CSEC_PUBLIC/hayabusa
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

created error log output feature #301

Browse Source
This commit is contained in:
DustInDark
2021-12-20 00:46:04 +09:00
parent 8798de6839
commit 0e0ceff861
5 changed files with 54 additions and 31 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
src/afterfact.rs
View File

@@ -37,9 +37,8 @@ pub struct DisplayFormat<'a> {
pub fn after_fact() { pub fn after_fact() {
let fn_emit_csv_err = |err: Box<dyn Error>| { let fn_emit_csv_err = |err: Box<dyn Error>| {
AlertMessage::alert( AlertMessage::alert(
&mut BufWriter::new(File::open(ERROR_LOG_PATH.to_string()).unwrap()), &mut std::io::stderr().lock(),
format!("Failed to write CSV. {}", err), format!("Failed to write CSV. {}", err),
true,
) )
.ok(); .ok();
process::exit(1); process::exit(1);
@@ -56,9 +55,8 @@ pub fn after_fact() {
Ok(file) => Box::new(BufWriter::new(file)), Ok(file) => Box::new(BufWriter::new(file)),
Err(err) => { Err(err) => {
AlertMessage::alert( AlertMessage::alert(
&mut BufWriter::new(File::open(ERROR_LOG_PATH.to_string()).unwrap()), &mut std::io::stderr().lock(),
format!("Failed to open file. {}", err), format!("Failed to open file. {}", err),
true,
) )
.ok(); .ok();
process::exit(1); process::exit(1);

10
src/detections/detection.rs
View File

@@ -13,7 +13,7 @@ use crate::yaml::ParseYaml;
use hashbrown; use hashbrown;
use serde_json::Value; use serde_json::Value;
use std::collections::HashMap; use std::collections::HashMap;
use std::fs::File; use std::fs::OpenOptions;
use std::io::BufWriter; use std::io::BufWriter;
use tokio::{runtime::Runtime, spawn, task::JoinHandle}; use tokio::{runtime::Runtime, spawn, task::JoinHandle};
@@ -62,9 +62,13 @@ impl Detection {
rulefile_loader.read_dir(rulespath.unwrap_or(DIRPATH_RULES), &level, exclude_ids); rulefile_loader.read_dir(rulespath.unwrap_or(DIRPATH_RULES), &level, exclude_ids);
if result_readdir.is_err() { if result_readdir.is_err() {
AlertMessage::alert( AlertMessage::alert(
&mut BufWriter::new(File::open(ERROR_LOG_PATH.to_string()).unwrap()), &mut BufWriter::new(
OpenOptions::new()
.append(true)
.open(ERROR_LOG_PATH.to_string())
.unwrap(),
),
format!("{}", result_readdir.unwrap_err()), format!("{}", result_readdir.unwrap_err()),
true,
) )
.ok(); .ok();
return vec![]; return vec![];

12
src/detections/print.rs
View File

@@ -14,9 +14,8 @@ use std::fs::create_dir;
use std::fs::remove_file; use std::fs::remove_file;
use std::fs::File; use std::fs::File;
use std::io::BufWriter; use std::io::BufWriter;
use std::path::Path;
use std::io::{self, Write}; use std::io::{self, Write};
use std::path::Path;
use std::sync::Mutex; use std::sync::Mutex;
#[derive(Debug)] #[derive(Debug)]
@@ -235,10 +234,7 @@ impl AlertMessage {
} }
/// ERRORメッセージを表示する関数。error_log_flagでfalseの場合は外部へのエラーログの書き込みは行わずに指定されたwを用いた出力のみ行う。trueの場合はwを用いた出力を行わずにエラーログへの出力を行う /// ERRORメッセージを表示する関数。error_log_flagでfalseの場合は外部へのエラーログの書き込みは行わずに指定されたwを用いた出力のみ行う。trueの場合はwを用いた出力を行わずにエラーログへの出力を行う
pub fn alert<W: Write>(w: &mut W, contents: String, error_log_flag: bool) -> io::Result<()> { pub fn alert<W: Write>(w: &mut W, contents: String) -> io::Result<()> {
if error_log_flag {
ALERT_COUNT_IN_ERROR_LOG.lock().unwrap().countup();
}
writeln!(w, "[ERROR] {}", contents) writeln!(w, "[ERROR] {}", contents)
} }
@@ -386,7 +382,7 @@ mod tests {
let input = "TEST!"; let input = "TEST!";
let stdout = std::io::stdout(); let stdout = std::io::stdout();
let mut stdout = stdout.lock(); let mut stdout = stdout.lock();
AlertMessage::alert(&mut stdout, input.to_string(), false).expect("[ERROR] TEST!"); AlertMessage::alert(&mut stdout, input.to_string()).expect("[ERROR] TEST!");
} }
#[test] #[test]
@@ -394,7 +390,7 @@ mod tests {
let input = "TESTWarn!"; let input = "TESTWarn!";
let stdout = std::io::stdout(); let stdout = std::io::stdout();
let mut stdout = stdout.lock(); let mut stdout = stdout.lock();
AlertMessage::alert(&mut stdout, input.to_string(), false).expect("[WARN] TESTWarn!"); AlertMessage::alert(&mut stdout, input.to_string()).expect("[WARN] TESTWarn!");
} }
#[test] #[test]

