CSEC_PUBLIC/hayabusa
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

cargo fmt

Browse Source
This commit is contained in:
DustInDark
2022-06-19 22:54:57 +09:00
parent 9ce6580797
commit 4917b988a2
2 changed files with 60 additions and 27 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
src/detections/detection.rs
View File

@@ -6,7 +6,7 @@ use crate::detections::print::AlertMessage;
use crate::detections::print::DetectInfo;
use crate::detections::print::ERROR_LOG_STACK;
use crate::detections::print::MESSAGES;
use crate::detections::print::{CH_CONFIG, IS_HIDE_RECORD_ID, TAGS_CONFIG, DEFAULT_DETAILS};
use crate::detections::print::{CH_CONFIG, DEFAULT_DETAILS, IS_HIDE_RECORD_ID, TAGS_CONFIG};
use crate::detections::print::{
LOGONSUMMARY_FLAG, PIVOT_KEYWORD_LIST_FLAG, QUIET_ERRORS_FLAG, STATISTICS_FLAG,
};
@@ -236,8 +236,12 @@ impl Detection {
};
let ch_str = &get_serde_number_to_string(&record_info.record["Event"]["System"]["Channel"])
.unwrap_or_default();
let eid = get_serde_number_to_string(&record_info.record["Event"]["System"]["EventID"]).unwrap_or_else(|| "-".to_owned());
let default_output = DEFAULT_DETAILS.get(&format!("{}_{}",ch_str, &eid)).unwrap_or(&"-".to_string()).to_string();
let eid = get_serde_number_to_string(&record_info.record["Event"]["System"]["EventID"])
.unwrap_or_else(|| "-".to_owned());
let default_output = DEFAULT_DETAILS
.get(&format!("{}_{}", ch_str, &eid))
.unwrap_or(&"-".to_string())
.to_string();
let detect_info = DetectInfo {
filepath: record_info.evtx_filepath.to_string(),
rulepath: rule.rulepath.to_string(),
@@ -255,7 +259,10 @@ impl Detection {
};
MESSAGES.lock().unwrap().insert(
&record_info.record,
rule.yaml["details"].as_str().unwrap_or(&default_output).to_string(),
rule.yaml["details"]
.as_str()
.unwrap_or(&default_output)
.to_string(),
detect_info,
);
}

48
src/detections/print.rs
View File

@@ -228,35 +228,61 @@ impl Message {
/// detailsのdefault値をファイルから読み取る関数
pub fn get_default_details() -> HashMap<String, String> {
let read_result = utils::read_csv(&format!("{}/default_details.txt", configs::CONFIG.read().unwrap().args.config.as_path().display()));
let read_result = utils::read_csv(&format!(
"{}/default_details.txt",
configs::CONFIG
.read()
.unwrap()
.args
.config
.as_path()
.display()
));
match read_result {
Err(_e) => {
AlertMessage::alert(&_e).ok();
HashMap::new()
},
}
Ok(lines) => {
let mut ret:HashMap<String, String> = HashMap::new();
lines.into_iter().try_for_each(|line| -> Result<(), String> {
let mut ret: HashMap<String, String> = HashMap::new();
lines
.into_iter()
.try_for_each(|line| -> Result<(), String> {
let provider = match line.get(0) {
Some(_provider) => _provider.trim(),
_ => return Result::Err("Failed to read provider in default_details.txt.".to_string())
_ => {
return Result::Err(
"Failed to read provider in default_details.txt.".to_string(),
)
}
};
let eid = match line.get(1) {
Some(eid_str) => {
match eid_str.trim().parse::<i64>() {
Some(eid_str) => match eid_str.trim().parse::<i64>() {
Ok(_eid) => _eid,
_ => return Result::Err("Parse Error EventID in default_details.txt.".to_string())
_ => {
return Result::Err(
"Parse Error EventID in default_details.txt.".to_string(),
)
}
},
_ => return Result::Err("Failed to read EventID in default_details.txt.".to_string())
_ => {
return Result::Err(
"Failed to read EventID in default_details.txt.".to_string(),
)
}
};
let details = match line.get(2) {
Some(detail) => detail.trim(),
_ => return Result::Err("Failed to read details in default_details.txt.".to_string())
_ => {
return Result::Err(
"Failed to read details in default_details.txt.".to_string(),
)
}
};
ret.insert(format!("{}_{}", provider, eid), details.to_string());
Ok(())
}).ok();
})
.ok();
ret
}
}