From 4e9d833fb0c2aac9ad1273accda251327b8014a1 Mon Sep 17 00:00:00 2001 From: DastInDark <2350416+hitenkoku@users.noreply.github.com> Date: Thu, 29 Sep 2022 01:33:18 +0900 Subject: [PATCH] cargo fmt --- src/main.rs | 7 ++-- src/timeline/metrics.rs | 18 ++++----- src/timeline/timelines.rs | 79 +++++++++++++++++++-------------------- 3 files changed, 51 insertions(+), 53 deletions(-) diff --git a/src/main.rs b/src/main.rs index c50d3fa9..fa78a0cd 100644 --- a/src/main.rs +++ b/src/main.rs @@ -662,13 +662,14 @@ impl App { println!("Checking target evtx FilePath: {:?}", &evtx_file); } let cnt_tmp: usize; - (detection, cnt_tmp, tl) = self.analysis_file(evtx_file, detection, time_filter, tl.clone()); + (detection, cnt_tmp, tl) = + self.analysis_file(evtx_file, detection, time_filter, tl.clone()); total_records += cnt_tmp; pb.inc(); } if *METRICS_FLAG { tl.tm_stats_dsp_msg(); - } + } if *LOGONSUMMARY_FLAG { tl.tm_logon_stats_dsp_msg(); } @@ -690,7 +691,7 @@ impl App { evtx_filepath: PathBuf, mut detection: detection::Detection, time_filter: &TargetEventTime, - mut tl: Timeline + mut tl: Timeline, ) -> (detection::Detection, usize, Timeline) { let path = evtx_filepath.display(); let parser = self.evtx_to_jsons(evtx_filepath.clone()); diff --git a/src/timeline/metrics.rs b/src/timeline/metrics.rs index d88c2f8e..1126e88f 100644 --- a/src/timeline/metrics.rs +++ b/src/timeline/metrics.rs @@ -71,7 +71,8 @@ impl EventMetrics { "Event.System.TimeCreated_attributes.SystemTime", &record.record, ) - .map(|evt_value| evt_value.to_string()) { + .map(|evt_value| evt_value.to_string()) + { if self.start_time.is_empty() || evttime < self.start_time { self.start_time = evttime.to_string(); } @@ -93,30 +94,27 @@ impl EventMetrics { "-".to_string() }; if let Some(idnum) = utils::get_event_value("EventID", &record.record) { - let count: &mut usize = self.stats_list.entry((idnum.to_string(), channel)).or_insert(0); + let count: &mut usize = self + .stats_list + .entry((idnum.to_string(), channel)) + .or_insert(0); *count += 1; }; - } } // Login event fn stats_login_eventid(&mut self, records: &[EvtxRecordInfo]) { for record in records.iter() { if let Some(evtid) = utils::get_event_value("EventID", &record.record) { - let idnum: i64 = if evtid.is_number() { evtid.as_i64().unwrap() } else { - evtid - .as_str() - .unwrap() - .parse::() - .unwrap_or_default() + evtid.as_str().unwrap().parse::().unwrap_or_default() }; if !(idnum == 4624 || idnum == 4625) { continue; } - + let username = utils::get_event_value("TargetUserName", &record.record); let countlist: [usize; 2] = [0, 0]; if idnum == 4624 { diff --git a/src/timeline/timelines.rs b/src/timeline/timelines.rs index 75430c09..86ac113f 100644 --- a/src/timeline/timelines.rs +++ b/src/timeline/timelines.rs @@ -1,13 +1,13 @@ -use std::io::BufWriter; use std::fs::File; +use std::io::BufWriter; -use csv::WriterBuilder; -use downcast_rs::__std::process; -use crate::detections::message::{LOGONSUMMARY_FLAG, METRICS_FLAG, CH_CONFIG, AlertMessage}; +use crate::detections::message::{AlertMessage, CH_CONFIG, LOGONSUMMARY_FLAG, METRICS_FLAG}; use crate::detections::{configs::CONFIG, detection::EvtxRecordInfo}; -use comfy_table::*; use comfy_table::modifiers::UTF8_ROUND_CORNERS; use comfy_table::presets::UTF8_FULL; +use comfy_table::*; +use csv::WriterBuilder; +use downcast_rs::__std::process; use super::metrics::EventMetrics; use hashbrown::HashMap; @@ -57,34 +57,34 @@ impl Timeline { } else { sammsges.push(total_event_record); } - + let header = vec!