From be04a0410e32b4e90aaf4017dec74f4dc9a2616a Mon Sep 17 00:00:00 2001
From: DustInDark <nextsasasa@gmail.com>
Date: Wed, 10 Nov 2021 22:55:20 +0900
Subject: [PATCH] Hotfix/hidden file read159 (#180)

* added error output of no evtx extension in  filepath and directory args #159

* fixed error of  hidden file read #159

- file extension is limited to yml  when load of rule

* fix for no extension rule file.

Co-authored-by: ichiichi11 <takai.wa.hajime@gmail.com>
---
 src/main.rs | 16 ++++++++++++++++
 src/yaml.rs |  5 ++++-
 2 files changed, 20 insertions(+), 1 deletion(-)

diff --git a/src/main.rs b/src/main.rs
index a070ec32..73ba961e 100644
--- a/src/main.rs
+++ b/src/main.rs
@@ -29,9 +29,25 @@ fn main() {
     }
     let analysis_start_time: DateTime<Utc> = Utc::now();
     if let Some(filepath) = configs::CONFIG.read().unwrap().args.value_of("filepath") {
+        if !filepath.ends_with(".evtx") {
+            let stdout = std::io::stdout();
+            let mut stdout = stdout.lock();
+            AlertMessage::alert(
+                &mut stdout,
+                "--filepath is only accepted evtx file.".to_owned(),
+            )
+            .ok();
+            return;
+        }
         analysis_files(vec![PathBuf::from(filepath)]);
     } else if let Some(directory) = configs::CONFIG.read().unwrap().args.value_of("directory") {
         let evtx_files = collect_evtxfiles(&directory);
+        if evtx_files.len() == 0 {
+            let stdout = std::io::stdout();
+            let mut stdout = stdout.lock();
+            AlertMessage::alert(&mut stdout, "No exist evtx file.".to_owned()).ok();
+            return;
+        }
         analysis_files(evtx_files);
     } else if configs::CONFIG.read().unwrap().args.is_present("credits") {
         print_credits();
diff --git a/src/yaml.rs b/src/yaml.rs
index 8149b648..39e3b6a2 100644
--- a/src/yaml.rs
+++ b/src/yaml.rs
@@ -2,6 +2,7 @@ extern crate serde_derive;
 extern crate yaml_rust;
 
 use crate::detections::print::AlertMessage;
+use std::ffi::OsStr;
 use std::fs;
 use std::io;
 use std::io::{BufReader, Read};
@@ -34,7 +35,9 @@ impl ParseYaml {
         Ok(fs::read_dir(path)?
             .filter_map(|entry| {
                 let entry = entry.ok()?;
-                if entry.file_type().ok()?.is_file() {
+                if entry.file_type().ok()?.is_file()
+                    && entry.path().extension().unwrap_or(OsStr::new("")) == "yml"
+                {
                     let stdout = std::io::stdout();
                     let mut stdout = stdout.lock();
                     match self.read_file(entry.path()) {