changed way of getting arg due to clap derive

src/detections/configs.rs

@@ -293,10 +293,9 @@ impl Default for TargetEventTime {
 impl TargetEventTime {
     pub fn new() -> Self {
         let mut parse_success_flag = true;
-        let start_time =
-            if let Some(s_time) = CONFIG.read().unwrap().args.value_of("start-timeline") {
-                match DateTime::parse_from_str(s_time, "%Y-%m-%d %H:%M:%S %z") // 2014-11-28 21:00:09 +09:00
-                .or_else(|_| DateTime::parse_from_str(s_time, "%Y/%m/%d %H:%M:%S %z")) // 2014/11/28 21:00:09 +09:00
+        let start_time = if let Some(s_time) = &CONFIG.read().unwrap().args.start_timeline {
+            match DateTime::parse_from_str(&s_time, "%Y-%m-%d %H:%M:%S %z") // 2014-11-28 21:00:09 +09:00
+                .or_else(|_| DateTime::parse_from_str(&s_time, "%Y/%m/%d %H:%M:%S %z")) // 2014/11/28 21:00:09 +09:00
             {
                 Ok(dt) => Some(dt.with_timezone(&Utc)),
                 Err(_) => {
@@ -308,10 +307,10 @@ impl TargetEventTime {
                     None
                 }
             }
-            } else {
-                None
-            };
-        let end_time = if let Some(e_time) = CONFIG.read().unwrap().args.value_of("end-timeline") {
+        } else {
+            None
+        };
+        let end_time = if let Some(e_time) = &CONFIG.read().unwrap().args.end_timeline {
             match DateTime::parse_from_str(e_time, "%Y-%m-%d %H:%M:%S %z") // 2014-11-28 21:00:09 +09:00
             .or_else(|_| DateTime::parse_from_str(e_time, "%Y/%m/%d %H:%M:%S %z")) // 2014/11/28 21:00:09 +09:00
         {

src/detections/detection.rs

@@ -6,10 +6,10 @@ use crate::detections::print::AlertMessage;
 use crate::detections::print::DetectInfo;
 use crate::detections::print::ERROR_LOG_STACK;
 use crate::detections::print::MESSAGES;
-use crate::detections::print::PIVOT_KEYWORD_LIST_FLAG;
-use crate::detections::print::QUIET_ERRORS_FLAG;
-use crate::detections::print::STATISTICS_FLAG;
 use crate::detections::print::{CH_CONFIG, IS_HIDE_RECORD_ID, TAGS_CONFIG};
+use crate::detections::print::{
+    LOGONSUMMARY_FLAG, PIVOT_KEYWORD_LIST_FLAG, QUIET_ERRORS_FLAG, STATISTICS_FLAG,
+};
 use crate::detections::rule;
 use crate::detections::rule::AggResult;
 use crate::detections::rule::RuleNode;
@@ -20,11 +20,10 @@ use hashbrown;
 use hashbrown::HashMap;
 use serde_json::Value;
 use std::fmt::Write;
+use std::path::PathBuf;
 use std::sync::Arc;
 use tokio::{runtime::Runtime, spawn, task::JoinHandle};
 
-const DIRPATH_RULES: &str = "rules";
-
 // イベントファイルの1レコード分の情報を保持する構造体
 #[derive(Clone, Debug)]
 pub struct EvtxRecordInfo {
@@ -58,16 +57,15 @@ impl Detection {
     // ルールファイルをパースします。
     pub fn parse_rule_files(
         level: String,
-        rulespath: Option<&str>,
+        rulespath: &PathBuf,
         exclude_ids: &filter::RuleExclude,
     ) -> Vec<RuleNode> {
         // ルールファイルのパースを実行
         let mut rulefile_loader = ParseYaml::new();
-        let result_readdir =
-            rulefile_loader.read_dir(rulespath.unwrap_or(DIRPATH_RULES), &level, exclude_ids);
+        let result_readdir = rulefile_loader.read_dir(rulespath.as_path(), &level, exclude_ids);
         if result_readdir.is_err() {
             let errmsg = format!("{}", result_readdir.unwrap_err());
-            if configs::CONFIG.read().unwrap().args.is_present("verbose") {
+            if configs::CONFIG.read().unwrap().args.verbose {
                 AlertMessage::alert(&errmsg).ok();
             }
             if !*QUIET_ERRORS_FLAG {
@@ -89,7 +87,7 @@ impl Detection {
             err_msgs_result.err().iter().for_each(|err_msgs| {
                 let errmsg_body =
                     format!("Failed to parse rule file. (FilePath : {})", rule.rulepath);
-                if configs::CONFIG.read().unwrap().args.is_present("verbose") {
+                if configs::CONFIG.read().unwrap().args.verbose {
                     AlertMessage::warn(&errmsg_body).ok();
 
                     err_msgs.iter().for_each(|err_msg| {
@@ -120,12 +118,7 @@ impl Detection {
             .map(|rule_file_tuple| rule::create_rule(rule_file_tuple.0, rule_file_tuple.1))
             .filter_map(return_if_success)
             .collect();
-        if !configs::CONFIG
-            .read()
-            .unwrap()
-            .args
-            .is_present("logon-summary")
-        {
+        if !*LOGONSUMMARY_FLAG {
             let _ = &rulefile_loader
                 .rule_load_cnt
                 .insert(String::from("rule parsing error"), parseerror_count);
@@ -276,7 +269,7 @@ impl Detection {
             .map(|str| str.to_owned())
             .collect();
         let output = Detection::create_count_output(rule, &agg_result);
-        let rec_info = if configs::CONFIG.read().unwrap().args.is_present("full-data") {
+        let rec_info = if configs::CONFIG.read().unwrap().args.full_data {
             Option::Some(String::default())
         } else {
             Option::None

