Fix/fix clippy warn (#434)
- Fixed following Clippy Warnings(previous warning count: 671 -> after: 4) - clippy::needless_return - clippy::println_empty_string - clippy::redundant_field_names - clippy::single_char_pattern - clippy::len_zero - clippy::iter_nth_zero - clippy::bool_comparison - clippy::question_mark - clippy::needless_collect - clippy::unnecessary_unwrap - clippy::ptr_arg - clippy::needless_collect - clippy::needless_borrow - clippy::new_without_default - clippy::assign_op_pattern - clippy::bool_assert_comparison - clippy::into_iter_on_ref - clippy::deref_addrof - clippy::while_let_on_iterator - clippy::match_like_matches_macro - clippy::or_fun_call - clippy::useless_conversion - clippy::let_and_return - clippy::redundant_clone - clippy::redundant_closure - clippy::cmp_owned - clippy::upper_case_acronyms - clippy::map_identity - clippy::unused_io_amount - clippy::assertions_on_constants - clippy::op_ref - clippy::useless_vec - clippy::vec_init_then_push - clippy::useless_format - clippy::bind_instead_of_map - clippy::bool_comparison - clippy::clone_on_copy - clippy::too_many_arguments - clippy::module_inception - fixed clippy::needless_lifetimes - fixed clippy::borrowed_box (Thanks for helping by hach1yon!)
This commit is contained in:
DustInDark
GitHub
@@ -2,6 +2,7 @@ extern crate csv;
|
||||
|
||||
use crate::detections::configs;
|
||||
use crate::detections::print::AlertMessage;
|
||||
use crate::detections::print::DetectInfo;
|
||||
use crate::detections::print::ERROR_LOG_STACK;
|
||||
use crate::detections::print::MESSAGES;
|
||||
use crate::detections::print::QUIET_ERRORS_FLAG;
|
||||
@@ -31,8 +32,8 @@ pub struct EvtxRecordInfo {
|
||||
}
|
||||
|
||||
impl EvtxRecordInfo {
|
||||
pub fn get_value(&self, key: &String) -> Option<&String> {
|
||||
return self.key_2_value.get(key);
|
||||
pub fn get_value(&self, key: &str) -> Option<&String> {
|
||||
self.key_2_value.get(key)
|
||||
}
|
||||
}
|
||||
|
||||
@@ -42,12 +43,12 @@ pub struct Detection {
|
||||
}
|
||||
|
||||
impl Detection {
|
||||
pub fn new(rules: Vec<RuleNode>) -> Detection {
|
||||
return Detection { rules: rules };
|
||||
pub fn new(rule_nodes: Vec<RuleNode>) -> Detection {
|
||||
Detection { rules: rule_nodes }
|
||||
}
|
||||
|
||||
pub fn start(self, rt: &Runtime, records: Vec<EvtxRecordInfo>) -> Self {
|
||||
return rt.block_on(self.execute_rules(records));
|
||||
rt.block_on(self.execute_rules(records))
|
||||
}
|
||||
|
||||
// ルールファイルをパースします。
|
||||
@@ -104,9 +105,9 @@ impl Detection {
|
||||
});
|
||||
}
|
||||
parseerror_count += 1;
|
||||
println!(""); // 一行開けるためのprintln
|
||||
println!(); // 一行開けるためのprintln
|
||||
});
|
||||
return Option::None;
|
||||
Option::None
|
||||
};
|
||||
// parse rule files
|
||||
let ret = rulefile_loader
|
||||
@@ -120,7 +121,7 @@ impl Detection {
|
||||
&parseerror_count,
|
||||
&rulefile_loader.ignorerule_count,
|
||||
);
|
||||
return ret;
|
||||
ret
|
||||
}
|
||||
|
||||
// 複数のイベントレコードに対して、複数のルールを1個実行します。
|
||||
@@ -132,10 +133,7 @@ impl Detection {
|
||||
.into_iter()
|
||||
.map(|rule| {
|
||||
let records_cloned = Arc::clone(&records_arc);
|
||||
return spawn(async move {
|
||||
let moved_rule = Detection::execute_rule(rule, records_cloned);
|
||||
return moved_rule;
|
||||
});
|
||||
spawn(async move { Detection::execute_rule(rule, records_cloned) })
|
||||
})
|
||||
.collect();
|
||||
|
||||
@@ -151,7 +149,7 @@ impl Detection {
|
||||
// self.rulesが再度所有権を取り戻せるように、Detection::execute_ruleで引数に渡したruleを戻り値として返すようにしている。
|
||||
self.rules = rules;
|
||||
|
||||
return self;
|
||||
self
|
||||
}
|
||||
|
||||
pub fn add_aggcondition_msges(self, rt: &Runtime) {
|
||||
@@ -175,17 +173,17 @@ impl Detection {
|
||||
fn execute_rule(mut rule: RuleNode, records: Arc<Vec<EvtxRecordInfo>>) -> RuleNode {
|
||||
let agg_condition = rule.has_agg_condition();
|
||||
for record_info in records.as_ref() {
|
||||
let result = rule.select(&record_info);
|
||||
let result = rule.select(record_info);
|
||||
if !result {
|
||||
continue;
|
||||
}
|
||||
// aggregation conditionが存在しない場合はそのまま出力対応を行う
|
||||
