diff --git a/Cargo.lock b/Cargo.lock index 22da4f7d..8c96f701 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -8,17 +8,6 @@ version = "1.0.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "f26201604c87b1e01bd3d98f8d5d9a8fcbb815e8cedb41ffccbeb4bf593a35fe" -[[package]] -name = "ahash" -version = "0.7.6" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "fcb51a0695d8f838b1ee009b3fbf66bda078cd64590202a864a8f3e8c4315c47" -dependencies = [ - "getrandom 0.2.7", - "once_cell", - "version_check", -] - [[package]] name = "aho-corasick" version = "0.7.18" @@ -663,17 +652,6 @@ dependencies = [ "wasi 0.9.0+wasi-snapshot-preview1", ] -[[package]] -name = "getrandom" -version = "0.2.7" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4eb1a864a501629691edf6c15a593b7a51eebaa1e8468e9ddc623de7c9b58ec6" -dependencies = [ - "cfg-if", - "libc", - "wasi 0.11.0+wasi-snapshot-preview1", -] - [[package]] name = "git2" version = "0.14.4" @@ -700,9 +678,6 @@ name = "hashbrown" version = "0.12.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "8a9ee70c43aaf417c914396645a0fa852624801b24ebb7ae78fe8272889ac888" -dependencies = [ - "ahash", -] [[package]] name = "hayabusa" @@ -719,7 +694,6 @@ dependencies = [ "evtx", "flate2", "git2", - "hashbrown", "hex", "hhmmss", "hyper", @@ -1422,7 +1396,7 @@ version = "0.3.5" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "de0737333e7a9502c789a36d7c7fa6092a49895d4faa31ca5df163857ded2e9d" dependencies = [ - "getrandom 0.1.16", + "getrandom", "redox_syscall 0.1.57", "rust-argon2", ] diff --git a/Cargo.toml b/Cargo.toml index 9be76e07..f5908e42 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -26,7 +26,6 @@ num_cpus = "1.*" downcast-rs = "1.*" hhmmss = "*" pbr = "*" -hashbrown = "0.12.*" hex = "0.4.*" git2 = "0.*" termcolor = "*" diff --git a/src/afterfact.rs b/src/afterfact.rs index 9c36de16..030216b5 100644 --- a/src/afterfact.rs +++ b/src/afterfact.rs @@ -1,14 +1,15 @@ use crate::detections::configs; use crate::detections::configs::{CURRENT_EXE_PATH, TERM_SIZE}; -use crate::detections::message::{self}; -use crate::detections::message::{AlertMessage, IS_HIDE_RECORD_ID}; -use crate::detections::utils; +use crate::detections::message::{self, LEVEL_ABBR}; +use crate::detections::message::AlertMessage; +use crate::detections::utils::{self, format_time}; use crate::detections::utils::{get_writable_color, write_color_buffer}; +use crate::options::profile::PROFILES; use bytesize::ByteSize; use chrono::{DateTime, Local, TimeZone, Utc}; -use csv::QuoteStyle; -use hashbrown::HashMap; -use hashbrown::HashSet; +use csv::{QuoteStyle, Writer}; +use linked_hash_map::LinkedHashMap; +use std::collections::{HashMap, HashSet, BTreeMap}; use itertools::Itertools; use krapslog::{build_sparkline, build_time_markers}; use lazy_static::lazy_static; @@ -16,7 +17,7 @@ use serde::Serialize; use std::cmp::min; use std::error::Error; use std::fmt::Debug; -use std::fs; +use std::{fs, collections}; use std::fs::File; use std::io; use std::io::BufWriter; @@ -661,71 +662,23 @@ fn _get_timestamp(time: &DateTime) -> i64 { } } -/// return rfc time format string by option -fn format_rfc(time: &DateTime, date_only: bool) -> String -where - Tz::Offset: std::fmt::Display, -{ - let time_args = &configs::CONFIG.read().unwrap().args; - if time_args.rfc_2822 { - if date_only { - time.format("%a, %e %b %Y").to_string() - } else { - time.format("%a, %e %b %Y %H:%M:%S %:z").to_string() - } - } else if time_args.rfc_3339 { - if date_only { - time.format("%Y-%m-%d").to_string() - } else { - time.format("%Y-%m-%d %H:%M:%S%.6f%:z").to_string() - } - } else if time_args.us_time { - if date_only { - time.format("%m-%d-%Y").to_string() - } else { - time.format("%m-%d-%Y %I:%M:%S%.3f %p %:z").to_string() - } - } else if time_args.us_military_time { - if date_only { - time.format("%m-%d-%Y").to_string() - } else { - time.format("%m-%d-%Y %H:%M:%S%.3f %:z").to_string() - } - } else if time_args.european_time { - if date_only { - time.format("%d-%m-%Y").to_string() - } else { - time.format("%d-%m-%Y %H:%M:%S%.3f %:z").to_string() - } - } else if date_only { - time.format("%Y-%m-%d").to_string() - } else { - time.format("%Y-%m-%d %H:%M:%S%.3f %:z").to_string() - } -} - #[cfg(test)] mod tests { - use crate::afterfact::DisplayFormat; use crate::afterfact::_get_serialized_disp_output; use crate::afterfact::emit_csv; use crate::afterfact::format_time; use crate::detections::message; use crate::detections::message::DetectInfo; + use crate::options::profile::load_profile; use chrono::{Local, TimeZone, Utc}; - use hashbrown::HashMap; + use linked_hash_map::LinkedHashMap; + use std::collections::HashMap; use serde_json::Value; use std::fs::File; use std::fs::{read_to_string, remove_file}; use std::io; #[test] - fn test_emit_csv() { - //テストの並列処理によって読み込みの順序が担保できずstatic変数の内容が担保が取れない為、このテストはシーケンシャルで行う - test_emit_csv_output(); - test_emit_csv_output(); - } - fn test_emit_csv_output() { let mock_ch_filter = message::create_output_filter_config( "rules/config/channel_abbreviations.txt", diff --git a/src/detections/message.rs b/src/detections/message.rs index 3c6fb544..e8042c63 100644 --- a/src/detections/message.rs +++ b/src/detections/message.rs @@ -6,7 +6,8 @@ use crate::detections::utils::get_serde_number_to_string; use crate::detections::utils::write_color_buffer; use chrono::{DateTime, Local, TimeZone, Utc}; use dashmap::DashMap; -use hashbrown::HashMap; +use linked_hash_map::LinkedHashMap; +use std::collections::HashMap; use lazy_static::lazy_static; use regex::Regex; use serde_json::Value; @@ -324,7 +325,7 @@ impl AlertMessage { mod tests { use crate::detections::message::AlertMessage; use crate::detections::message::{parse_message, MESSAGES}; - use hashbrown::HashMap; + use std::collections::HashMap; use serde_json::Value; use super::{create_output_filter_config, get_default_details}; diff --git a/src/options/profile.rs b/src/options/profile.rs index 4e7bd115..466f5409 100644 --- a/src/options/profile.rs +++ b/src/options/profile.rs @@ -2,7 +2,7 @@ use crate::detections::configs::{self, CURRENT_EXE_PATH}; use crate::detections::message::AlertMessage; use crate::detections::utils::check_setting_path; use crate::yaml; -use hashbrown::HashMap; +use linked_hash_map::LinkedHashMap; use lazy_static::lazy_static; use std::fs::File; use std::io::{BufWriter, Write};