change from stdout to stderr. (#190)
This commit is contained in:
James
GitHub
@@ -25,9 +25,11 @@ pub struct CsvFormat<'a> {
|
||||
|
||||
pub fn after_fact() {
|
||||
let fn_emit_csv_err = |err: Box<dyn Error>| {
|
||||
let stdout = std::io::stdout();
|
||||
let mut stdout = stdout.lock();
|
||||
AlertMessage::alert(&mut stdout, format!("Failed to write CSV. {}", err)).ok();
|
||||
AlertMessage::alert(
|
||||
&mut std::io::stderr().lock(),
|
||||
format!("Failed to write CSV. {}", err),
|
||||
)
|
||||
.ok();
|
||||
process::exit(1);
|
||||
};
|
||||
|
||||
@@ -56,9 +58,11 @@ pub fn after_fact() {
|
||||
match File::create(csv_path) {
|
||||
Ok(file) => Box::new(file),
|
||||
Err(err) => {
|
||||
let stdout = std::io::stdout();
|
||||
let mut stdout = stdout.lock();
|
||||
AlertMessage::alert(&mut stdout, format!("Failed to open file. {}", err)).ok();
|
||||
AlertMessage::alert(
|
||||
&mut std::io::stderr().lock(),
|
||||
format!("Failed to open file. {}", err),
|
||||
)
|
||||
.ok();
|
||||
process::exit(1);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -51,9 +51,11 @@ impl Detection {
|
||||
let mut rulefile_loader = ParseYaml::new();
|
||||
let resutl_readdir = rulefile_loader.read_dir(DIRPATH_RULES, &level);
|
||||
if resutl_readdir.is_err() {
|
||||
let stdout = std::io::stdout();
|
||||
let mut stdout = stdout.lock();
|
||||
AlertMessage::alert(&mut stdout, format!("{}", resutl_readdir.unwrap_err())).ok();
|
||||
AlertMessage::alert(
|
||||
&mut std::io::stderr().lock(),
|
||||
format!("{}", resutl_readdir.unwrap_err()),
|
||||
)
|
||||
.ok();
|
||||
return vec![];
|
||||
}
|
||||
|
||||
@@ -65,14 +67,12 @@ impl Detection {
|
||||
|
||||
// ruleファイルのパースに失敗した場合はエラー出力
|
||||
err_msgs_result.err().iter().for_each(|err_msgs| {
|
||||
let stdout = std::io::stdout();
|
||||
let mut stdout = stdout.lock();
|
||||
let errmsg_body =
|
||||
format!("Failed to parse Rule file. (FilePath : {})", rule.rulepath);
|
||||
AlertMessage::alert(&mut stdout, errmsg_body).ok();
|
||||
AlertMessage::alert(&mut std::io::stderr().lock(), errmsg_body).ok();
|
||||
|
||||
err_msgs.iter().for_each(|err_msg| {
|
||||
AlertMessage::alert(&mut stdout, err_msg.to_string()).ok();
|
||||
AlertMessage::alert(&mut std::io::stderr().lock(), err_msg.to_string()).ok();
|
||||
});
|
||||
println!(""); // 一行開けるためのprintln
|
||||
});
|
||||
|
||||
@@ -69,10 +69,8 @@ pub fn create_count_key(rule: &RuleNode, record: &Value) -> String {
|
||||
key.push_str(&value.to_string().replace("\"", ""));
|
||||
}
|
||||
None => {
|
||||
let stdout = std::io::stdout();
|
||||
let mut stdout = stdout.lock();
|
||||
AlertMessage::alert(
|
||||
&mut stdout,
|
||||
&mut std::io::stderr().lock(),
|
||||
format!("field_value alias not found.value:{}", field_value),
|
||||
)
|
||||
.ok();
|
||||
@@ -87,10 +85,8 @@ pub fn create_count_key(rule: &RuleNode, record: &Value) -> String {
|
||||
key.push_str(&value.to_string().replace("\"", ""));
|
||||
}
|
||||
None => {
|
||||
let stdout = std::io::stdout();
|
||||
let mut stdout = stdout.lock();
|
||||
AlertMessage::alert(
|
||||
&mut stdout,
|
||||
&mut std::io::stderr().lock(),
|
||||
format!("by_field_value alias not found.value:{}", by_field_value),
|
||||
)
|
||||
.ok();
|
||||
@@ -177,10 +173,8 @@ impl TimeFrameInfo {
|
||||
ttype = "d".to_owned();
|
||||
tnum.retain(|c| c != 'd');
|
||||
} else {
|
||||
let stdout = std::io::stdout();
|
||||
let mut stdout = stdout.lock();
|
||||
AlertMessage::alert(
|
||||
&mut stdout,
|
||||
&mut std::io::stderr().lock(),
|
||||
format!("timeframe is invalid.input value:{}", value),
|
||||
)
|
||||
.ok();
|
||||
@@ -211,10 +205,8 @@ pub fn get_sec_timeframe(timeframe: &Option<TimeFrameInfo>) -> Option<i64> {
|
||||
}
|
||||
}
|
||||
