Hotfix/hidden file read159 (#180)
* added error output of no evtx extension in filepath and directory args #159 * fixed error of hidden file read #159 - file extension is limited to yml when load of rule * fix for no extension rule file. Co-authored-by: ichiichi11 <takai.wa.hajime@gmail.com>
This commit is contained in:
DustInDark
GitHub
16
src/main.rs
16
src/main.rs
@@ -29,9 +29,25 @@ fn main() {
|
|||||||
}
|
}
|
||||||
let analysis_start_time: DateTime<Utc> = Utc::now();
|
let analysis_start_time: DateTime<Utc> = Utc::now();
|
||||||
if let Some(filepath) = configs::CONFIG.read().unwrap().args.value_of("filepath") {
|
if let Some(filepath) = configs::CONFIG.read().unwrap().args.value_of("filepath") {
|
||||||
|
if !filepath.ends_with(".evtx") {
|
||||||
|
let stdout = std::io::stdout();
|
||||||
|
let mut stdout = stdout.lock();
|
||||||
|
AlertMessage::alert(
|
||||||
|
&mut stdout,
|
||||||
|
"--filepath is only accepted evtx file.".to_owned(),
|
||||||
|
)
|
||||||
|
.ok();
|
||||||
|
return;
|
||||||
|
}
|
||||||
analysis_files(vec![PathBuf::from(filepath)]);
|
analysis_files(vec![PathBuf::from(filepath)]);
|
||||||
} else if let Some(directory) = configs::CONFIG.read().unwrap().args.value_of("directory") {
|
} else if let Some(directory) = configs::CONFIG.read().unwrap().args.value_of("directory") {
|
||||||
let evtx_files = collect_evtxfiles(&directory);
|
let evtx_files = collect_evtxfiles(&directory);
|
||||||
|
if evtx_files.len() == 0 {
|
||||||
|
let stdout = std::io::stdout();
|
||||||
|
let mut stdout = stdout.lock();
|
||||||
|
AlertMessage::alert(&mut stdout, "No exist evtx file.".to_owned()).ok();
|
||||||
|
return;
|
||||||
|
}
|
||||||
analysis_files(evtx_files);
|
analysis_files(evtx_files);
|
||||||
} else if configs::CONFIG.read().unwrap().args.is_present("credits") {
|
} else if configs::CONFIG.read().unwrap().args.is_present("credits") {
|
||||||
print_credits();
|
print_credits();
|
||||||
|
|||||||
@@ -2,6 +2,7 @@ extern crate serde_derive;
|
|||||||
extern crate yaml_rust;
|
extern crate yaml_rust;
|
||||||
|
|
||||||
use crate::detections::print::AlertMessage;
|
use crate::detections::print::AlertMessage;
|
||||||
|
use std::ffi::OsStr;
|
||||||
use std::fs;
|
use std::fs;
|
||||||
use std::io;
|
use std::io;
|
||||||
use std::io::{BufReader, Read};
|
use std::io::{BufReader, Read};
|
||||||
@@ -34,7 +35,9 @@ impl ParseYaml {
|
|||||||
Ok(fs::read_dir(path)?
|
Ok(fs::read_dir(path)?
|
||||||
.filter_map(|entry| {
|
.filter_map(|entry| {
|
||||||
let entry = entry.ok()?;
|
let entry = entry.ok()?;
|
||||||
if entry.file_type().ok()?.is_file() {
|
if entry.file_type().ok()?.is_file()
|
||||||
|
&& entry.path().extension().unwrap_or(OsStr::new("")) == "yml"
|
||||||
|
{
|
||||||
let stdout = std::io::stdout();
|
let stdout = std::io::stdout();
|
||||||
let mut stdout = stdout.lock();
|
let mut stdout = stdout.lock();
|
||||||
match self.read_file(entry.path()) {
|
match self.read_file(entry.path()) {
|
||||||
|
|||||||
Reference in New Issue
Block a user