From 69c41c48597a117efdd050e6c824273e3aa54d09 Mon Sep 17 00:00:00 2001
From: DustInDark <nextsasasa@gmail.com>
Date: Fri, 27 May 2022 11:11:44 +0900
Subject: [PATCH] 540 enhancement print total evtx file size (#545)

* added ByteSize crate  #540

* displayed total evtx file size #540

* updated CHANGELOG #540

* cargo fmt

* added blank like, updated cargo

Co-authored-by: Tanaka Zakku <71482215+YamatoSecurity@users.noreply.github.com>
---
 CHANGELOG-Japanese.md |  2 ++
 CHANGELOG.md          |  1 +
 Cargo.lock            | 48 ++++++++++++++++++++++++++++++-------------
 Cargo.toml            |  1 +
 src/main.rs           | 10 +++++++++
 5 files changed, 48 insertions(+), 14 deletions(-)

diff --git a/CHANGELOG-Japanese.md b/CHANGELOG-Japanese.md
index 0ca0672a..1ecc53ee 100644
--- a/CHANGELOG-Japanese.md
+++ b/CHANGELOG-Japanese.md
@@ -9,9 +9,11 @@
 
 **改善:**
 
+- ルールの`details`でeventkey_alias.txtやEvent.EventData内に存在しない情報を`n/a` (not available)と表記するようにした。(#528) (@hitenkoku)
 - ルールの`details`でeventkey_alias.txtやEvent.EventData内に存在しない情報を`n/a` (not available)と表記するようにした。 (#528) (@hitenkoku)
 - 読み込んだイベント数と検知しなかったイベント数を表示するようにした。 (#538) (@hitenkoku)
 - 新しいロゴ。 (@YamatoSecurity)
+- evtxファイルのファイルサイズの合計を出力するようにした。(#540) (@hitenkoku)
 
 **バグ修正:**
 
diff --git a/CHANGELOG.md b/CHANGELOG.md
index ecac0d7f..b12fdedf 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -12,6 +12,7 @@
 - In the `details` line in a rule, when a placeholder points to a field that does not exist or there is an incorrect alias mapping, it will be outputted as `n/a` (not available). (#528) (@hitenkoku)
 - Display total event and data reduction count. (How many and what percent of events were ignored.) (#538) (@hitenkoku)
 - New logo. (@YamatoSecurity)
+- Display total evtx file size. (#540) (@hitenkoku)
 
 **Bug Fixes:**
 
diff --git a/Cargo.lock b/Cargo.lock
index a4f403f6..c78aba8f 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -197,10 +197,16 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "c4872d67bab6358e59559027aa3b9157c53d9358c51423c17554809a8858e0f8"
 
 [[package]]
-name = "camino"
-version = "1.0.8"
+name = "bytesize"
+version = "1.1.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "07fd178c5af4d59e83498ef15cf3f154e1a6f9d091270cb86283c65ef44e9ef0"
+checksum = "6c58ec36aac5066d5ca17df51b3e70279f5670a72102f5752cb7e7c856adfc70"
+
+[[package]]
+name = "camino"
+version = "1.0.9"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "869119e97797867fd90f5e22af7d0bd274bd4635ebb9eb68c04f3f513ae6c412"
 dependencies = [
  "serde",
 ]
@@ -325,6 +331,19 @@ dependencies = [
  "winapi 0.3.9",
 ]
 
+[[package]]
+name = "console"
+version = "0.15.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "a28b32d32ca44b70c3e4acd7db1babf555fa026e385fb95f18028f88848b3c31"
+dependencies = [
+ "encode_unicode",
+ "libc",
+ "once_cell",
+ "terminal_size",
+ "winapi 0.3.9",
+]
+
 [[package]]
 name = "const_fn"
 version = "0.4.9"
@@ -520,7 +539,7 @@ version = "0.8.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "c9dd058f8b65922819fabb4a41e7d1964e56344042c26efbccd465202c23fa0c"
 dependencies = [
- "console",
+ "console 0.14.1",
  "lazy_static",
  "tempfile",
  "zeroize",
@@ -918,7 +937,8 @@ dependencies = [
 name = "hayabusa"
 version = "1.3.0-dev"
 dependencies = [
- "base64 0.10.1",
+ "base64 0.13.0",
+ "bytesize",
  "chrono",
  "clap 2.34.0",
  "csv",
@@ -1101,7 +1121,7 @@ version = "0.16.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "2d207dc617c7a380ab07ff572a6e52fa202a2a8f355860ac9c38e23f8196be1b"
 dependencies = [
- "console",
+ "console 0.15.0",
  "lazy_static",
  "number_prefix",
  "regex",
@@ -1498,9 +1518,9 @@ dependencies = [
 
