mv: full-data option check #606

src/detections/detection.rs

@@ -248,6 +248,12 @@ impl Detection {
                 Some(str) => str.to_owned(),
                 None => recinfo.as_ref().unwrap_or(&"-".to_string()).to_string(),
         };
+        let opt_record_info = if configs::CONFIG.read().unwrap().args.full_data {
+            recinfo
+        } else {
+            None
+        };
+
         let detect_info = DetectInfo {
             filepath: record_info.evtx_filepath.to_string(),
             rulepath: rule.rulepath.to_string(),
@@ -260,7 +266,7 @@ impl Detection {
             alert: rule.yaml["title"].as_str().unwrap_or("").to_string(),
             detail: String::default(),
             tag_info: tag_info.join(" | "),
-            record_information: recinfo,
+            record_information: opt_record_info,
             record_id: rec_id,
         };
         MESSAGES.lock().unwrap().insert(

src/detections/utils.rs

@@ -235,11 +235,8 @@ pub fn create_rec_info(data: Value, path: String, keys: &[String]) -> EvtxRecord
 
     // EvtxRecordInfoを作る
     let data_str = data.to_string();
-    let rec_info = if configs::CONFIG.read().unwrap().args.full_data {
+    let rec_info = Option::Some(create_recordinfos(&data));
-        Option::Some(create_recordinfos(&data))
+    
-    } else {
-        Option::None
-    };
     EvtxRecordInfo {
         evtx_filepath: path,
         record: data,