diff --git a/src/afterfact.rs b/src/afterfact.rs index 0c5de957..9689a123 100644 --- a/src/afterfact.rs +++ b/src/afterfact.rs @@ -37,9 +37,8 @@ pub struct DisplayFormat<'a> { pub fn after_fact() { let fn_emit_csv_err = |err: Box| { AlertMessage::alert( - &mut BufWriter::new(File::open(ERROR_LOG_PATH.to_string()).unwrap()), + &mut std::io::stderr().lock(), format!("Failed to write CSV. {}", err), - true, ) .ok(); process::exit(1); @@ -56,9 +55,8 @@ pub fn after_fact() { Ok(file) => Box::new(BufWriter::new(file)), Err(err) => { AlertMessage::alert( - &mut BufWriter::new(File::open(ERROR_LOG_PATH.to_string()).unwrap()), + &mut std::io::stderr().lock(), format!("Failed to open file. {}", err), - true, ) .ok(); process::exit(1); diff --git a/src/detections/detection.rs b/src/detections/detection.rs index dd8af7a2..dcb8fd68 100644 --- a/src/detections/detection.rs +++ b/src/detections/detection.rs @@ -13,7 +13,7 @@ use crate::yaml::ParseYaml; use hashbrown; use serde_json::Value; use std::collections::HashMap; -use std::fs::File; +use std::fs::OpenOptions; use std::io::BufWriter; use tokio::{runtime::Runtime, spawn, task::JoinHandle}; @@ -62,9 +62,13 @@ impl Detection { rulefile_loader.read_dir(rulespath.unwrap_or(DIRPATH_RULES), &level, exclude_ids); if result_readdir.is_err() { AlertMessage::alert( - &mut BufWriter::new(File::open(ERROR_LOG_PATH.to_string()).unwrap()), + &mut BufWriter::new( + OpenOptions::new() + .append(true) + .open(ERROR_LOG_PATH.to_string()) + .unwrap(), + ), format!("{}", result_readdir.unwrap_err()), - true, ) .ok(); return vec![]; diff --git a/src/detections/print.rs b/src/detections/print.rs index 43efff98..7f64b400 100644 --- a/src/detections/print.rs +++ b/src/detections/print.rs @@ -14,9 +14,8 @@ use std::fs::create_dir; use std::fs::remove_file; use std::fs::File; use std::io::BufWriter; -use std::path::Path; - use std::io::{self, Write}; +use std::path::Path; use std::sync::Mutex; #[derive(Debug)] @@ -235,10 +234,7 @@ impl AlertMessage { } /// ERRORメッセージを表示する関数。error_log_flagでfalseの場合は外部へのエラーログの書き込みは行わずに指定されたwを用いた出力のみ行う。trueの場合はwを用いた出力を行わずにエラーログへの出力を行う - pub fn alert(w: &mut W, contents: String, error_log_flag: bool) -> io::Result<()> { - if error_log_flag { - ALERT_COUNT_IN_ERROR_LOG.lock().unwrap().countup(); - } + pub fn alert(w: &mut W, contents: String) -> io::Result<()> { writeln!(w, "[ERROR] {}", contents) } @@ -386,7 +382,7 @@ mod tests { let input = "TEST!"; let stdout = std::io::stdout(); let mut stdout = stdout.lock(); - AlertMessage::alert(&mut stdout, input.to_string(), false).expect("[ERROR] TEST!"); + AlertMessage::alert(&mut stdout, input.to_string()).expect("[ERROR] TEST!"); } #[test] @@ -394,7 +390,7 @@ mod tests { let input = "TESTWarn!"; let stdout = std::io::stdout(); let mut stdout = stdout.lock(); - AlertMessage::alert(&mut stdout, input.to_string(), false).expect("[WARN] TESTWarn!"); + AlertMessage::alert(&mut stdout, input.to_string()).expect("[WARN] TESTWarn!"); } #[test] diff --git a/src/detections/rule/count.rs b/src/detections/rule/count.rs index 3698eb39..87e34c7d 100644 --- a/src/detections/rule/count.rs +++ b/src/detections/rule/count.rs @@ -7,7 +7,7 @@ use crate::detections::rule::RuleNode; use chrono::{DateTime, TimeZone, Utc}; use serde_json::Value; use std::collections::HashMap; -use std::fs::File; +use std::fs::OpenOptions; use std::io::BufWriter; use std::num::ParseIntError; @@ -60,9 +60,13 @@ pub fn create_count_key(rule: &RuleNode, record: &Value) -> String { } None => { AlertMessage::alert( - &mut BufWriter::new(File::open(ERROR_LOG_PATH.to_string()).unwrap()), + &mut BufWriter::new( + OpenOptions::new() + .append(true) + .open(ERROR_LOG_PATH.to_string()) + .unwrap(), + ), format!