CSEC_PUBLIC/hayabusa
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

change from stdout to stderr. (#190)

Browse Source
This commit is contained in:
James
2021-11-12 13:21:14 +09:00
committed by GitHub
parent 66b8f2de9e
commit 22c8302c4c
5 changed files with 34 additions and 42 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
src/afterfact.rs
View File

@@ -25,9 +25,11 @@ pub struct CsvFormat<'a> {
pub fn after_fact() { pub fn after_fact() {
let fn_emit_csv_err = |err: Box<dyn Error>| { let fn_emit_csv_err = |err: Box<dyn Error>| {
let stdout = std::io::stdout(); AlertMessage::alert(
let mut stdout = stdout.lock(); &mut std::io::stderr().lock(),
AlertMessage::alert(&mut stdout, format!("Failed to write CSV. {}", err)).ok(); format!("Failed to write CSV. {}", err),
)
.ok();
process::exit(1); process::exit(1);
}; };
@@ -56,9 +58,11 @@ pub fn after_fact() {
match File::create(csv_path) { match File::create(csv_path) {
Ok(file) => Box::new(file), Ok(file) => Box::new(file),
Err(err) => { Err(err) => {
let stdout = std::io::stdout(); AlertMessage::alert(
let mut stdout = stdout.lock(); &mut std::io::stderr().lock(),
AlertMessage::alert(&mut stdout, format!("Failed to open file. {}", err)).ok(); format!("Failed to open file. {}", err),
)
.ok();
process::exit(1); process::exit(1);
} }
} }

14
src/detections/detection.rs
View File

@@ -51,9 +51,11 @@ impl Detection {
let mut rulefile_loader = ParseYaml::new(); let mut rulefile_loader = ParseYaml::new();
let resutl_readdir = rulefile_loader.read_dir(DIRPATH_RULES, &level); let resutl_readdir = rulefile_loader.read_dir(DIRPATH_RULES, &level);
if resutl_readdir.is_err() { if resutl_readdir.is_err() {
let stdout = std::io::stdout(); AlertMessage::alert(
let mut stdout = stdout.lock(); &mut std::io::stderr().lock(),
AlertMessage::alert(&mut stdout, format!("{}", resutl_readdir.unwrap_err())).ok(); format!("{}", resutl_readdir.unwrap_err()),
)
.ok();
return vec![]; return vec![];
} }
@@ -65,14 +67,12 @@ impl Detection {
// ruleファイルのパースに失敗した場合はエラー出力 // ruleファイルのパースに失敗した場合はエラー出力
err_msgs_result.err().iter().for_each(|err_msgs| { err_msgs_result.err().iter().for_each(|err_msgs| {
let stdout = std::io::stdout();
let mut stdout = stdout.lock();
let errmsg_body = let errmsg_body =
format!("Failed to parse Rule file. (FilePath : {})", rule.rulepath); format!("Failed to parse Rule file. (FilePath : {})", rule.rulepath);
AlertMessage::alert(&mut stdout, errmsg_body).ok(); AlertMessage::alert(&mut std::io::stderr().lock(), errmsg_body).ok();
err_msgs.iter().for_each(|err_msg| { err_msgs.iter().for_each(|err_msg| {
AlertMessage::alert(&mut stdout, err_msg.to_string()).ok(); AlertMessage::alert(&mut std::io::stderr().lock(), err_msg.to_string()).ok();
}); });
println!(""); // 一行開けるためのprintln println!(""); // 一行開けるためのprintln
}); });

16
src/detections/rule/count.rs
View File

@@ -69,10 +69,8 @@ pub fn create_count_key(rule: &RuleNode, record: &Value) -> String {
key.push_str(&value.to_string().replace("\"", "")); key.push_str(&value.to_string().replace("\"", ""));
} }
None => { None => {
let stdout = std::io::stdout();
let mut stdout = stdout.lock();
AlertMessage::alert( AlertMessage::alert(
&mut stdout, &mut std::io::stderr().lock(),
format!("field_value alias not found.value:{}", field_value), format!("field_value alias not found.value:{}", field_value),
) )
.ok(); .ok();
@@ -87,10 +85,8 @@ pub fn create_count_key(rule: &RuleNode, record: &Value) -> String {
key.push_str(&value.to_string().replace("\"", "")); key.push_str(&value.to_string().replace("\"", ""));
} }
None => { None => {
let stdout = std::io::stdout();
let mut stdout = stdout.lock();
AlertMessage::alert( AlertMessage::alert(
&mut stdout, &mut std::io::stderr().lock(),
format!("by_field_value alias not found.value:{}", by_field_value), format!("by_field_value alias not found.value:{}", by_field_value),
) )
.ok(); .ok();
@@ -177,10 +173,8 @@ impl TimeFrameInfo {
ttype = "d".to_owned(); ttype = "d".to_owned();
tnum.retain(|c| c != 'd'); tnum.retain(|c| c != 'd');
} else { } else {
let stdout = std::io::stdout();
let mut stdout = stdout.lock();
AlertMessage::alert( AlertMessage::alert(
&mut stdout, &mut std::io::stderr().lock(),
format!("timeframe is invalid.input value:{}", value), format!("timeframe is invalid.input value:{}", value),
) )
.ok(); .ok();
@@ -211,10 +205,8 @@ pub fn get_sec_timeframe(timeframe: &Option<TimeFrameInfo>) -> Option<i64> {
} }
} }
Err(err) => { Err(err) => {
let stdout = std::io::stdout();
let mut stdout = stdout.lock();
AlertMessage::alert( AlertMessage::alert(
&mut stdout, &mut std::io::stderr().lock(),
format!("timeframe num is invalid. timeframe.{}", err), format!("timeframe num is invalid. timeframe.{}", err),
) )
.ok(); .ok();

