refactor

2020-10-18 16:29:49 +09:00
parent 57515a38d8
commit 29b45652f6
4 changed files with 29 additions and 21 deletions
--- a/src/detections/application.rs
+++ b/src/detections/application.rs
@@ -17,12 +17,14 @@ impl Application {
        system: &event::System,
        event_data: HashMap<String, String>,
    ) {
-        if event_id == "2" {
+        self.emet(&event_id, system);
-            &self.emet(system);
+    }
-        }
+
    fn emet(&mut self, event_id: &String, system: &event::System) {
        if event_id != "2" {
            return;
        }
    fn emet(&mut self, system: &event::System) {
        match &system.provider.name {
            Some(name) => {
                if name != "EMET" {
--- a/src/detections/common.rs
+++ b/src/detections/common.rs
@@ -24,7 +24,7 @@ impl Common {
    }
    pub fn detection(&mut self, system: &event::System, event_data: &HashMap<String, String>) {
-        &self.check_record_id(system);
+        self.check_record_id(system);
    }
    //
--- a/src/detections/powershell.rs
+++ b/src/detections/powershell.rs
@@ -17,15 +17,14 @@ impl PowerShell {
        _system: &event::System,
        event_data: HashMap<String, String>,
    ) {
-        if event_id == "4103" {
+        self.execute_pipeline(&event_id, &event_data);
-            &self.execute_pipeline(&event_data);
+        self.execute_remote_command(&event_id, &event_data);
        } else if event_id == "4104" {
            &self.execute_remote_command(&event_data);
        }
    }
-    fn execute_pipeline(&mut self, event_data: &HashMap<String, String>) {
+    fn execute_pipeline(&mut self, event_id: &String, event_data: &HashMap<String, String>) {
-        // パイプライン実行をしています
+        if event_id != "4103" {
            return;
        }
        let default = String::from("");
        let commandline = event_data.get("ContextInfo").unwrap_or(&default);
@@ -45,8 +44,10 @@ impl PowerShell {
        }
    }
-    fn execute_remote_command(&mut self, event_data: &HashMap<String, String>) {
+    fn execute_remote_command(&mut self, event_id: &String, event_data: &HashMap<String, String>) {
-        // リモートコマンドを実行します
+        if event_id != "4104" {
            return;
        }
        let default = String::from("");
        let path = event_data.get("Path").unwrap().to_string();
        if path == "".to_string() {
--- a/src/detections/system.rs
+++ b/src/detections/system.rs
@@ -14,19 +14,24 @@ impl System {
        system: &event::System,
        event_data: HashMap<String, String>,
    ) {
-        if event_id == "104" {
+        self.system_log_clear(&event_id);
-            &self.system_log_clear();
+        self.windows_event_log(&event_id, event_data);
-        } else if event_id == "7040" {
+    }
-            &self.windows_event_log(event_data);
+
-        }
+    fn system_log_clear(&mut self, event_id: &String) {
        if event_id != "104" {
            return;
        }
    fn system_log_clear(&mut self) {
        println!("Message : System Log Clear");
        println!("Results : The System log was cleared.");
    }
-    fn windows_event_log(&mut self, event_data: HashMap<String, String>) {
+    fn windows_event_log(&mut self, event_id: &String, event_data: HashMap<String, String>) {
        if event_id != "7040" {
            return;
        }
        if let Some(_param1) = event_data.get("param1") {
            if _param1 == "Windows Event Log" {
                println!("Service name : {}", _param1);