if !agg_condition {
|
||||
Detection::insert_message(&rule, &record_info);
|
||||
Detection::insert_message(&rule, record_info);
|
||||
}
|
||||
}
|
||||
|
||||
return rule;
|
||||
rule
|
||||
}
|
||||
|
||||
/// 条件に合致したレコードを表示するための関数
|
||||
@@ -193,23 +191,27 @@ impl Detection {
|
||||
let tag_info: Vec<String> = rule.yaml["tags"]
|
||||
.as_vec()
|
||||
.unwrap_or(&Vec::default())
|
||||
.into_iter()
|
||||
.iter()
|
||||
.map(|info| info.as_str().unwrap_or("").replace("attack.", ""))
|
||||
.collect();
|
||||
MESSAGES.lock().unwrap().insert(
|
||||
record_info.evtx_filepath.to_string(),
|
||||
rule.rulepath.to_string(),
|
||||
&record_info.record,
|
||||
rule.yaml["level"].as_str().unwrap_or("-").to_string(),
|
||||
record_info.record["Event"]["System"]["Computer"]
|
||||
.to_string()
|
||||
.replace("\"", ""),
|
||||
get_serde_number_to_string(&record_info.record["Event"]["System"]["EventID"])
|
||||
.unwrap_or("-".to_owned())
|
||||
.to_string(),
|
||||
rule.yaml["title"].as_str().unwrap_or("").to_string(),
|
||||
rule.yaml["details"].as_str().unwrap_or("").to_string(),
|
||||
tag_info.join(" : "),
|
||||
DetectInfo {
|
||||
filepath: record_info.evtx_filepath.to_string(),
|
||||
rulepath: rule.rulepath.to_string(),
|
||||
level: rule.yaml["level"].as_str().unwrap_or("-").to_string(),
|
||||
computername: record_info.record["Event"]["System"]["Computer"]
|
||||
.to_string()
|
||||
.replace("\"", ""),
|
||||
eventid: get_serde_number_to_string(
|
||||
&record_info.record["Event"]["System"]["EventID"],
|
||||
)
|
||||
.unwrap_or_else(|| "-".to_owned()),
|
||||
alert: rule.yaml["title"].as_str().unwrap_or("").to_string(),
|
||||
detail: String::default(),
|
||||
tag_info: tag_info.join(" : "),
|
||||
},
|
||||
);
|
||||
}
|
||||
|
||||
@@ -218,20 +220,22 @@ impl Detection {
|
||||
let tag_info: Vec<String> = rule.yaml["tags"]
|
||||
.as_vec()
|
||||
.unwrap_or(&Vec::default())
|
||||
.into_iter()
|
||||
.iter()
|
||||
.map(|info| info.as_str().unwrap_or("").replace("attack.", ""))
|
||||
.collect();
|
||||
let output = Detection::create_count_output(rule, &agg_result);
|
||||
MESSAGES.lock().unwrap().insert_message(
|
||||
"-".to_owned(),
|
||||
rule.rulepath.to_owned(),
|
||||
DetectInfo {
|
||||
filepath: "-".to_owned(),
|
||||
rulepath: rule.rulepath.to_owned(),
|
||||
level: rule.yaml["level"].as_str().unwrap_or("").to_owned(),
|
||||
computername: "-".to_owned(),
|
||||
eventid: "-".to_owned(),
|
||||
alert: rule.yaml["title"].as_str().unwrap_or("").to_owned(),
|
||||
detail: output,
|
||||
tag_info: tag_info.join(" : "),
|
||||
},
|
||||
agg_result.start_timedate,
|
||||
rule.yaml["level"].as_str().unwrap_or("").to_owned(),
|
||||
"-".to_owned(),
|
||||
"-".to_owned(),
|
||||
rule.yaml["title"].as_str().unwrap_or("").to_owned(),
|
||||
output.to_owned(),
|
||||
tag_info.join(" : "),
|
||||
)
|
||||
}
|
||||
|
||||
@@ -242,15 +246,11 @@ impl Detection {
|
||||
let agg_condition_raw_str: Vec<&str> = rule.yaml["detection"]["condition"]
|
||||
.as_str()
|
||||
.unwrap()
|
||||
.split("|")
|
||||
.split('|')
|
||||
.collect();
|
||||
// この関数が呼び出されている段階で既にaggregation conditionは存在する前提なのでunwrap前の確認は行わない
|
||||
let agg_condition = rule.get_agg_condition().unwrap();
|
||||
let exist_timeframe = rule.yaml["detection"]["timeframe"]
|
||||
.as_str()
|
||||
.unwrap_or("")
|
||||
.to_string()
|
||||
!= "";
|
||||
let exist_timeframe = rule.yaml["detection"]["timeframe"].as_str().unwrap_or("") != "";
|
||||
// この関数が呼び出されている段階で既にaggregation conditionは存在する前提なのでagg_conditionの配列の長さは2となる
|
||||
ret.push_str(agg_condition_raw_str[1].trim());
|
||||
if exist_timeframe {
|
||||
@@ -281,8 +281,9 @@ impl Detection {
|
||||
));
|
||||
}
|
||||
|
||||
return ret;
|
||||
ret
|
||||
}
|
||||
|
||||
pub fn print_rule_load_info(
|
||||
rc: &HashMap<String, u128>,
|
||||
parseerror_count: &u128,
|
||||
@@ -302,7 +303,7 @@ impl Detection {
|
||||
"Total enabled detection rules: {}",
|
||||
total - ignore_count - parseerror_count
|
||||
);
|
||||
println!("");
|
||||
println!();
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user