Update: Collect result message to print.rs-Message

2020-11-05 04:18:44 +09:00
parent 0f6d53582e
commit b42ab6a0d5
4 changed files with 38 additions and 38 deletions
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -139,14 +139,16 @@ checksum = "4785bdd1c96b2a846b2bd7cc02e86b6b3dbf14e7e53446c4f54c92a361040822"

 [[package]]
 name = "chrono"
-version = "0.4.15"
+version = "0.4.19"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "942f72db697d8767c22d46a598e01f2d3b475501ea43d0db4f16d90259182d0b"
+checksum = "670ad68c9088c2a963aaa298cb369688cf3f9465ce5e2d4ca10e6e0098a1ce73"
 dependencies = [
+ "libc",
 "num-integer",
 "num-traits",
 "serde",
 "time",
+ "winapi",
 ]

 [[package]]
@@ -1187,6 +1189,7 @@ name = "yamato_event_analyzer"
 version = "0.1.0"
 dependencies = [
 "base64",
+ "chrono",
 "clap",
 "csv",
 "evtx",
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -19,3 +19,4 @@ base64 = "*"
 flate2 = "1.0"
 toml = "0.5"
 lazy_static = "1.4.0"
+chrono = "0.4.19"
--- a/src/detections/powershell.rs
+++ b/src/detections/powershell.rs
@@ -1,4 +1,3 @@
-use crate::detections::print::MESSAGES;
 use crate::detections::utils;
 use crate::models::event;
 use regex::Regex;
@@ -26,9 +25,6 @@ impl PowerShell {
            return;
        }

-        let message = MESSAGES.lock().unwrap();
-        println!("{}", message.get("4103"));
-
        let default = String::from("");
        let commandline = event_data.get("ContextInfo").unwrap_or(&default);

@@ -52,8 +48,6 @@ impl PowerShell {
        if event_id != "4104" {
            return;
        }
-        let message = MESSAGES.lock().unwrap();
-        println!("{}", message.get("4104"));

        let default = String::from("");
        let path = event_data.get("Path").unwrap().to_string();
--- a/src/detections/print.rs
+++ b/src/detections/print.rs
@@ -1,14 +1,16 @@
+extern crate chrono;
 extern crate lazy_static;
 use crate::detections::configs::{singleton, Lang};
-use crate::models::rule::MessageText;
+use chrono::prelude::*;
+use chrono::{DateTime, Utc};
 use lazy_static::lazy_static;
-use std::collections::HashMap;
+use std::collections::BTreeMap;
 use std::fmt;
 use std::sync::Mutex;

 #[derive(Debug)]
 pub struct Message {
-    map: HashMap<String, MessageText>,
+    map: BTreeMap<DateTime<Utc>, Vec<String>>,
 }

 lazy_static! {
@@ -17,31 +19,33 @@ lazy_static! {

 impl Message {
    pub fn new() -> Self {
-        let mut messages: HashMap<String, MessageText> = HashMap::new();
-        messages.insert(
-            "undefined".to_string(),
-            MessageText {
-                ja: "未設定".to_string(),
-                en: "Undefined".to_string(),
-            },
-        );
+        let mut messages: BTreeMap<DateTime<Utc>, Vec<String>> = BTreeMap::new();
        Message { map: messages }
    }

    /// メッセージを設定
-    pub fn insert(&mut self, error_code: String, message: MessageText) {
-        self.map.insert(error_code, message);
+    pub fn insert(&mut self, time: DateTime<Utc>, message: String) {
+        match self.map.get_mut(&time) {
+            Some(v) => {
+                v.push(message.to_string());
+            }
+            None => {
+                let m = vec![message.to_string(); 1];
+                self.map.insert(time, m);
+            }
+        }
    }

    /// メッセージを返す
-    pub fn get(&self, message_num: &str) -> &MessageText {
-        self.map
-            .get(message_num)
-            .unwrap_or(self.map.get("undefined").unwrap())
+    pub fn get(&self, time: DateTime<Utc>) -> Vec<String> {
+        match self.map.get(&time) {
+            Some(v) => (&v).to_vec(),
+            None => Vec::new(),
+        }
    }

    /// MessageMaoのなかに入っているメッセージすべてを表示する
-    pub fn print(&self) {
+    pub fn debug(&self) {
        println!("{:?}", self.map);
    }
 }
@@ -69,18 +73,16 @@ pub fn get_lang() -> Lang {
 }

 #[test]
-fn test_create_and_read_message() {
-    let mut error_message = Message::new();
+fn test_create_and_append_message() {
+    let mut message = Message::new();
+    let poke = Utc.ymd(1996, 2, 27).and_hms(1, 5, 1);
+    let taka = Utc.ymd(2000, 1, 21).and_hms(9, 6, 1);

-    error_message.insert(
-        "4103".to_string(),
-        MessageText {
-            ja: "パイプライン実行をしています".to_string(),
-            en: "Execute pipeline".to_string(),
-        },
-    );
+    message.insert(poke, "TEST".to_string());
+    message.insert(poke, "TEST2".to_string());
+    message.insert(taka, "TEST3".to_string());

-    let display = format!("{}", format_args!("{}", error_message.get("4103")));
-
-    assert_eq!(display, "Execute pipeline")
+    let display = format!("{}", format_args!("{:?}", message));
+    let expect = "Message { map: {1996-02-27T01:05:01Z: [\"TEST\", \"TEST2\"], 2000-01-21T09:06:01Z: [\"TEST3\"]} }";
+    assert_eq!(display, expect);
 }