 [[package]]
 name = "once_cell"
-version = "1.11.0"
+version = "1.12.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "7b10983b38c53aebdf33f542c6275b0f58a238129d00c4ae0e6fb59738d783ca"
+checksum = "7709cef83f0c1f58f666e746a08b21e0085f7440fa6a29cc194d68aac97a4225"
 
 [[package]]
 name = "openssl"
@@ -1559,9 +1579,9 @@ dependencies = [
 
 [[package]]
 name = "os_str_bytes"
-version = "6.0.1"
+version = "6.1.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "029d8d0b2f198229de29dca79676f2738ff952edf3fde542eb8bf94d8c21b435"
+checksum = "21326818e99cfe6ce1e524c2a805c189a99b5ae555a35d19f9a284b427d86afa"
 
 [[package]]
 name = "parking_lot"
@@ -1896,9 +1916,9 @@ dependencies = [
 
 [[package]]
 name = "regex"
-version = "1.5.5"
+version = "1.5.6"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "1a11647b6b25ff05a515cb92c365cec08801e83423a235b51e231e1808747286"
+checksum = "d83f127d94bdbcda4c8cc2e50f6f84f4b611f69c902699ca385a39c3a75f9ff1"
 dependencies = [
  "aho-corasick",
  "memchr",
@@ -1913,9 +1933,9 @@ checksum = "6c230d73fb8d8c1b9c0b3135c5142a8acee3a0558fb8db5cf1cb65f8d7862132"
 
 [[package]]
 name = "regex-syntax"
-version = "0.6.25"
+version = "0.6.26"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f497285884f3fcff424ffc933e56d7cbca511def0c9831a7f9b5f6153e3cc89b"
+checksum = "49b3de9ec5dc0a3417da371aab17d729997c15010e7fd24ff707773a33bddb64"
 
 [[package]]
 name = "remove_dir_all"
diff --git a/Cargo.toml b/Cargo.toml
index 6931b86b..65e99fb0 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -35,6 +35,7 @@ termcolor="*"
 prettytable-rs = "0.8"
 krapslog="*"
 terminal_size = "*"
+bytesize="1.1"
 
 [target.'cfg(windows)'.dependencies]
 is_elevated = "0.1.2"
diff --git a/src/main.rs b/src/main.rs
index e8ad5736..4d6e2db6 100644
--- a/src/main.rs
+++ b/src/main.rs
@@ -1,3 +1,4 @@
+extern crate bytesize;
 extern crate downcast_rs;
 extern crate serde;
 extern crate serde_derive;
@@ -5,6 +6,7 @@ extern crate serde_derive;
 #[cfg(target_os = "windows")]
 extern crate static_vcruntime;
 
+use bytesize::ByteSize;
 use chrono::{DateTime, Datelike, Local, TimeZone};
 use evtx::{EvtxParser, ParserSettings};
 use git2::Repository;
@@ -438,6 +440,14 @@ impl App {
             .to_uppercase();
         println!("Analyzing event files: {:?}", evtx_files.len());
 
+        let mut total_file_size = ByteSize::b(0);
+        for file_path in &evtx_files {
+            let meta = fs::metadata(file_path).ok();
+            total_file_size += ByteSize::b(meta.unwrap().len());
+        }
+        println!("Total file size: {}", total_file_size.to_string_as(false));
+        println!();
+
         let rule_files = detection::Detection::parse_rule_files(
             level,
             configs::CONFIG.read().unwrap().args.value_of("rules"),