cargo fmt
This commit is contained in:
itiB
@@ -1,7 +1,7 @@
|
|||||||
use crate::detections::print::AlertMessage;
|
use crate::detections::print::AlertMessage;
|
||||||
use crate::detections::utils;
|
use crate::detections::utils;
|
||||||
use chrono::{DateTime, Utc};
|
use chrono::{DateTime, Utc};
|
||||||
use clap::{App, Arg, AppSettings, ArgMatches};
|
use clap::{App, AppSettings, Arg, ArgMatches};
|
||||||
use hashbrown::HashMap;
|
use hashbrown::HashMap;
|
||||||
use hashbrown::HashSet;
|
use hashbrown::HashSet;
|
||||||
use lazy_static::lazy_static;
|
use lazy_static::lazy_static;
|
||||||
@@ -92,9 +92,10 @@ fn build_app<'a>() -> ArgMatches<'a> {
|
|||||||
.version("1.1.0")
|
.version("1.1.0")
|
||||||
.author("Yamato Security (https://github.com/Yamato-Security/hayabusa)")
|
.author("Yamato Security (https://github.com/Yamato-Security/hayabusa)")
|
||||||
.setting(AppSettings::VersionlessSubcommands)
|
.setting(AppSettings::VersionlessSubcommands)
|
||||||
.arg( // TODO: When update claps to 3.x, these can write in usage texts...
|
.arg(
|
||||||
|
// TODO: When update claps to 3.x, these can write in usage texts...
|
||||||
Arg::from_usage("--level-tuning=[RULE_LEVEL_FILE] 'Fix rule file's level'")
|
Arg::from_usage("--level-tuning=[RULE_LEVEL_FILE] 'Fix rule file's level'")
|
||||||
.default_value("./config/rule_level.txt")
|
.default_value("./config/rule_level.txt"),
|
||||||
)
|
)
|
||||||
.usage(usages)
|
.usage(usages)
|
||||||
.args_from_usage(usages)
|
.args_from_usage(usages)
|
||||||
|
|||||||
38
src/main.rs
38
src/main.rs
@@ -18,8 +18,7 @@ use hayabusa::filter;
|
|||||||
use hayabusa::omikuji::Omikuji;
|
use hayabusa::omikuji::Omikuji;
|
||||||
use hayabusa::yaml::ParseYaml;
|
use hayabusa::yaml::ParseYaml;
|
||||||
use hayabusa::{afterfact::after_fact, detections::utils};
|
use hayabusa::{afterfact::after_fact, detections::utils};
|
||||||
use hayabusa::{detections::configs, timeline::timeline::Timeline};
|
use hayabusa::{detections::configs, timeline::timelines::Timeline};
|
||||||
use hayabusa::yaml::ParseYaml;
|
|
||||||
use hhmmss::Hhmmss;
|
use hhmmss::Hhmmss;
|
||||||
use pbr::ProgressBar;
|
use pbr::ProgressBar;
|
||||||
use serde_json::Value;
|
use serde_json::Value;
|
||||||
@@ -109,9 +108,15 @@ impl App {
|
|||||||
if configs::CONFIG
|
if configs::CONFIG
|
||||||
.read()
|
.read()
|
||||||
.unwrap()
|
.unwrap()
|
||||||
.args.is_present("level-tuning")
|
.args
|
||||||
|
.is_present("level-tuning")
|
||||||
|
{
|
||||||
|
if let Some(level_tuning_path) = configs::CONFIG
|
||||||
|
.read()
|
||||||
|
.unwrap()
|
||||||
|
.args
|
||||||
|
.value_of("level-tuning")
|
||||||
{
|
{
|
||||||
if let Some(level_tuning_path) = configs::CONFIG.read().unwrap().args.value_of("level-tuning") {
|
|
||||||
if Path::new(level_tuning_path).exists() {
|
if Path::new(level_tuning_path).exists() {
|
||||||
let read_result = utils::read_csv(level_tuning_path);
|
let read_result = utils::read_csv(level_tuning_path);
|
||||||
if read_result.is_err() {
|
if read_result.is_err() {
|
||||||
@@ -135,18 +140,19 @@ impl App {
|
|||||||
tuning_map.insert(id.to_string(), level.to_string());
|
tuning_map.insert(id.to_string(), level.to_string());
|
||||||
});
|
});
|
||||||
let mut rulefile_loader = ParseYaml::new();
|
let mut rulefile_loader = ParseYaml::new();
|
||||||
let result_readdir =
|
let result_readdir = rulefile_loader.read_dir(
|
||||||
rulefile_loader.read_dir(
|
configs::CONFIG
|
||||||
configs::CONFIG.read().unwrap().args.value_of("rules").unwrap_or(&"rules"),
|
.read()
|
||||||
|
.unwrap()
|
||||||
|
.args
|
||||||
|
.value_of("rules")
|
||||||
|
.unwrap_or(&"rules"),
|
||||||
&"informational",
|
&"informational",
|
||||||
&filter::exclude_ids(),
|
&filter::exclude_ids(),
|
||||||
);
|
);
|
||||||
if result_readdir.is_err() {
|
if result_readdir.is_err() {
|
||||||
let errmsg = format!("{}", result_readdir.unwrap_err());
|
let errmsg = format!("{}", result_readdir.unwrap_err());
|
||||||
AlertMessage::warn(
|
AlertMessage::warn(&mut BufWriter::new(std::io::stderr().lock()), &errmsg)
|
||||||
&mut BufWriter::new(std::io::stderr().lock()),
|
|
||||||
&errmsg,
|
|
||||||
)
|
|
||||||
.ok();
|
.ok();
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
@@ -154,15 +160,17 @@ impl App {
|
|||||||
if let Some(new_level) = tuning_map.get(rule["id"].as_str().unwrap()) {
|
if let Some(new_level) = tuning_map.get(rule["id"].as_str().unwrap()) {
|
||||||
println!("{}", rule["id"].as_str().unwrap());
|
println!("{}", rule["id"].as_str().unwrap());
|
||||||
println!("path: {}", path);
|
println!("path: {}", path);
|
||||||
println!("level: {} -> {}", rule["level"].as_str().unwrap(), new_level);
|
println!(
|
||||||
|
"level: {} -> {}",
|
||||||
|
rule["level"].as_str().unwrap(),
|
||||||
|
new_level
|
||||||
|
);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
AlertMessage::alert(
|
AlertMessage::alert(
|
||||||
&mut BufWriter::new(std::io::stderr().lock()),
|
&mut BufWriter::new(std::io::stderr().lock()),
|
||||||
&format!(
|
&format!("Need rule_levels.txt file to use --level-tuning option"),
|
||||||
"Need rule_levels.txt file to use --level-tuning option"
|
|
||||||
),
|
|
||||||
)
|
)
|
||||||
.ok();
|
.ok();
|
||||||
return;
|
return;
|
||||||
|
|||||||
Reference in New Issue
Block a user