24
src/main.rs
View File

@@ -30,10 +30,8 @@ fn main() {
let analysis_start_time: DateTime<Utc> = Utc::now(); let analysis_start_time: DateTime<Utc> = Utc::now();
if let Some(filepath) = configs::CONFIG.read().unwrap().args.value_of("filepath") { if let Some(filepath) = configs::CONFIG.read().unwrap().args.value_of("filepath") {
if !filepath.ends_with(".evtx") { if !filepath.ends_with(".evtx") {
let stdout = std::io::stdout();
let mut stdout = stdout.lock();
AlertMessage::alert( AlertMessage::alert(
&mut stdout, &mut std::io::stderr().lock(),
"--filepath is only accepted evtx file.".to_owned(), "--filepath is only accepted evtx file.".to_owned(),
) )
.ok(); .ok();
@@ -43,9 +41,11 @@ fn main() {
} else if let Some(directory) = configs::CONFIG.read().unwrap().args.value_of("directory") { } else if let Some(directory) = configs::CONFIG.read().unwrap().args.value_of("directory") {
let evtx_files = collect_evtxfiles(&directory); let evtx_files = collect_evtxfiles(&directory);
if evtx_files.len() == 0 { if evtx_files.len() == 0 {
let stdout = std::io::stdout(); AlertMessage::alert(
let mut stdout = stdout.lock(); &mut std::io::stderr().lock(),
AlertMessage::alert(&mut stdout, "No exist evtx file.".to_owned()).ok(); "No exist evtx file.".to_owned(),
)
.ok();
return; return;
} }
analysis_files(evtx_files); analysis_files(evtx_files);
@@ -62,9 +62,9 @@ fn main() {
fn collect_evtxfiles(dirpath: &str) -> Vec<PathBuf> { fn collect_evtxfiles(dirpath: &str) -> Vec<PathBuf> {
let entries = fs::read_dir(dirpath); let entries = fs::read_dir(dirpath);
if entries.is_err() { if entries.is_err() {
let stdout = std::io::stdout(); let stderr = std::io::stderr();
let mut stdout = stdout.lock(); let mut stderr = stderr.lock();
AlertMessage::alert(&mut stdout, format!("{}", entries.unwrap_err())).ok(); AlertMessage::alert(&mut stderr, format!("{}", entries.unwrap_err())).ok();
return vec![]; return vec![];
} }
@@ -93,12 +93,10 @@ fn collect_evtxfiles(dirpath: &str) -> Vec<PathBuf> {
} }
fn print_credits() { fn print_credits() {
let stdout = std::io::stdout();
let mut stdout = stdout.lock();
match fs::read_to_string("./credits.txt") { match fs::read_to_string("./credits.txt") {
Ok(contents) => println!("{}", contents), Ok(contents) => println!("{}", contents),
Err(err) => { Err(err) => {
AlertMessage::alert(&mut stdout, format!("{}", err)).ok(); AlertMessage::alert(&mut std::io::stderr().lock(), format!("{}", err)).ok();
} }
} }
} }
@@ -153,7 +151,7 @@ fn analysis_file(
evtx_filepath, evtx_filepath,
record_result.unwrap_err() record_result.unwrap_err()
); );
AlertMessage::alert(&mut std::io::stdout().lock(), errmsg).ok(); AlertMessage::alert(&mut std::io::stderr().lock(), errmsg).ok();
continue; continue;
} }

6
src/yaml.rs
View File

@@ -34,8 +34,6 @@ impl ParseYaml {
} }
pub fn read_dir<P: AsRef<Path>>(&mut self, path: P, level: &str) -> io::Result<String> { pub fn read_dir<P: AsRef<Path>>(&mut self, path: P, level: &str) -> io::Result<String> {
let stdout = std::io::stdout();
let mut stdout = stdout.lock();
let mut entries = fs::read_dir(path)?; let mut entries = fs::read_dir(path)?;
let yaml_docs = entries.try_fold(vec![], |mut ret, entry| { let yaml_docs = entries.try_fold(vec![], |mut ret, entry| {
let entry = entry?; let entry = entry?;
@@ -59,7 +57,7 @@ impl ParseYaml {
let read_content = self.read_file(path); let read_content = self.read_file(path);
if read_content.is_err() { if read_content.is_err() {
AlertMessage::alert( AlertMessage::alert(
&mut stdout, &mut std::io::stderr().lock(),
format!( format!(
"fail to read file: {}\n{} ", "fail to read file: {}\n{} ",
entry.path().display(), entry.path().display(),
@@ -73,7 +71,7 @@ impl ParseYaml {
let yaml_contents = YamlLoader::load_from_str(&read_content.unwrap()); let yaml_contents = YamlLoader::load_from_str(&read_content.unwrap());
if yaml_contents.is_err() { if yaml_contents.is_err() {
AlertMessage::alert( AlertMessage::alert(
&mut stdout, &mut std::io::stderr().lock(),
format!( format!(
"fail to parse as yaml: {}\n{} ", "fail to parse as yaml: {}\n{} ",
entry.path().display(), entry.path().display(),