Feature/#187 change allowlist regexes filenames (#189)

* add risk level filter arguments #45

* fix default level in help #45

* add test yaml files #45

* refactoring and fix level argument usage.

* cargo fmt --all

* add risk level filter arguments #45

* fix default level in help #45

* add test yaml files #45

* refactoring and fix level argument usage.

* cargo fmt --all

* update

* change filename

* fix regexe and allowlist filename in document #187

Co-authored-by: DustInDark <nextsasasa@gmail.com>

src/detections/rule/matchers.rs

@@ -519,8 +519,8 @@ mod tests {
                     - ホスト アプリケーション
                 ImagePath:
                     min_length: 1234321
-                    regexes: ./regexes.txt
-                    allowlist: ./allowlist.txt
+                    regexes: ./config/regex/regexes_suspicous_service.txt
+                    allowlist: ./config/regex/allowlist_legimate_serviceimage.txt
         falsepositives:
             - unknown
         level: medium
@@ -1081,7 +1081,7 @@ mod tests {
             selection:
                 EventID: 4103
                 Channel:
-                    - allowlist: allowlist.txt
+                    - allowlist: ./config/regex/allowlist_legimate_serviceimage.txt
         output: 'command=%CommandLine%'
         "#;
 
@@ -1113,7 +1113,7 @@ mod tests {
             selection:
                 EventID: 4103
                 Channel:
-                    - allowlist: allowlist.txt
+                    - allowlist: ./config/regex/allowlist_legimate_serviceimage.txt
         output: 'command=%CommandLine%'
         "#;
 
@@ -1145,7 +1145,7 @@ mod tests {
             selection:
                 EventID: 4103
                 Channel:
-                    - allowlist: allowlist.txt
+                    - allowlist: ./config/regex/allowlist_legimate_serviceimage.txt
         output: 'command=%CommandLine%'
         "#;
 

src/detections/utils.rs

@@ -153,7 +153,7 @@ mod tests {
 
     #[test]
     fn test_check_regex() {
-        let regexes = utils::read_txt("regexes.txt")
+        let regexes = utils::read_txt("./config/regex/regexes_suspicous_service.txt")
             .unwrap()
             .into_iter()
             .map(|regex_str| Regex::new(&regex_str).unwrap())
@@ -168,7 +168,7 @@ mod tests {
     #[test]
     fn test_check_allowlist() {
         let commandline = "\"C:\\Program Files\\Google\\Update\\GoogleUpdate.exe\"";
-        let allowlist = utils::read_txt("allowlist.txt")
+        let allowlist = utils::read_txt("./config/regex/allowlist_legimate_serviceimage.txt")
             .unwrap()
             .into_iter()
             .map(|allow_str| Regex::new(&allow_str).unwrap())