cache regex for allowlist and regexes keyword. (#174)

2021-11-10 03:10:03 +09:00
parent 1bdf6943ff
commit 15a28e5602
2 changed files with 50 additions and 48 deletions
--- a/src/detections/utils.rs
+++ b/src/detections/utils.rs
@@ -24,14 +24,9 @@ pub fn concat_selection_key(key_list: &Vec<String>) -> String {
        });
 }

-pub fn check_regex(string: &str, regex_list: &Vec<String>) -> bool {
-    for line in regex_list {
-        if line.is_empty() {
-            continue;
-        }
-
-        let re = Regex::new(line);
-        if re.is_err() || re.unwrap().is_match(string) == false {
+pub fn check_regex(string: &str, regex_list: &Vec<Regex>) -> bool {
+    for regex in regex_list {
+        if regex.is_match(string) == false {
            continue;
        }

@@ -41,14 +36,9 @@ pub fn check_regex(string: &str, regex_list: &Vec<String>) -> bool {
    return false;
 }

-pub fn check_allowlist(target: &str, allowlist: &Vec<String>) -> bool {
-    for line in allowlist {
-        if line.is_empty() {
-            continue;
-        }
-
-        let r = Regex::new(line);
-        if r.is_ok() && r.unwrap().is_match(target) {
+pub fn check_allowlist(target: &str, regexes: &Vec<Regex>) -> bool {
+    for regex in regexes {
+        if regex.is_match(target) {
            return true;
        }
    }
@@ -159,9 +149,15 @@ pub fn create_tokio_runtime() -> Runtime {
 #[cfg(test)]
 mod tests {
    use crate::detections::utils;
+    use regex::Regex;
+
    #[test]
    fn test_check_regex() {
-        let regexes = utils::read_txt("regexes.txt").unwrap();
+        let regexes = utils::read_txt("regexes.txt")
+            .unwrap()
+            .into_iter()
+            .map(|regex_str| Regex::new(&regex_str).unwrap())
+            .collect();
        let regextext = utils::check_regex("\\cvtres.exe", &regexes);
        assert!(regextext == true);

@@ -172,7 +168,11 @@ mod tests {
    #[test]
    fn test_check_allowlist() {
        let commandline = "\"C:\\Program Files\\Google\\Update\\GoogleUpdate.exe\"";
-        let allowlist = utils::read_txt("allowlist.txt").unwrap();
+        let allowlist = utils::read_txt("allowlist.txt")
+            .unwrap()
+            .into_iter()
+            .map(|allow_str| Regex::new(&allow_str).unwrap())
+            .collect();
        assert!(true == utils::check_allowlist(commandline, &allowlist));

        let commandline = "\"C:\\Program Files\\Google\\Update\\GoogleUpdate2.exe\"";