CSEC_PUBLIC/hayabusa
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

pass test

Browse Source
This commit is contained in:
kazuminn
2021-12-02 00:33:19 +09:00
parent 341a5e4f86
commit 838a935d34
3 changed files with 23 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
src/detections/detection.rs
View File

@@ -266,6 +266,9 @@ impl Detection {
fn test_parse_rule_files() { fn test_parse_rule_files() {
let level = "INFO"; let level = "INFO";
let opt_rule_path = Some("./test_files/rules/level_yaml"); let opt_rule_path = Some("./test_files/rules/level_yaml");
let cole = Detection::parse_rule_files(level.to_owned(), opt_rule_path); let fill_ids = RuleFill {
no_use_rule: HashMap::from([("".to_string(), true)]),
};
let cole = Detection::parse_rule_files(level.to_owned(), opt_rule_path, fill_ids);
assert_eq!(5, cole.len()); assert_eq!(5, cole.len());
} }

2
src/main.rs
View File

@@ -134,7 +134,7 @@ fn analysis_files(evtx_files: Vec<PathBuf>) {
} }
let mut fill_ids = fillter::RuleFill { let mut fill_ids = fillter::RuleFill {
no_use_rule: HashMap::new(), no_use_rule: HashMap::from([("".to_string(), true)]),
}; };
for v in ids.split_whitespace().next() { for v in ids.split_whitespace().next() {

34
src/yaml.rs
View File

@@ -140,7 +140,7 @@ impl ParseYaml {
//除外されたルールは無視する //除外されたルールは無視する
match fill_ids match fill_ids
.no_use_rule .no_use_rule
.get(&yaml_doc["id"].as_str().unwrap().to_string()) .get(&yaml_doc["id"].as_str().unwrap_or("").to_string())
{ {
Some(_) => (), Some(_) => (),
None => { None => {
@@ -161,16 +161,18 @@ impl ParseYaml {
mod tests { mod tests {
use crate::yaml; use crate::yaml;
use crate::yaml::RuleFill;
use std::collections::HashMap;
use std::path::Path; use std::path::Path;
use yaml_rust::YamlLoader; use yaml_rust::YamlLoader;
#[test] #[test]
fn test_read_dir_yaml() { fn test_read_dir_yaml() {
let mut yaml = yaml::ParseYaml::new(); let mut yaml = yaml::ParseYaml::new();
let mut fill_ids = fillter::RuleFill { let fill_ids = RuleFill {
no_use_rule: HashMap::new(), no_use_rule: HashMap::from([("".to_string(), true)]),
}; };
&yaml.read_dir( let _ = &yaml.read_dir(
"test_files/rules/yaml/".to_string(), "test_files/rules/yaml/".to_string(),
&"".to_owned(), &"".to_owned(),
fill_ids, fill_ids,
@@ -209,8 +211,8 @@ mod tests {
fn test_default_level_read_yaml() { fn test_default_level_read_yaml() {
let mut yaml = yaml::ParseYaml::new(); let mut yaml = yaml::ParseYaml::new();
let path = Path::new("test_files/rules/level_yaml"); let path = Path::new("test_files/rules/level_yaml");
let mut fill_ids = RuleFill { let fill_ids = RuleFill {
no_use_rule: HashMap::new(), no_use_rule: HashMap::from([("".to_string(), true)]),
}; };
yaml.read_dir(path.to_path_buf(), &"", fill_ids).unwrap(); yaml.read_dir(path.to_path_buf(), &"", fill_ids).unwrap();
assert_eq!(yaml.files.len(), 4); assert_eq!(yaml.files.len(), 4);
@@ -220,8 +222,8 @@ mod tests {
fn test_info_level_read_yaml() { fn test_info_level_read_yaml() {
let mut yaml = yaml::ParseYaml::new(); let mut yaml = yaml::ParseYaml::new();
let path = Path::new("test_files/rules/level_yaml"); let path = Path::new("test_files/rules/level_yaml");
let mut fill_ids = RuleFill { let fill_ids = RuleFill {
no_use_rule: HashMap::new(), no_use_rule: HashMap::from([("".to_string(), true)]),
}; };
yaml.read_dir(path.to_path_buf(), &"INFO", fill_ids) yaml.read_dir(path.to_path_buf(), &"INFO", fill_ids)
.unwrap(); .unwrap();
@@ -231,8 +233,8 @@ mod tests {
fn test_low_level_read_yaml() { fn test_low_level_read_yaml() {
let mut yaml = yaml::ParseYaml::new(); let mut yaml = yaml::ParseYaml::new();
let path = Path::new("test_files/rules/level_yaml"); let path = Path::new("test_files/rules/level_yaml");
let mut fill_ids = RuleFill { let fill_ids = RuleFill {
no_use_rule: HashMap::new(), no_use_rule: HashMap::from([("".to_string(), true)]),
}; };
yaml.read_dir(path.to_path_buf(), &"LOW", fill_ids).unwrap(); yaml.read_dir(path.to_path_buf(), &"LOW", fill_ids).unwrap();
assert_eq!(yaml.files.len(), 4); assert_eq!(yaml.files.len(), 4);
@@ -241,8 +243,8 @@ mod tests {
fn test_medium_level_read_yaml() { fn test_medium_level_read_yaml() {
let mut yaml = yaml::ParseYaml::new(); let mut yaml = yaml::ParseYaml::new();
let path = Path::new("test_files/rules/level_yaml"); let path = Path::new("test_files/rules/level_yaml");
let mut fill_ids = RuleFill { let fill_ids = RuleFill {
no_use_rule: HashMap::new(), no_use_rule: HashMap::from([("".to_string(), true)]),
}; };
yaml.read_dir(path.to_path_buf(), &"MEDIUM", fill_ids) yaml.read_dir(path.to_path_buf(), &"MEDIUM", fill_ids)
.unwrap(); .unwrap();
@@ -252,8 +254,8 @@ mod tests {
fn test_high_level_read_yaml() { fn test_high_level_read_yaml() {
let mut yaml = yaml::ParseYaml::new(); let mut yaml = yaml::ParseYaml::new();
let path = Path::new("test_files/rules/level_yaml"); let path = Path::new("test_files/rules/level_yaml");
let mut fill_ids = RuleFill { let fill_ids = RuleFill {
no_use_rule: HashMap::new(), no_use_rule: HashMap::from([("".to_string(), true)]),
}; };
yaml.read_dir(path.to_path_buf(), &"HIGH", fill_ids) yaml.read_dir(path.to_path_buf(), &"HIGH", fill_ids)
.unwrap(); .unwrap();
@@ -263,8 +265,8 @@ mod tests {
fn test_critical_level_read_yaml() { fn test_critical_level_read_yaml() {
let mut yaml = yaml::ParseYaml::new(); let mut yaml = yaml::ParseYaml::new();
let path = Path::new("test_files/rules/level_yaml"); let path = Path::new("test_files/rules/level_yaml");
let mut fill_ids = RuleFill { let fill_ids = RuleFill {
no_use_rule: HashMap::new(), no_use_rule: HashMap::from([("".to_string(), true)]),
}; };
yaml.read_dir(path.to_path_buf(), &"CRITICAL", fill_ids) yaml.read_dir(path.to_path_buf(), &"CRITICAL", fill_ids)
.unwrap(); .unwrap();