CSEC_PUBLIC/hayabusa
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

WIP: collect args to singleton

Browse Source
This commit is contained in:
itiB
2020-10-25 12:11:55 +09:00
parent 5b47ba397d
commit 8e84535e7b
3 changed files with 40 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

36
src/detections/configs.rs
View File

@@ -1,22 +1,49 @@
use std::fs::File; use std::fs::File;
use std::io::prelude::*; use std::io::prelude::*;
use std::sync::Once; use std::sync::Once;
use clap::ArgMatches;
#[derive(Clone)] #[derive(Clone)]
pub struct SingletonReader { pub struct SingletonReader {
pub regex: Vec<Vec<String>>, pub regex: Vec<Vec<String>>,
pub whitelist: Vec<Vec<String>>, pub whitelist: Vec<Vec<String>>,
pub args: Config<'static>,
} }
pub fn singleton() -> Box<SingletonReader> { #[derive(Debug, Clone)]
pub struct Config<'a> {
pub filepath: Option<&'a str>,
pub attackhunt: Option<&'a str>,
pub csv_timeline: Option<&'a str>,
pub human_readable_timeline: Option<&'a str>,
pub lang: Option<&'a str>,
pub timezone: Option<&'a str>,
}
impl<'a> Config<'a> {
fn new(args: ArgMatches<'a>) -> Self {
Config {
filepath: args.value_of("filepath"),
attackhunt: args.value_of("attackhunt"),
csv_timeline: args.value_of("csv-timeline"),
human_readable_timeline: args.value_of("human-readable-timeline"),
lang: args.value_of("lang"),
timezone: args.value_of("timezone"),
}
}
}
pub fn init_singleton(args: ArgMatches<'static>) -> Box<SingletonReader> {
static mut SINGLETON: Option<Box<SingletonReader>> = Option::None; static mut SINGLETON: Option<Box<SingletonReader>> = Option::None;
static ONCE: Once = Once::new(); static ONCE: Once = Once::new();
static CONFIG: Config = Config::new(args);
unsafe { unsafe {
ONCE.call_once(|| { ONCE.call_once(|| {
let singleton = SingletonReader { let singleton = SingletonReader {
regex: read_csv("regexes.txt"), regex: read_csv("regexes.txt"),
whitelist: read_csv("whitelist.txt"), whitelist: read_csv("whitelist.txt"),
args: CONFIG,
}; };
SINGLETON = Some(Box::new(singleton)); SINGLETON = Some(Box::new(singleton));
@@ -26,6 +53,13 @@ pub fn singleton() -> Box<SingletonReader> {
} }
} }
pub fn singleton() -> Box<SingletonReader> {
static mut SINGLETON: Option<Box<SingletonReader>> = Option::None;
unsafe {
return SINGLETON.clone().unwrap();
}
}
fn read_csv(filename: &str) -> Vec<Vec<String>> { fn read_csv(filename: &str) -> Vec<Vec<String>> {
let mut f = File::open(filename).expect("file not found!!!"); let mut f = File::open(filename).expect("file not found!!!");
let mut contents: String = String::new(); let mut contents: String = String::new();

2
src/detections/mod.rs
View File

@@ -1,7 +1,7 @@
mod application; mod application;
mod applocker; mod applocker;
mod common; mod common;
mod configs; pub mod configs;
pub mod detection; pub mod detection;
mod powershell; mod powershell;
mod print; mod print;

5
src/main.rs
View File

@@ -5,6 +5,7 @@ use clap::{App, AppSettings, Arg};
use evtx::EvtxParser; use evtx::EvtxParser;
use quick_xml::de::DeError; use quick_xml::de::DeError;
use std::{fs, path::PathBuf, process}; use std::{fs, path::PathBuf, process};
use yamato_event_analyzer::detections::configs;
use yamato_event_analyzer::detections::detection; use yamato_event_analyzer::detections::detection;
use yamato_event_analyzer::omikuji::Omikuji; use yamato_event_analyzer::omikuji::Omikuji;
use yamato_event_analyzer::toml; use yamato_event_analyzer::toml;
@@ -39,7 +40,9 @@ fn build_app() -> clap::App<'static, 'static> {
fn main() -> Result<(), DeError> { fn main() -> Result<(), DeError> {
let args = build_app().get_matches(); let args = build_app().get_matches();
let filepath: Option<&str> = args.value_of("filepath"); configs::init_singleton(&args);
let filepath: Option<&str> = configs::singleton().args.filepath;
if let Some(filepath) = filepath { if let Some(filepath) = filepath {
parse_file(filepath); parse_file(filepath);