Add: input function for start/end option

src/detections/configs.rs

@@ -52,6 +52,8 @@ fn build_app<'a>() -> ArgMatches<'a> {
     --rfc-2822 'Output date and time in RFC 2822 format. Example: Mon, 07 Aug 2006 12:34:56 -0600'
     --rfc-3339 'Output date and time in RFC 3339 format. Example: 2006-08-07T12:34:56.485214 -06:00'
     --verbose 'Output check information to target event file path and rule file.'
+    --start-time=[STARTTIME]
+    --end-time=[ENDTIME]
     -q 'Quiet Output Logo'
     -r --rules=[RULEDIRECTORY] 'using target of rule file directory'
     -L --level=[LEVEL] 'Specified execute rule level(default: LOW)'

src/main.rs

@@ -118,6 +118,44 @@ fn analysis_files(evtx_files: Vec<PathBuf>) {
         .value_of("level")
         .unwrap_or("INFO")
         .to_uppercase();
+
+    // TODO: config.rs に移す
+    // ./target/debug/hayabusa -f ./test_files/evtx/test1.evtx --start-time 2014-11-28T12:00:09Z
+    let start_time= if let Some(s_time) = configs::CONFIG
+        .read()
+        .unwrap()
+        .args
+        .value_of("start-time")
+    {
+        match s_time.parse::<DateTime<Utc>>() {
+            Ok(dt)=> Some(dt),
+            Err(err) => {
+                AlertMessage::alert(&mut std::io::stderr().lock(), format!("start-time field: {}", err)).ok();
+                None
+            }
+        }
+    } else {
+        None
+    };
+
+    let end_time= if let Some(e_time) = configs::CONFIG
+        .read()
+        .unwrap()
+        .args
+        .value_of("end-time")
+    {
+        match s_time.parse::<DateTime<Utc>>() {
+            Ok(dt)=> Some(dt),
+            Err(err) => {
+                AlertMessage::alert(&mut std::io::stderr().lock(), format!("start-time field: {}", err)).ok();
+                None
+            }
+        }
+    } else {
+        None
+    };
+
+    println!("TIME: {:?}", start_time);
     println!("Analyzing Event Files: {:?}", evtx_files.len());
     let rule_files = detection::Detection::parse_rule_files(
         level,