["Count", "Percent", "Channel", "ID", "Event"]; let target; - let mut wtr= - if let Some(csv_path) = &CONFIG.read().unwrap().args.output { + let mut wtr = if let Some(csv_path) = &CONFIG.read().unwrap().args.output { // output to file match File::create(csv_path) { Ok(file) => { target = Box::new(BufWriter::new(file)); Some(WriterBuilder::new().from_writer(target)) - }, + } Err(err) => { - AlertMessage::alert(&format!("Failed to open file. {}", err)).ok(); + AlertMessage::alert(&format!("Failed to open file. {}", err)).ok(); process::exit(1); } } - } else { - None + } else { + None }; if let Some(ref mut w) = wtr { w.write_record(&header).ok(); } let mut stats_tb = Table::new(); - stats_tb.load_preset(UTF8_FULL).apply_modifier(UTF8_ROUND_CORNERS); + stats_tb + .load_preset(UTF8_FULL) + .apply_modifier(UTF8_ROUND_CORNERS); stats_tb.set_header(header); - // 集計件数でソート let mut mapsorted: Vec<_> = self.stats.stats_list.iter().collect(); mapsorted.sort_by(|x, y| y.1.cmp(x.1)); @@ -96,11 +96,10 @@ impl Timeline { println!("{}", msgprint); } if CONFIG.read().unwrap().args.output.is_some() { - for msg in stats_msges.iter(){ + for msg in stats_msges.iter() { if let Some(ref mut w) = wtr { w.write_record(msg).ok(); } - } } stats_tb.add_rows(stats_msges); @@ -130,7 +129,10 @@ impl Timeline { } // イベントID毎の出力メッセージ生成 - fn tm_stats_set_msg(&self, mapsorted: Vec<(&(std::string::String, std::string::String), &usize)>) -> Vec> { + fn tm_stats_set_msg( + &self, + mapsorted: Vec<(&(std::string::String, std::string::String), &usize)>, + ) -> Vec> { let mut msges: Vec> = Vec::new(); for ((event_id, channel), event_cnt) in mapsorted.iter() { @@ -147,10 +149,13 @@ impl Timeline { // event_id_info.txtに登録あるものは情報設定 // 出力メッセージ1行作成 let fmted_channel = channel.replace('\"', ""); - let ch = CH_CONFIG.get(fmted_channel.to_lowercase().as_str()).unwrap_or(&fmted_channel).to_string(); + let ch = CH_CONFIG + .get(fmted_channel.to_lowercase().as_str()) + .unwrap_or(&fmted_channel) + .to_string(); if conf { - msges.push(vec! - [event_cnt.to_string(), + msges.push(vec![ + event_cnt.to_string(), format!("{:.1}%", (rate * 1000.0).round() / 10.0), ch, event_id.to_string(), @@ -160,12 +165,11 @@ impl Timeline { .event_timeline_config .get_event_id(event_id) .unwrap() - .evttitle.to_string(), - ] - ); + .evttitle + .to_string(), + ]); } else { - msges.push( - vec![ + msges.push(vec![ event_cnt.to_string(), format!("{:.1}%", (rate * 1000.0).round() / 10.0), ch, @@ -188,32 +192,32 @@ impl Timeline { for msgprint in loginmsges.iter() { println!("{}", msgprint); } - } else { - + } else { let header = vec!["User", "Failed", "Successful"]; let target; - let mut wtr= - if let Some(csv_path) = &CONFIG.read().unwrap().args.output { + let mut wtr = if let Some(csv_path) = &CONFIG.read().unwrap().args.output { // output to file match File::create(csv_path) { Ok(file) => { target = Box::new(BufWriter::new(file)); Some(WriterBuilder::new().from_writer(target)) - }, + } Err(err) => { AlertMessage::alert(&format!("Failed to open file. {}", err)).ok(); process::exit(1); } } - } else { - None + } else { + None }; if let Some(ref mut w) = wtr { w.write_record(&header).ok(); } let mut logins_stats_tb = Table::new(); - logins_stats_tb.load_preset(UTF8_FULL).apply_modifier(UTF8_ROUND_CORNERS); + logins_stats_tb + .load_preset(UTF8_FULL) + .apply_modifier(UTF8_ROUND_CORNERS); logins_stats_tb.set_header(&header); // 集計件数でソート let mut mapsorted: Vec<_> = self.stats.stats_login_list.iter().collect(); @@ -223,16 +227,11 @@ impl Timeline { let mut username: String = key.to_string(); username.pop(); username.remove(0); - let record_data = vec![ - username, - values[1].to_string(), - values[0].to_string(), - ]; + let record_data = vec![username, values[1].to_string(), values[0].to_string()]; if let Some(ref mut w) = wtr { w.write_record(&record_data).ok(); - } + } logins_stats_tb.add_row(record_data); - } println!("{logins_stats_tb}"); println!();