --- src/afterfact.rs | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/src/afterfact.rs b/src/afterfact.rs index 246c37e1..7bcd148b 100644 --- a/src/afterfact.rs +++ b/src/afterfact.rs @@ -700,7 +700,7 @@ mod tests { use crate::afterfact::emit_csv; use crate::afterfact::format_time; use crate::detections::print; - use crate::detections::print::{DetectInfo ,Message}; + use crate::detections::print::{DetectInfo, Message}; use chrono::{Local, TimeZone, Utc}; use hashbrown::HashMap; use serde_json::Value; @@ -716,11 +716,8 @@ mod tests { } fn test_emit_csv_output() { - let mock_ch_filter = Message::create_output_filter_config( - "config/channel_abbreviations.txt", - true, - false, - ); + let mock_ch_filter = + Message::create_output_filter_config("config/channel_abbreviations.txt", true, false); let test_filepath: &str = "test.evtx"; let test_rulepath: &str = "test-rule.yml"; let test_title = "test_title"; From 459e1f39ed9cf6f3e295ca4711a89f21e36c37af Mon Sep 17 00:00:00 2001 From: DustInDark Date: Fri, 24 Jun 2022 21:39:44 +0900 Subject: [PATCH 15/25] adjusted regexes relative path in rule #592 --- src/detections/utils.rs | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/src/detections/utils.rs b/src/detections/utils.rs index b9f9ba4a..c534339a 100644 --- a/src/detections/utils.rs +++ b/src/detections/utils.rs @@ -3,6 +3,8 @@ extern crate csv; extern crate regex; use crate::detections::configs; +use crate::detections::configs::CURRENT_EXE_PATH; + use termcolor::Color; use tokio::runtime::Builder; @@ -66,7 +68,12 @@ pub fn value_to_string(value: &Value) -> Option { } pub fn read_txt(filename: &str) -> Result, String> { - let f = File::open(filename); + let filepath = if filename.starts_with("./") { + CURRENT_EXE_PATH.join(filename).to_str().unwrap().to_string() + } else { + filename.to_string() + }; + let f = File::open(filepath); if f.is_err() { let errmsg = format!("Cannot open file. [file:{}]", filename); return Result::Err(errmsg); From ad79d11fe338066a53d860e6f88646fa6b1c283b Mon Sep 17 00:00:00 2001 From: DustInDark Date: Fri, 24 Jun 2022 21:40:50 +0900 Subject: [PATCH 16/25] cargo fmt --- src/detections/utils.rs | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/src/detections/utils.rs b/src/detections/utils.rs index c534339a..a536d167 100644 --- a/src/detections/utils.rs +++ b/src/detections/utils.rs @@ -69,7 +69,11 @@ pub fn value_to_string(value: &Value) -> Option { pub fn read_txt(filename: &str) -> Result, String> { let filepath = if filename.starts_with("./") { - CURRENT_EXE_PATH.join(filename).to_str().unwrap().to_string() + CURRENT_EXE_PATH + .join(filename) + .to_str() + .unwrap() + .to_string() } else { filename.to_string() }; From 6224e9951ee686819fa20b239d8e68768264e661 Mon Sep 17 00:00:00 2001 From: DustInDark Date: Fri, 24 Jun 2022 22:16:12 +0900 Subject: [PATCH 17/25] fixed test due to check regexes based on exe dirpath. --- src/detections/rule/matchers.rs | 10 +++++----- src/detections/utils.rs | 4 ++-- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/src/detections/rule/matchers.rs b/src/detections/rule/matchers.rs index 5ed1a8c8..3b6b8502 100644 --- a/src/detections/rule/matchers.rs +++ b/src/detections/rule/matchers.rs @@ -523,8 +523,8 @@ mod tests { - ホスト アプリケーション ImagePath: min_length: 1234321 - regexes: ./rules/config/regex/detectlist_suspicous_services.txt - allowlist: ./rules/config/regex/allowlist_legitimate_services.txt + regexes: ./../../../rules/config/regex/detectlist_suspicous_services.txt + allowlist: ./../../../rules/config/regex/allowlist_legitimate_services.txt falsepositives: - unknown level: medium @@ -1111,7 +1111,7 @@ mod tests { selection: EventID: 4103 Channel: - - allowlist: ./rules/config/regex/allowlist_legitimate_services.txt + - allowlist: ./../../../rules/config/regex/allowlist_legitimate_services.txt details: 'command=%CommandLine%' "#; @@ -1145,7 +1145,7 @@ mod tests { selection: EventID: 4103 Channel: - - allowlist: ./rules/config/regex/allowlist_legitimate_services.txt + - allowlist: ./../../../rules/config/regex/allowlist_legitimate_services.txt details: 'command=%CommandLine%' "#; @@ -1179,7 +1179,7 @@ mod tests { selection: EventID: 4103 Channel: - - allowlist: ./rules/config/regex/allowlist_legitimate_services.txt + - allowlist: ./../../../rules/config/regex/allowlist_legitimate_services.txt details: 'command=%CommandLine%' "#; diff --git a/src/detections/utils.rs b/src/detections/utils.rs index a536d167..85f45c36 100644 --- a/src/detections/utils.rs +++ b/src/detections/utils.rs @@ -443,7 +443,7 @@ mod tests { #[test] fn test_check_regex() { let regexes: Vec = - utils::read_txt("./rules/config/regex/detectlist_suspicous_services.txt") + utils::read_txt("./../../../rules/config/regex/detectlist_suspicous_services.txt") .unwrap() .into_iter() .map(|regex_str| Regex::new(®ex_str).unwrap()) @@ -459,7 +459,7 @@ mod tests { fn test_check_allowlist() { let commandline = "\"C:\\Program Files\\Google\\Update\\GoogleUpdate.exe\""; let allowlist: Vec = - utils::read_txt("./rules/config/regex/allowlist_legitimate_services.txt") + utils::read_txt("./../../../rules/config/regex/allowlist_legitimate_services.txt") .unwrap() .into_iter() .map(|allow_str| Regex::new(&allow_str).unwrap()) From 085795d9243883186ed8becebb78691ad6784ae0 Mon Sep 17 00:00:00 2001 From: DustInDark Date: Fri, 24 Jun 2022 22:19:39 +0900 Subject: [PATCH 18/25] fixed sentence in changelog --- CHANGELOG-Japanese.md | 2 +- CHANGELOG.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/CHANGELOG-Japanese.md b/CHANGELOG-Japanese.md index dacbc5cc..68b07d13 100644 --- a/CHANGELOG-Japanese.md +++ b/CHANGELOG-Japanese.md @@ -11,7 +11,7 @@ - Clap Crateパッケージの更新 (#413) (@hitenkoku) - オプションの指定がないときに、`--help`と同じ画面出力を行うように変更した。(#387) (@hitenkoku) - ルール内に`details`フィールドがないときに、`rules/config/default_details.txt`に設定されたデフォルトの出力を行えるようにした。 (#359) (@hitenkoku) -- hayabusa.exeをワーキングディレクトリ以外から動作できるようにした。 (#592) (@hitenkoku) +- hayabusa.exeをカレントワーキングディレクトリ以外から動作できるようにした。 (#592) (@hitenkoku) - `output` オプションで指定されファイルのサイズを出力するようにした。 (#595) (@hitenkoku) **バグ修正:** diff --git a/CHANGELOG.md b/CHANGELOG.md index 1a90a567..a2219f10 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -11,7 +11,7 @@ - Updated clap crate package to version 3. (#413) (@hitnekoku) - Updated the default usage and help menu. (#387) (@hitenkoku) - Added default details output based on `rules/config/default_details.txt` when no `details` field in a rule is specified. (i.e. Sigma rules) (#359) (@hitenkoku) -- Adjusted execution path is not working directory. (#592) (@hitenkoku) +- Adjusted execution path is not current directory. (#592) (@hitenkoku) - Added saved file size output when `output` is specified. (#595) (@hitenkoku) **Bug Fixes:** From b62e7d876795264b9881f8bb7548023a3dc1274e Mon Sep 17 00:00:00 2001 From: Tanaka Zakku <71482215+YamatoSecurity@users.noreply.github.com> Date: Sat, 25 Jun 2022 07:19:53 +0900 Subject: [PATCH 19/25] updated error message --- src/main.