Err(err) => {
|
||||
let stdout = std::io::stdout();
|
||||
let mut stdout = stdout.lock();
|
||||
AlertMessage::alert(
|
||||
&mut stdout,
|
||||
&mut std::io::stderr().lock(),
|
||||
format!("timeframe num is invalid. timeframe.{}", err),
|
||||
)
|
||||
.ok();
|
||||
|
||||
24
src/main.rs
24
src/main.rs
@@ -30,10 +30,8 @@ fn main() {
|
||||
let analysis_start_time: DateTime<Utc> = Utc::now();
|
||||
if let Some(filepath) = configs::CONFIG.read().unwrap().args.value_of("filepath") {
|
||||
if !filepath.ends_with(".evtx") {
|
||||
let stdout = std::io::stdout();
|
||||
let mut stdout = stdout.lock();
|
||||
AlertMessage::alert(
|
||||
&mut stdout,
|
||||
&mut std::io::stderr().lock(),
|
||||
"--filepath is only accepted evtx file.".to_owned(),
|
||||
)
|
||||
.ok();
|
||||
@@ -43,9 +41,11 @@ fn main() {
|
||||
} else if let Some(directory) = configs::CONFIG.read().unwrap().args.value_of("directory") {
|
||||
let evtx_files = collect_evtxfiles(&directory);
|
||||
if evtx_files.len() == 0 {
|
||||
let stdout = std::io::stdout();
|
||||
let mut stdout = stdout.lock();
|
||||
AlertMessage::alert(&mut stdout, "No exist evtx file.".to_owned()).ok();
|
||||
AlertMessage::alert(
|
||||
&mut std::io::stderr().lock(),
|
||||
"No exist evtx file.".to_owned(),
|
||||
)
|
||||
.ok();
|
||||
return;
|
||||
}
|
||||
analysis_files(evtx_files);
|
||||
@@ -62,9 +62,9 @@ fn main() {
|
||||
fn collect_evtxfiles(dirpath: &str) -> Vec<PathBuf> {
|
||||
let entries = fs::read_dir(dirpath);
|
||||
if entries.is_err() {
|
||||
let stdout = std::io::stdout();
|
||||
let mut stdout = stdout.lock();
|
||||
AlertMessage::alert(&mut stdout, format!("{}", entries.unwrap_err())).ok();
|
||||
let stderr = std::io::stderr();
|
||||
let mut stderr = stderr.lock();
|
||||
AlertMessage::alert(&mut stderr, format!("{}", entries.unwrap_err())).ok();
|
||||
return vec![];
|
||||
}
|
||||
|
||||
@@ -93,12 +93,10 @@ fn collect_evtxfiles(dirpath: &str) -> Vec<PathBuf> {
|
||||
}
|
||||
|
||||
fn print_credits() {
|
||||
let stdout = std::io::stdout();
|
||||
let mut stdout = stdout.lock();
|
||||
match fs::read_to_string("./credits.txt") {
|
||||
Ok(contents) => println!("{}", contents),
|
||||
Err(err) => {
|
||||
AlertMessage::alert(&mut stdout, format!("{}", err)).ok();
|
||||
AlertMessage::alert(&mut std::io::stderr().lock(), format!("{}", err)).ok();
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -153,7 +151,7 @@ fn analysis_file(
|
||||
evtx_filepath,
|
||||
record_result.unwrap_err()
|
||||
);
|
||||
AlertMessage::alert(&mut std::io::stdout().lock(), errmsg).ok();
|
||||
AlertMessage::alert(&mut std::io::stderr().lock(), errmsg).ok();
|
||||
continue;
|
||||
}
|
||||
|
||||
|
||||
@@ -34,8 +34,6 @@ impl ParseYaml {
|
||||
}
|
||||
|
||||
pub fn read_dir<P: AsRef<Path>>(&mut self, path: P, level: &str) -> io::Result<String> {
|
||||
let stdout = std::io::stdout();
|
||||
let mut stdout = stdout.lock();
|
||||
let mut entries = fs::read_dir(path)?;
|
||||
let yaml_docs = entries.try_fold(vec![], |mut ret, entry| {
|
||||
let entry = entry?;
|
||||
@@ -59,7 +57,7 @@ impl ParseYaml {
|
||||
let read_content = self.read_file(path);
|
||||
if read_content.is_err() {
|
||||
AlertMessage::alert(
|
||||
&mut stdout,
|
||||
&mut std::io::stderr().lock(),
|
||||
format!(
|
||||
"fail to read file: {}\n{} ",
|
||||
entry.path().display(),
|
||||
@@ -73,7 +71,7 @@ impl ParseYaml {
|
||||
let yaml_contents = YamlLoader::load_from_str(&read_content.unwrap());
|
||||
if yaml_contents.is_err() {
|
||||
AlertMessage::alert(
|
||||
&mut stdout,
|
||||
&mut std::io::stderr().lock(),
|
||||
format!(
|
||||
"fail to parse as yaml: {}\n{} ",
|
||||
entry.path().display(),
|
||||
|
||||
Reference in New Issue
Block a user