From 191d1df9f05512cbb6fd0234187f93bb3df03705 Mon Sep 17 00:00:00 2001
From: ichiichi11 <takai.wa.hajime@gmail.com>
Date: Sat, 4 Dec 2021 19:23:50 +0900
Subject: [PATCH] add exclude files and fix bugs.

---
 config/exclude-rules.txt |  2 ++
 src/fillter.rs           |  2 --
 src/main.rs              |  9 +++++++--
 src/yaml.rs              | 19 ++++++++++---------
 4 files changed, 19 insertions(+), 13 deletions(-)

diff --git a/config/exclude-rules.txt b/config/exclude-rules.txt
index e69de29b..69422602 100644
--- a/config/exclude-rules.txt
+++ b/config/exclude-rules.txt
@@ -0,0 +1,2 @@
+4fe151c2-ecf9-4fae-95ae-b88ec9c2fca6
+c92f1896-d1d2-43c3-92d5-7a5b35c217bb
\ No newline at end of file
diff --git a/src/fillter.rs b/src/fillter.rs
index 058bd0fc..d3ddb429 100644
--- a/src/fillter.rs
+++ b/src/fillter.rs
@@ -1,7 +1,5 @@
 use std::collections::HashSet;
 
-
-
 #[derive(Clone, Debug)]
 pub struct RuleFill {
     pub no_use_rule: HashSet<String>,
diff --git a/src/main.rs b/src/main.rs
index 15255e6e..86050cbd 100644
--- a/src/main.rs
+++ b/src/main.rs
@@ -131,7 +131,7 @@ fn analysis_files(evtx_files: Vec<PathBuf>) {
         .args
         .is_present("show-noisyalerts")
     {
-        ids += "\n";    // 改行を入れないとexclude-rulesの一番最後の行とnoisy-rules.txtの一番最後の行が一行にまとめられてしまう。
+        ids += "\n"; // 改行を入れないとexclude-rulesの一番最後の行とnoisy-rules.txtの一番最後の行が一行にまとめられてしまう。
         ids += &String::from_utf8(fs::read("config/noisy-rules.txt").unwrap()).unwrap();
     }
 
@@ -140,7 +140,12 @@ fn analysis_files(evtx_files: Vec<PathBuf>) {
     };
 
     for v in ids.split_whitespace() {
-        fill_ids.no_use_rule.insert(v.to_string());
+        let v = v.to_string();
+        if v.is_empty() {
+            // 空行は無視する。
+            continue;
+        }
+        fill_ids.no_use_rule.insert(v);
     }
     let rule_files = detection::Detection::parse_rule_files(
         level,
diff --git a/src/yaml.rs b/src/yaml.rs
index 8c89ec01..da18486c 100644
--- a/src/yaml.rs
+++ b/src/yaml.rs
@@ -138,14 +138,14 @@ impl ParseYaml {
                 }
 
                 //除外されたルールは無視する
-                match fill_ids
-                    .no_use_rule
-                    .get(&yaml_doc["id"].as_str().unwrap_or("").to_string())
-                {
-                     None => (),
-                     Some(_) => {
-                        self.ignorerule_count += 1;
-                        return Option::None;
+                let rule_id = &yaml_doc["id"].as_str();
+                if rule_id.is_some() {
+                    match fill_ids.no_use_rule.get(&rule_id.unwrap_or("").to_string()) {
+                        None => (),
+                        Some(_) => {
+                            self.ignorerule_count += 1;
+                            return Option::None;
+                        }
                     }
                 }
 
@@ -236,7 +236,8 @@ mod tests {
         let fill_ids = RuleFill {
             no_use_rule: HashSet::new(),
         };
-        yaml.read_dir(path.to_path_buf(), &"LOW", &fill_ids).unwrap();
+        yaml.read_dir(path.to_path_buf(), &"LOW", &fill_ids)
+            .unwrap();
         assert_eq!(yaml.files.len(), 4);
     }
     #[test]