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/main.rs b/src/main.rs index 28a015f3..e37e6ac5 100644 --- a/src/main.rs +++ b/src/main.rs @@ -140,7 +140,7 @@ impl App { // 実行時のexeファイルのパスをベースに変更する必要があるためデフォルトの値であった場合はそのexeファイルと同一階層を探すようにする if !CURRENT_EXE_PATH.join("config").exists() { AlertMessage::alert( - "Hayabusa could not find the config directory.\nPlease run it from the Hayabusa root directory.\nExample: ./hayabusa-1.0.0-windows-x64.exe" + "Hayabusa could not find the config directory.\nPlease make sure that it is in the same directory as the hayabusa executable." ) .ok(); return; From e5937899bbd382852a5b52884d18fbd5b632c37b Mon Sep 17 00:00:00 2001 From: Tanaka Zakku <71482215+YamatoSecurity@users.noreply.github.com> Date: Sat, 25 Jun 2022 07:21:27 +0900 Subject: [PATCH 20/25] changelog update --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index a2219f10..3ae78938 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -11,7 +11,7 @@ - Updated clap crate package to version 3. (#413) (@hitnekoku) - Updated the default usage and help menu. (#387) (@hitenkoku) - Added default details output based on `rules/config/default_details.txt` when no `details` field in a rule is specified. (i.e. Sigma rules) (#359) (@hitenkoku) -- Adjusted execution path is not current directory. (#592) (@hitenkoku) +- Hayabusa can be run from any directory, not just from the current directory. (#592) (@hitenkoku) - Added saved file size output when `output` is specified. (#595) (@hitenkoku) **Bug Fixes:** From 27774354617c1cad621fbc63768b0206117fc902 Mon Sep 17 00:00:00 2001 From: DustInDark Date: Sat, 25 Jun 2022 21:07:13 +0900 Subject: [PATCH 21/25] changed relative path to execution dir path in rules option --- src/main.rs | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/src/main.rs b/src/main.rs index 28a015f3..caa7c387 100644 --- a/src/main.rs +++ b/src/main.rs @@ -157,6 +157,19 @@ impl App { { configs::CONFIG.write().unwrap().args.config = CURRENT_EXE_PATH.join("rules/config"); } + // ワーキングディレクトリ以外からの実行の際にrules-configオプションの指定がないとエラーが発生することを防ぐための処理 + if configs::CONFIG + .read() + .unwrap() + .args + .rules + .to_str() + .unwrap() + == "./rules" + { + configs::CONFIG.write().unwrap().args.rules = CURRENT_EXE_PATH.join("rules"); + } + if let Some(csv_path) = &configs::CONFIG.read().unwrap().args.output { let pivot_key_unions = PIVOT_KEYWORD.read().unwrap(); pivot_key_unions.iter().for_each(|(key, _)| { From d391e596e33cad6de4d4e091345257e3909635b9 Mon Sep 17 00:00:00 2001 From: DustInDark Date: Sat, 25 Jun 2022 21:09:35 +0900 Subject: [PATCH 22/25] changed relative path to execution dir path in contributors option --- src/main.