From bf1e57945b554bdb5225de846b99a89b2dc1e7cd Mon Sep 17 00:00:00 2001
From: HajimeTakai <takai.wa.hajime@gmail.com>
Date: Sat, 15 May 2021 01:12:36 +0900
Subject: [PATCH] add statistics template

---
 src/detections/configs.rs  |  1 -
 src/main.rs                |  5 ++++-
 src/timeline/statistics.rs | 27 +++++++++++++++++++++++++++
 src/timeline/timeline.rs   | 18 ++++++++++++++++++
 4 files changed, 49 insertions(+), 2 deletions(-)

diff --git a/src/detections/configs.rs b/src/detections/configs.rs
index 98502f00..a05dee2a 100644
--- a/src/detections/configs.rs
+++ b/src/detections/configs.rs
@@ -51,7 +51,6 @@ fn build_app<'a>() -> ArgMatches<'a> {
         .arg(Arg::from_usage("-d --directory=[DIRECTORY] 'event log files directory'"))
         .arg(Arg::from_usage("-s --statistics 'event statistics'"))
         .arg(Arg::from_usage("-t --threadnum=[NUM] 'thread number'"))
-        .arg(Arg::from_usage("-tl --timeline 'show event log timeline'"))
         .arg(Arg::from_usage("--credits 'Zachary Mathis, Akira Nishikawa'"))
         .get_matches()
 }
diff --git a/src/main.rs b/src/main.rs
index 1d09a0d1..93126867 100644
--- a/src/main.rs
+++ b/src/main.rs
@@ -7,7 +7,7 @@ use std::{
     path::PathBuf,
 };
 use tokio::{spawn, task::JoinHandle};
-use yamato_event_analyzer::detections::configs;
+use yamato_event_analyzer::{detections::configs, timeline::timeline::Timeline};
 use yamato_event_analyzer::detections::detection;
 use yamato_event_analyzer::detections::detection::EvtxRecordInfo;
 use yamato_event_analyzer::detections::print::AlertMessage;
@@ -72,6 +72,9 @@ fn print_credits() {
 fn detect_files(evtx_files: Vec<PathBuf>) {
     let evnt_records = evtx_to_jsons(&evtx_files);
 
+    let mut tl = Timeline::new();
+    tl.start(&evnt_records);
+
     let mut detection = detection::Detection::new();
     &detection.start(evnt_records);
 
diff --git a/src/timeline/statistics.rs b/src/timeline/statistics.rs
index 8b137891..08a80586 100644
--- a/src/timeline/statistics.rs
+++ b/src/timeline/statistics.rs
@@ -1 +1,28 @@
+use crate::detections::{configs, detection::EvtxRecordInfo};
 
+#[derive(Debug)]
+pub struct EventStatistics {
+}
+/**
+* Windows Event Logの統計情報を出力する
+*/
+impl EventStatistics {
+    pub fn new() -> EventStatistics {
+        return EventStatistics {};
+    }
+
+    // この関数の戻り値として、コンソールに出力する内容をStringの可変配列(Vec)として返却してください。
+    // 可変配列にしているのは改行を表すためで、可変配列にコンソールに出力する内容を1行ずつ追加してください。
+
+    // 現状では、この関数の戻り値として返すVec<String>を表示するコードは実装していません。
+    pub fn start(&mut self, _records: &Vec<EvtxRecordInfo> ) -> Vec<String> {
+        // 引数でstatisticsオプションが指定されている時だけ、
+        if configs::CONFIG.read().unwrap().args.value_of("statistics").is_none() {
+            return vec![];
+        }
+
+        // TODO ここから下を書いて欲しいです!!
+
+        return vec![];
+    }
+}
\ No newline at end of file
diff --git a/src/timeline/timeline.rs b/src/timeline/timeline.rs
index 8b137891..47294d1f 100644
--- a/src/timeline/timeline.rs
+++ b/src/timeline/timeline.rs
@@ -1 +1,19 @@
+use crate::detections::detection::EvtxRecordInfo;
 
+use super::statistics::EventStatistics;
+
+
+#[derive(Debug)]
+pub struct Timeline {
+}
+
+impl Timeline {
+    pub fn new() -> Timeline {
+        return Timeline {};
+    }
+
+    pub fn start(&mut self, records: &Vec<EvtxRecordInfo> ) {
+        let mut statistic = EventStatistics::new();
+        statistic.start(records);
+    }
+}
\ No newline at end of file