Update: Collect result message to print.rs-Message

Cargo.lock

@@ -139,14 +139,16 @@ checksum = "4785bdd1c96b2a846b2bd7cc02e86b6b3dbf14e7e53446c4f54c92a361040822"
 
 [[package]]
 name = "chrono"
-version = "0.4.15"
+version = "0.4.19"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "942f72db697d8767c22d46a598e01f2d3b475501ea43d0db4f16d90259182d0b"
+checksum = "670ad68c9088c2a963aaa298cb369688cf3f9465ce5e2d4ca10e6e0098a1ce73"
 dependencies = [
+ "libc",
  "num-integer",
  "num-traits",
  "serde",
  "time",
+ "winapi",
 ]
 
 [[package]]
@@ -1187,6 +1189,7 @@ name = "yamato_event_analyzer"
 version = "0.1.0"
 dependencies = [
  "base64",
+ "chrono",
  "clap",
  "csv",
  "evtx",

Cargo.toml

@@ -19,3 +19,4 @@ base64 = "*"
 flate2 = "1.0"
 toml = "0.5"
 lazy_static = "1.4.0"
+chrono = "0.4.19"

src/detections/powershell.rs

@@ -1,4 +1,3 @@
-use crate::detections::print::MESSAGES;
 use crate::detections::utils;
 use crate::models::event;
 use regex::Regex;
@@ -26,9 +25,6 @@ impl PowerShell {
             return;
         }
 
-        let message = MESSAGES.lock().unwrap();
-        println!("{}", message.get("4103"));
-
         let default = String::from("");
         let commandline = event_data.get("ContextInfo").unwrap_or(&default);
 
@@ -52,8 +48,6 @@ impl PowerShell {
         if event_id != "4104" {
             return;
         }
-        let message = MESSAGES.lock().unwrap();
-        println!("{}", message.get("4104"));
 
         let default = String::from("");
         let path = event_data.get("Path").unwrap().to_string();

src/detections/print.rs

@@ -1,14 +1,16 @@
+extern crate chrono;
 extern crate lazy_static;
 use crate::detections::configs::{singleton, Lang};
-use crate::models::rule::MessageText;
+use chrono::prelude::*;
+use chrono::{DateTime, Utc};
 use lazy_static::lazy_static;
-use std::collections::HashMap;
+use std::collections::BTreeMap;
 use std::fmt;
 use std::sync::Mutex;
 
 #[derive(Debug)]
 pub struct Message {
-    map: HashMap<String, MessageText>,
+    map: BTreeMap<DateTime<Utc>, Vec<String>>,
 }
 
 lazy_static! {
@@ -17,31 +19,33 @@ lazy_static! {
 
 impl Message {
     pub fn new() -> Self {
-        let mut messages: HashMap<String, MessageText> = HashMap::new();
+        let mut messages: BTreeMap<DateTime<Utc>, Vec<String>> = BTreeMap::new();
-        messages.insert(
-            "undefined".to_string(),
-            MessageText {
-                ja: "未設定".to_string(),
-                en: "Undefined".to_string(),
-            },
-        );
         Message { map: messages }
     }
 
     /// メッセージを設定
-    pub fn insert(&mut self, error_code: String, message: MessageText) {
+    pub fn insert(&mut self, time: DateTime<Utc>, message: String) {
-        self.map.insert(error_code, message);
+        match self.map.get_mut(&time) {
+            Some(v) => {
+                v.push(message.to_string());
+            }
+            None => {
+                let m = vec![message.to_string(); 1];
+                self.map.insert(time, m);
+            }
+        }
     }
 
     /// メッセージを返す
-    pub fn get(&self, message_num: &str) -> &MessageText {
+    pub fn get(&self, time: DateTime<Utc>) -> Vec<String> {
-        self.map
+        match self.map.get(&time) {
-            .get(message_num)
+            Some(v) => (&v).to_vec(),
-            .unwrap_or(self.map.get("undefined").unwrap())
+            None => Vec::new(),
+        }
     }
 
     /// MessageMaoのなかに入っているメッセージすべてを表示する
-    pub fn print(&self) {
+    pub fn debug(&self) {
         println!("{:?}", self.map);
     }
 }
@@ -69,18 +73,16 @@ pub fn get_lang() -> Lang {
 }
 
 #[test]
-fn test_create_and_read_message() {
+fn test_create_and_append_message() {
-    let mut error_message = Message::new();
+    let mut message = Message::new();
+    let poke = Utc.ymd(1996, 2, 27).and_hms(1, 5, 1);
+    let taka = Utc.ymd(2000, 1, 21).and_hms(9, 6, 1);
 
-    error_message.insert(
+    message.insert(poke, "TEST".to_string());
-        "4103".to_string(),
+    message.insert(poke, "TEST2".to_string());
-        MessageText {
+    message.insert(taka, "TEST3".to_string());
-            ja: "パイプライン実行をしています".to_string(),
-            en: "Execute pipeline".to_string(),
-        },
-    );
 
-    let display = format!("{}", format_args!("{}", error_message.get("4103")));
+    let display = format!("{}", format_args!("{:?}", message));
-
+    let expect = "Message { map: {1996-02-27T01:05:01Z: [\"TEST\", \"TEST2\"], 2000-01-21T09:06:01Z: [\"TEST3\"]} }";
-    assert_eq!(display, "Execute pipeline")
+    assert_eq!(display, expect);
 }