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/main.rs b/src/main.rs index caa7c387..10715426 100644 --- a/src/main.rs +++ b/src/main.rs @@ -453,7 +453,7 @@ impl App { } fn print_contributors(&self) { - match fs::read_to_string("./contributors.txt") { + match fs::read_to_string(CURRENT_EXE_PATH.join("contributors.txt")) { Ok(contents) => { write_color_buffer(&BufferWriter::stdout(ColorChoice::Always), None, &contents) .ok(); From 2bb790f991b623febb311485027311f8fa259ffd Mon Sep 17 00:00:00 2001 From: DustInDark Date: Sat, 25 Jun 2022 21:10:43 +0900 Subject: [PATCH 23/25] changed relative path to execution dir path in update option --- src/main.rs | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/src/main.rs b/src/main.rs index 10715426..ba2fa051 100644 --- a/src/main.rs +++ b/src/main.rs @@ -728,8 +728,9 @@ impl App { let mut result; let mut prev_modified_time: SystemTime = SystemTime::UNIX_EPOCH; let mut prev_modified_rules: HashSet = HashSet::default(); - let hayabusa_repo = Repository::open(Path::new(".")); - let hayabusa_rule_repo = Repository::open(Path::new("rules")); + let hayabusa_repo = Repository::open(CURRENT_EXE_PATH.as_path()); + let rules_path = CURRENT_EXE_PATH.join("rules"); + let hayabusa_rule_repo = Repository::open(&rules_path); if hayabusa_repo.is_err() && hayabusa_rule_repo.is_err() { write_color_buffer( &BufferWriter::stdout(ColorChoice::Always), @@ -743,23 +744,22 @@ impl App { // case of exist hayabusa-rules repository self._repo_main_reset_hard(hayabusa_rule_repo.as_ref().unwrap())?; // case of failed fetching origin/main, git clone is not executed so network error has occurred possibly. - prev_modified_rules = self.get_updated_rules("rules", &prev_modified_time); - prev_modified_time = fs::metadata("rules").unwrap().modified().unwrap(); + prev_modified_rules = self.get_updated_rules(&rules_path.to_str().unwrap(), &prev_modified_time); + prev_modified_time = fs::metadata(&rules_path).unwrap().modified().unwrap(); result = self.pull_repository(&hayabusa_rule_repo.unwrap()); } else { // case of no exist hayabusa-rules repository in rules. // execute update because submodule information exists if hayabusa repository exists submodule information. - prev_modified_time = fs::metadata("rules").unwrap().modified().unwrap(); - let rules_path = Path::new("rules"); - if !rules_path.exists() { - create_dir(rules_path).ok(); + prev_modified_time = fs::metadata(&rules_path).unwrap().modified().unwrap(); + if !&rules_path.exists() { + create_dir(&rules_path).ok(); } let hayabusa_repo = hayabusa_repo.unwrap(); let submodules = hayabusa_repo.submodules()?; let mut is_success_submodule_update = true; // submodule rules erase path is hard coding to avoid unintentional remove folder. - fs::remove_dir_all(".git/.submodule/rules").ok(); + fs::remove_dir_all(CURRENT_EXE_PATH.join(".git/.submodule/rules")).ok(); for mut submodule in submodules { submodule.update(true, None)?; let submodule_repo = submodule.open()?; @@ -775,7 +775,7 @@ impl App { } } if result.is_ok() { - let updated_modified_rules = self.get_updated_rules("rules", &prev_modified_time); + let updated_modified_rules = self.get_updated_rules(&rules_path.to_str().unwrap(), &prev_modified_time); result = self.print_diff_modified_rule_dates(prev_modified_rules, updated_modified_rules); } @@ -832,7 +832,7 @@ impl App { fn clone_rules(&self) -> Result { match Repository::clone( "https://github.com/Yamato-Security/hayabusa-rules.git", - "rules", + CURRENT_EXE_PATH.join("rules"), ) { Ok(_repo) => { println!