36
src/detections/rule/count.rs
View File

@@ -7,7 +7,7 @@ use crate::detections::rule::RuleNode;
use chrono::{DateTime, TimeZone, Utc}; use chrono::{DateTime, TimeZone, Utc};
use serde_json::Value; use serde_json::Value;
use std::collections::HashMap; use std::collections::HashMap;
use std::fs::File; use std::fs::OpenOptions;
use std::io::BufWriter; use std::io::BufWriter;
use std::num::ParseIntError; use std::num::ParseIntError;
@@ -60,9 +60,13 @@ pub fn create_count_key(rule: &RuleNode, record: &Value) -> String {
} }
None => { None => {
AlertMessage::alert( AlertMessage::alert(
&mut BufWriter::new(File::open(ERROR_LOG_PATH.to_string()).unwrap()), &mut BufWriter::new(
OpenOptions::new()
.append(true)
.open(ERROR_LOG_PATH.to_string())
.unwrap(),
),
format!("field_value alias not found.value:{}", field_value), format!("field_value alias not found.value:{}", field_value),
true,
) )
.ok(); .ok();
} }
@@ -77,9 +81,13 @@ pub fn create_count_key(rule: &RuleNode, record: &Value) -> String {
} }
None => { None => {
AlertMessage::alert( AlertMessage::alert(
&mut BufWriter::new(File::open(ERROR_LOG_PATH.to_string()).unwrap()), &mut BufWriter::new(
OpenOptions::new()
.append(true)
.open(ERROR_LOG_PATH.to_string())
.unwrap(),
),
format!("by_field_value alias not found.value:{}", by_field_value), format!("by_field_value alias not found.value:{}", by_field_value),
true,
) )
.ok(); .ok();
} }
@@ -160,9 +168,13 @@ impl TimeFrameInfo {
tnum.retain(|c| c != 'd'); tnum.retain(|c| c != 'd');
} else { } else {
AlertMessage::alert( AlertMessage::alert(
&mut BufWriter::new(File::open(ERROR_LOG_PATH.to_string()).unwrap()), &mut BufWriter::new(
OpenOptions::new()
.append(true)
.open(ERROR_LOG_PATH.to_string())
.unwrap(),
),
format!("Timeframe is invalid. Input value:{}", value), format!("Timeframe is invalid. Input value:{}", value),
true,
) )
.ok(); .ok();
} }
@@ -193,9 +205,13 @@ pub fn get_sec_timeframe(timeframe: &Option<TimeFrameInfo>) -> Option<i64> {
} }
Err(err) => { Err(err) => {
AlertMessage::alert( AlertMessage::alert(
&mut BufWriter::new(File::open(ERROR_LOG_PATH.to_string()).unwrap()), &mut BufWriter::new(
format!("Timeframe number is invalid. timeframe.{}", err), OpenOptions::new()
true, .append(true)
.open(ERROR_LOG_PATH.to_string())
.unwrap(),
),
format!("Timeframe number is invalid. timeframe: {}", err),
) )
.ok(); .ok();
return Option::None; return Option::None;

21
src/main.rs
View File

@@ -17,6 +17,7 @@ use pbr::ProgressBar;
use serde_json::Value; use serde_json::Value;
use std::collections::{HashMap, HashSet}; use std::collections::{HashMap, HashSet};
use std::fmt::Display; use std::fmt::Display;
use std::fs::OpenOptions;
use std::io::BufWriter; use std::io::BufWriter;
use std::sync::Arc; use std::sync::Arc;
use std::{ use std::{
@@ -74,7 +75,6 @@ impl App {
AlertMessage::alert( AlertMessage::alert(
&mut std::io::stderr().lock(), &mut std::io::stderr().lock(),
"--filepath only accepts .evtx files.".to_owned(), "--filepath only accepts .evtx files.".to_owned(),
false,
) )
.ok(); .ok();
return; return;
@@ -105,15 +105,20 @@ impl App {
let analysis_duration = analysis_end_time.signed_duration_since(analysis_start_time); let analysis_duration = analysis_end_time.signed_duration_since(analysis_start_time);
println!("Elapsed Time: {}", &analysis_duration.hhmmssxxx()); println!("Elapsed Time: {}", &analysis_duration.hhmmssxxx());
println!(""); println!("");
AlertMessage::output_error_log_exist();
} }
fn collect_evtxfiles(&self, dirpath: &str) -> Vec<PathBuf> { fn collect_evtxfiles(&self, dirpath: &str) -> Vec<PathBuf> {
let entries = fs::read_dir(dirpath); let entries = fs::read_dir(dirpath);
if entries.is_err() { if entries.is_err() {
AlertMessage::alert( AlertMessage::alert(
&mut BufWriter::new(File::open(ERROR_LOG_PATH.to_string()).unwrap()), &mut BufWriter::new(
OpenOptions::new()
.append(true)
.open(ERROR_LOG_PATH.to_string())
.unwrap(),
),
format!("{}", entries.unwrap_err()), format!("{}", entries.unwrap_err()),
true,
) )
.ok(); .ok();
return vec![]; return vec![];
@@ -147,7 +152,7 @@ impl App {
match fs::read_to_string("./contributors.txt") { match fs::read_to_string("./contributors.txt") {
Ok(contents) => println!("{}", contents), Ok(contents) => println!("{}", contents),
Err(err) => { Err(err) => {
AlertMessage::alert(&mut std::io::stderr().lock(), format!("{}", err), false).ok(); AlertMessage::alert(&mut std::io::stderr().lock(), format!("{}", err)).ok();
} }
} }
} }
@@ -217,9 +222,13 @@ impl App {
record_result.unwrap_err() record_result.unwrap_err()
); );
AlertMessage::alert( AlertMessage::alert(
&mut BufWriter::new(File::open(ERROR_LOG_PATH.to_string()).unwrap()), &mut BufWriter::new(
OpenOptions::new()
.append(true)
.open(ERROR_LOG_PATH.to_string())
.unwrap(),
),
errmsg, errmsg,
true,
) )
.ok(); .ok();
continue; continue;