added Update option #391

2022-02-03 22:38:23 +09:00
parent 76a78845cb
commit 35a6a85cd0
2 changed files with 33 additions and 0 deletions
--- a/src/detections/configs.rs
+++ b/src/detections/configs.rs
@@ -60,6 +60,7 @@ fn build_app<'a>() -> ArgMatches<'a> {
    -v --verbose 'Output verbose information'
    -D --enable-deprecated-rules 'Enable sigma rules marked as deprecated'
    -n --enable-noisy-rules 'Enable rules marked as noisy'
+    -U --rule-update 'Clone latest hayabusa-rule'
    -m --min-level=[LEVEL] 'Minimum level for rules (default: informational)'
    --start-timeline=[STARTTIMELINE] 'Start time of the event to load from event file. Example: '2018/11/28 12:00:00 +09:00''
    --end-timeline=[ENDTIMELINE] 'End time of the event to load from event file. Example: '2018/11/28 12:00:00 +09:00''
--- a/src/main.rs
+++ b/src/main.rs
@@ -4,6 +4,7 @@ extern crate serde_derive;
 use chrono::Datelike;
 use chrono::{DateTime, Local};
 use evtx::{EvtxParser, ParserSettings};
+use git2::Repository;
 use hayabusa::detections::detection::{self, EvtxRecordInfo};
 use hayabusa::detections::print::AlertMessage;
 use hayabusa::detections::print::ERROR_LOG_PATH;
@@ -57,6 +58,15 @@ impl App {

    fn exec(&mut self) {
        let analysis_start_time: DateTime<Local> = Local::now();
+        if !configs::CONFIG
+            .read()
+            .unwrap()
+            .args
+            .is_present("update-rules")
+        {
+            self.update_rules();
+            return;
+        }
        if !configs::CONFIG.read().unwrap().args.is_present("quiet") {
            self.output_logo();
            println!("");
@@ -420,6 +430,28 @@ impl App {
            }
        }
    }
+
+    /// hayabusa-rulesをcloneで取得する関数
+    fn update_rules(&self) {
+        let url = "https://github.com/Yamato-Security/hayabusa-rules.git";
+        let _repo = match Repository::clone(url, "rules") {
+            Ok(repo) => {
+                println!("Finished clone hayabusa-rules repository.");
+                repo
+            }
+            Err(e) => {
+                AlertMessage::alert(
+                    &mut BufWriter::new(std::io::stderr().lock()),
+                    &format!(
+                        "Failed git clone to rules folder. Please renme rules folder name. {}",
+                        e
+                    ),
+                )
+                .ok();
+                return;
+            }
+        };
+    }
 }

 #[cfg(test)]