src/detections/print.rs

@@ -48,42 +48,23 @@ lazy_static! {
         "./logs/errorlog-{}.log",
         Local::now().format("%Y%m%d_%H%M%S")
     );
-    pub static ref QUIET_ERRORS_FLAG: bool = configs::CONFIG
-        .read()
-        .unwrap()
-        .args
-        .is_present("quiet-errors");
+    pub static ref QUIET_ERRORS_FLAG: bool = configs::CONFIG.read().unwrap().args.quiet_errors;
     pub static ref ERROR_LOG_STACK: Mutex<Vec<String>> = Mutex::new(Vec::new());
-    pub static ref STATISTICS_FLAG: bool = configs::CONFIG
-        .read()
-        .unwrap()
-        .args
-        .is_present("statistics");
-    pub static ref LOGONSUMMARY_FLAG: bool = configs::CONFIG
-        .read()
-        .unwrap()
-        .args
-        .is_present("logon-summary");
+    pub static ref STATISTICS_FLAG: bool = configs::CONFIG.read().unwrap().args.statistics;
+    pub static ref LOGONSUMMARY_FLAG: bool = configs::CONFIG.read().unwrap().args.logon_summary;
     pub static ref TAGS_CONFIG: HashMap<String, String> = Message::create_output_filter_config(
         "config/output_tag.txt",
         true,
-        configs::CONFIG.read().unwrap().args.is_present("all-tags")
+        configs::CONFIG.read().unwrap().args.all_tags
     );
     pub static ref CH_CONFIG: HashMap<String, String> = Message::create_output_filter_config(
         "config/channel_abbreviations.txt",
         false,
-        configs::CONFIG.read().unwrap().args.is_present("all-tags")
+        configs::CONFIG.read().unwrap().args.all_tags
     );
-    pub static ref PIVOT_KEYWORD_LIST_FLAG: bool = configs::CONFIG
-        .read()
-        .unwrap()
-        .args
-        .is_present("pivot-keywords-list");
-    pub static ref IS_HIDE_RECORD_ID: bool = configs::CONFIG
-        .read()
-        .unwrap()
-        .args
-        .is_present("hide-record-id");
+    pub static ref PIVOT_KEYWORD_LIST_FLAG: bool =
+        configs::CONFIG.read().unwrap().args.pivot_keywords_list;
+    pub static ref IS_HIDE_RECORD_ID: bool = configs::CONFIG.read().unwrap().args.hide_record_id;
 }
 
 impl Default for Message {

src/detections/rule/count.rs

@@ -86,7 +86,7 @@ fn get_alias_value_in_record(
           utils::get_event_value(&utils::get_event_id_key(), record).unwrap()
         ),
             };
-            if configs::CONFIG.read().unwrap().args.is_present("verbose") {
+            if configs::CONFIG.read().unwrap().args.verbose {
                 AlertMessage::alert(&errmsg).ok();
             }
             if !*QUIET_ERRORS_FLAG {
@@ -188,7 +188,7 @@ impl TimeFrameInfo {
             tnum.retain(|c| c != 'd');
         } else {
             let errmsg = format!("Timeframe is invalid. Input value:{}", value);
-            if configs::CONFIG.read().unwrap().args.is_present("verbose") {
+            if configs::CONFIG.read().unwrap().args.verbose {
                 AlertMessage::alert(&errmsg).ok();
             }
             if !*QUIET_ERRORS_FLAG {
@@ -224,7 +224,7 @@ pub fn get_sec_timeframe(rule: &RuleNode) -> Option<i64> {
         }
         Err(err) => {
             let errmsg = format!("Timeframe number is invalid. timeframe. {}", err);
-            if configs::CONFIG.read().unwrap().args.is_present("verbose") {
+            if configs::CONFIG.read().unwrap().args.verbose {
                 AlertMessage::alert(&errmsg).ok();
             }
             if !*QUIET_ERRORS_FLAG {

src/detections/utils.rs

@@ -185,13 +185,8 @@ pub fn get_event_value<'a>(key: &str, event_value: &'a Value) -> Option<&'a Valu
 }
 
 pub fn get_thread_num() -> usize {
-    let def_thread_num_str = num_cpus::get().to_string();
     let conf = configs::CONFIG.read().unwrap();
-    conf.args
-        .value_of("thread-number")
-        .unwrap_or(def_thread_num_str.as_str())
-        .parse::<usize>()
-        .unwrap()
+    conf.args.thread_number.unwrap_or(num_cpus::get())
 }
 
 pub fn create_tokio_runtime() -> Runtime {
@@ -228,7 +223,7 @@ pub fn create_rec_info(data: Value, path: String, keys: &[String]) -> EvtxRecord
 
     // EvtxRecordInfoを作る
     let data_str = data.to_string();
-    let rec_info = if configs::CONFIG.read().unwrap().args.is_present("full-data") {
+    let rec_info = if configs::CONFIG.read().unwrap().args.full_data {
         Option::Some(create_recordinfos(&data))
     } else {
         Option::None
@@ -279,7 +274,7 @@ fn create_recordinfos(record: &Value) -> String {
         .collect();
 
     // 標準出力する時はセルがハイプ区切りになるので、パイプ区切りにしない
-    if configs::CONFIG.read().unwrap().args.is_present("output") {
+    if configs::CONFIG.read().unwrap().args.output.is_some() {
         summary.join(" | ")
     } else {
         summary.join(" ")