Feature/risk level condition#45 (#186)

* add risk level filter arguments #45

* fix default level in help #45

* add test yaml files #45

* refactoring and fix level argument usage.

* cargo fmt --all

Co-authored-by: ichiichi11 <takai.wa.hajime@gmail.com>

src/detections/configs.rs

@@ -5,6 +5,15 @@ use std::collections::HashMap;
 use std::sync::RwLock;
 lazy_static! {
     pub static ref CONFIG: RwLock<ConfigReader> = RwLock::new(ConfigReader::new());
+    pub static ref LEVELMAP: HashMap<String, u8> = {
+        let mut levelmap = HashMap::new();
+        levelmap.insert("INFO".to_owned(), 1);
+        levelmap.insert("LOW".to_owned(), 2);
+        levelmap.insert("MEDIUM".to_owned(), 3);
+        levelmap.insert("HIGH".to_owned(), 4);
+        levelmap.insert("CRITICAL".to_owned(), 5);
+        return levelmap;
+    };
 }
 
 #[derive(Clone)]
@@ -42,6 +51,7 @@ fn build_app<'a>() -> ArgMatches<'a> {
     --csv-timeline=[CSV_TIMELINE] 'Csv output timeline'
     --rfc-2822 'Output date and time in RFC 2822 format. Example: Mon, 07 Aug 2006 12:34:56 -0600'
     -l --lang=[LANG] 'Output language'
+    -L --level=[LEVEL] 'Specified execute rule level(default: INFO)'
     -u --utc 'Output time in UTC format(default: local time)'
     -d --directory=[DIRECTORY] 'Event log files directory'
     -s --statistics 'Prints statistics for event logs'

src/detections/detection.rs

@@ -46,10 +46,10 @@ impl Detection {
     }
 
     // ルールファイルをパースします。
-    pub fn parse_rule_files() -> Vec<RuleNode> {
+    pub fn parse_rule_files(level: String) -> Vec<RuleNode> {
         // ルールファイルのパースを実行
         let mut rulefile_loader = ParseYaml::new();
-        let resutl_readdir = rulefile_loader.read_dir(DIRPATH_RULES);
+        let resutl_readdir = rulefile_loader.read_dir(DIRPATH_RULES, &level);
         if resutl_readdir.is_err() {
             let stdout = std::io::stdout();
             let mut stdout = stdout.lock();