Hotfix/hidden file read159 (#180)

* added error output of no evtx extension in filepath and directory args #159 * fixed error of hidden file read #159 - file extension is limited to yml when load of rule * fix for no extension rule file. Co-authored-by: ichiichi11 <takai.wa.hajime@gmail.com>
2021-11-10 22:55:20 +09:00
parent 9b24bc661b
commit be04a0410e
2 changed files with 20 additions and 1 deletions
--- a/src/main.rs
+++ b/src/main.rs
@@ -29,9 +29,25 @@ fn main() {
    }
    let analysis_start_time: DateTime<Utc> = Utc::now();
    if let Some(filepath) = configs::CONFIG.read().unwrap().args.value_of("filepath") {
+        if !filepath.ends_with(".evtx") {
+            let stdout = std::io::stdout();
+            let mut stdout = stdout.lock();
+            AlertMessage::alert(
+                &mut stdout,
+                "--filepath is only accepted evtx file.".to_owned(),
+            )
+            .ok();
+            return;
+        }
        analysis_files(vec![PathBuf::from(filepath)]);
    } else if let Some(directory) = configs::CONFIG.read().unwrap().args.value_of("directory") {
        let evtx_files = collect_evtxfiles(&directory);
+        if evtx_files.len() == 0 {
+            let stdout = std::io::stdout();
+            let mut stdout = stdout.lock();
+            AlertMessage::alert(&mut stdout, "No exist evtx file.".to_owned()).ok();
+            return;
+        }
        analysis_files(evtx_files);
    } else if configs::CONFIG.read().unwrap().args.is_present("credits") {
        print_credits();
--- a/src/yaml.rs
+++ b/src/yaml.rs
@@ -2,6 +2,7 @@ extern crate serde_derive;
 extern crate yaml_rust;

 use crate::detections::print::AlertMessage;
+use std::ffi::OsStr;
 use std::fs;
 use std::io;
 use std::io::{BufReader, Read};
@@ -34,7 +35,9 @@ impl ParseYaml {
        Ok(fs::read_dir(path)?
            .filter_map(|entry| {
                let entry = entry.ok()?;
-                if entry.file_type().ok()?.is_file() {
+                if entry.file_type().ok()?.is_file()
+                    && entry.path().extension().unwrap_or(OsStr::new("")) == "yml"
+                {
                    let stdout = std::io::stdout();
                    let mut stdout = stdout.lock();
                    match self.read_file(entry.path()) {