("Finished cloning the hayabusa-rules repository."); From cee04487eaf54d73bcd5d9ea3d84ece4e570cfb7 Mon Sep 17 00:00:00 2001 From: DustInDark Date: Sat, 25 Jun 2022 21:12:17 +0900 Subject: [PATCH 24/25] cargo fmt --- src/main.rs | 24 +++++++++--------------- 1 file changed, 9 insertions(+), 15 deletions(-) diff --git a/src/main.rs b/src/main.rs index ba2fa051..d6634f99 100644 --- a/src/main.rs +++ b/src/main.rs @@ -157,19 +157,11 @@ impl App { { configs::CONFIG.write().unwrap().args.config = CURRENT_EXE_PATH.join("rules/config"); } - // ワーキングディレクトリ以外からの実行の際にrules-configオプションの指定がないとエラーが発生することを防ぐための処理 - if configs::CONFIG - .read() - .unwrap() - .args - .rules - .to_str() - .unwrap() - == "./rules" - { - configs::CONFIG.write().unwrap().args.rules = CURRENT_EXE_PATH.join("rules"); - } - + // ワーキングディレクトリ以外からの実行の際にrules-configオプションの指定がないとエラーが発生することを防ぐための処理 + if configs::CONFIG.read().unwrap().args.rules.to_str().unwrap() == "./rules" { + configs::CONFIG.write().unwrap().args.rules = CURRENT_EXE_PATH.join("rules"); + } + if let Some(csv_path) = &configs::CONFIG.read().unwrap().args.output { let pivot_key_unions = PIVOT_KEYWORD.read().unwrap(); pivot_key_unions.iter().for_each(|(key, _)| { @@ -744,7 +736,8 @@ impl App { // case of exist hayabusa-rules repository self._repo_main_reset_hard(hayabusa_rule_repo.as_ref().unwrap())?; // case of failed fetching origin/main, git clone is not executed so network error has occurred possibly. - prev_modified_rules = self.get_updated_rules(&rules_path.to_str().unwrap(), &prev_modified_time); + prev_modified_rules = + self.get_updated_rules(&rules_path.to_str().unwrap(), &prev_modified_time); prev_modified_time = fs::metadata(&rules_path).unwrap().modified().unwrap(); result = self.pull_repository(&hayabusa_rule_repo.unwrap()); } else { @@ -775,7 +768,8 @@ impl App { } } if result.is_ok() { - let updated_modified_rules = self.get_updated_rules(&rules_path.to_str().unwrap(), &prev_modified_time); + let updated_modified_rules = + self.get_updated_rules(&rules_path.to_str().unwrap(), &prev_modified_time); result = self.print_diff_modified_rule_dates(prev_modified_rules, updated_modified_rules); } From 2b800e2f90d1b1dcd62a3627b604fe752f1a2bb3 Mon Sep 17 00:00:00 2001 From: DustInDark Date: Sat, 25 Jun 2022 21:51:20 +0900 Subject: [PATCH 25/25] fixed clippy error --- src/main.rs | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/main.rs b/src/main.rs index 4ec8cbf9..4c7c684e 100644 --- a/src/main.rs +++ b/src/main.rs @@ -737,7 +737,7 @@ impl App { self._repo_main_reset_hard(hayabusa_rule_repo.as_ref().unwrap())?; // case of failed fetching origin/main, git clone is not executed so network error has occurred possibly. prev_modified_rules = - self.get_updated_rules(&rules_path.to_str().unwrap(), &prev_modified_time); + self.get_updated_rules(rules_path.to_str().unwrap(), &prev_modified_time); prev_modified_time = fs::metadata(&rules_path).unwrap().modified().unwrap(); result = self.pull_repository(&hayabusa_rule_repo.unwrap()); } else { @@ -769,7 +769,7 @@ impl App { } if result.is_ok() { let updated_modified_rules = - self.get_updated_rules(&rules_path.to_str().unwrap(), &prev_modified_time); + self.get_updated_rules(rules_path.to_str().unwrap(), &prev_modified_time); result = self.print_diff_modified_rule_dates(prev_modified_rules, updated_modified_rules); }