("field_value alias not found.value:{}", field_value), - true, ) .ok(); } @@ -77,9 +81,13 @@ pub fn create_count_key(rule: &RuleNode, record: &Value) -> String { } None => { AlertMessage::alert( - &mut BufWriter::new(File::open(ERROR_LOG_PATH.to_string()).unwrap()), + &mut BufWriter::new( + OpenOptions::new() + .append(true) + .open(ERROR_LOG_PATH.to_string()) + .unwrap(), + ), format!("by_field_value alias not found.value:{}", by_field_value), - true, ) .ok(); } @@ -160,9 +168,13 @@ impl TimeFrameInfo { tnum.retain(|c| c != 'd'); } else { AlertMessage::alert( - &mut BufWriter::new(File::open(ERROR_LOG_PATH.to_string()).unwrap()), + &mut BufWriter::new( + OpenOptions::new() + .append(true) + .open(ERROR_LOG_PATH.to_string()) + .unwrap(), + ), format!("Timeframe is invalid. Input value:{}", value), - true, ) .ok(); } @@ -193,9 +205,13 @@ pub fn get_sec_timeframe(timeframe: &Option) -> Option { } Err(err) => { AlertMessage::alert( - &mut BufWriter::new(File::open(ERROR_LOG_PATH.to_string()).unwrap()), - format!("Timeframe number is invalid. timeframe.{}", err), - true, + &mut BufWriter::new( + OpenOptions::new() + .append(true) + .open(ERROR_LOG_PATH.to_string()) + .unwrap(), + ), + format!("Timeframe number is invalid. timeframe: {}", err), ) .ok(); return Option::None; diff --git a/src/main.rs b/src/main.rs index c78d4a55..ed0fb06c 100644 --- a/src/main.rs +++ b/src/main.rs @@ -17,6 +17,7 @@ use pbr::ProgressBar; use serde_json::Value; use std::collections::{HashMap, HashSet}; use std::fmt::Display; +use std::fs::OpenOptions; use std::io::BufWriter; use std::sync::Arc; use std::{ @@ -74,7 +75,6 @@ impl App { AlertMessage::alert( &mut std::io::stderr().lock(), "--filepath only accepts .evtx files.".to_owned(), - false, ) .ok(); return; @@ -105,15 +105,20 @@ impl App { let analysis_duration = analysis_end_time.signed_duration_since(analysis_start_time); println!("Elapsed Time: {}", &analysis_duration.hhmmssxxx()); println!(""); + AlertMessage::output_error_log_exist(); } fn collect_evtxfiles(&self, dirpath: &str) -> Vec { let entries = fs::read_dir(dirpath); if entries.is_err() { AlertMessage::alert( - &mut BufWriter::new(File::open(ERROR_LOG_PATH.to_string()).unwrap()), + &mut BufWriter::new( + OpenOptions::new() + .append(true) + .open(ERROR_LOG_PATH.to_string()) + .unwrap(), + ), format!("{}", entries.unwrap_err()), - true, ) .ok(); return vec![]; @@ -147,7 +152,7 @@ impl App { match fs::read_to_string("./contributors.txt") { Ok(contents) => println!("{}", contents), Err(err) => { - AlertMessage::alert(&mut std::io::stderr().lock(), format!("{}", err), false).ok(); + AlertMessage::alert(&mut std::io::stderr().lock(), format!("{}", err)).ok(); } } } @@ -217,9 +222,13 @@ impl App { record_result.unwrap_err() ); AlertMessage::alert( - &mut BufWriter::new(File::open(ERROR_LOG_PATH.to_string()).unwrap()), + &mut BufWriter::new( + OpenOptions::new() + .append(true) + .open(ERROR_LOG_PATH.to_string()) + .unwrap(), + ), errmsg, - true, ) .ok(); continue;