CSEC_PUBLIC/hayabusa
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #571 from Yamato-Security/#568-strip-symbols

Browse Source 
replaced unnecessary clone use
This commit is contained in:
DustInDark
2022-06-08 10:48:08 +09:00
committed by GitHub
parent ca77a0b47b 66ca2acb63
commit c4969cedfa
7 changed files with 129 additions and 1302 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1274
Cargo.lock generated
View File

File diff suppressed because it is too large Load Diff

6
Cargo.toml
View File

@@ -24,8 +24,6 @@ linked-hash-map = "0.5.*"
tokio = { version = "1", features = ["full"] }
num_cpus = "1.13.*"
downcast-rs = "1.2.0"
slack-hook = "0.8"
dotenv = "0.15.*"
hhmmss = "*"
pbr = "*"
hashbrown = "0.12.*"
@@ -37,7 +35,6 @@ krapslog = "*"
terminal_size = "*"
bytesize = "1.1"
hyper = "0.14.19"
miow = "0.4.0"
lock_api = "0.4.7"
crossbeam-utils = "0.8.8"
@@ -45,9 +42,6 @@ crossbeam-utils = "0.8.8"
is_elevated = "0.1.2"
static_vcruntime = "2.0"
[target.'cfg(unix)'.dependencies] #Mac and Linux
openssl = { version = "*", features = ["vendored"] } #vendored is needed to compile statically.
[profile.release]
lto = true
strip = "symbols"

2
src/detections/pivot.rs
View File

@@ -7,7 +7,7 @@ use std::sync::RwLock;
use crate::detections::configs;
use crate::detections::utils::get_serde_number_to_string;
#[derive(Debug, Clone)]
#[derive(Debug)]
pub struct PivotKeyword {
pub keywords: HashSet<String>,
pub fields: HashSet<String>,

6
src/detections/print.rs
View File

@@ -252,10 +252,10 @@ impl AlertMessage {
.as_bytes(),
)
.ok();
let error_logs = ERROR_LOG_STACK.lock().unwrap().clone();
for error_log in error_logs.iter() {
let error_logs = ERROR_LOG_STACK.lock().unwrap();
error_logs.iter().for_each(|error_log| {
writeln!(error_log_writer, "{}", error_log).ok();
}
});
println!(
"Errors were generated. Please check {} for details.",
*ERROR_LOG_PATH

84
src/main.rs
View File

@@ -13,6 +13,7 @@ use git2::Repository;
use hashbrown::{HashMap, HashSet};
use hayabusa::detections::configs::{load_pivot_keywords, TargetEventTime};
use hayabusa::detections::detection::{self, EvtxRecordInfo};
use hayabusa::detections::pivot::PivotKeyword;
use hayabusa::detections::pivot::PIVOT_KEYWORD;
use hayabusa::detections::print::{
AlertMessage, ERROR_LOG_PATH, ERROR_LOG_STACK, LOGONSUMMARY_FLAG, PIVOT_KEYWORD_LIST_FLAG,
@@ -31,6 +32,7 @@ use serde_json::Value;
use std::cmp::Ordering;
use std::ffi::{OsStr, OsString};
use std::fmt::Display;
use std::fmt::Write as _;
use std::fs::create_dir;
use std::io::{BufWriter, Write};
use std::path::Path;
@@ -152,8 +154,8 @@ impl App {
}
if let Some(csv_path) = configs::CONFIG.read().unwrap().args.value_of("output") {
let pivot_key_unions = PIVOT_KEYWORD.read().unwrap().clone();
for (key, _) in pivot_key_unions.iter() {
let pivot_key_unions = PIVOT_KEYWORD.read().unwrap();
pivot_key_unions.iter().for_each(|(key, _)| {
let keywords_file_name = csv_path.to_owned() + "-" + key + ".txt";
if Path::new(&keywords_file_name).exists() {
AlertMessage::alert(&format!(
@@ -161,9 +163,8 @@ impl App {
&keywords_file_name
))
.ok();
return;
}
}
});
if Path::new(csv_path).exists() {
AlertMessage::alert(&format!(
" The file {} already exists. Please specify a different filename.",
@@ -295,59 +296,54 @@ impl App {
}
if *PIVOT_KEYWORD_LIST_FLAG {
let pivot_key_unions = PIVOT_KEYWORD.read().unwrap();
let create_output = |mut output: String, key: &String, pivot_keyword: &PivotKeyword| {
write!(output, "{}: ", key).ok();
write!(output, "( ").ok();
for i in pivot_keyword.fields.iter() {
write!(output, "%{}% ", i).ok();
}
writeln!(output, "):").ok();
for i in pivot_keyword.keywords.iter() {
writeln!(output, "{}", i).ok();
}
writeln!(output).ok();
output
};
//ファイル出力の場合
if let Some(pivot_file) = configs::CONFIG.read().unwrap().args.value_of("output") {
let pivot_key_unions = PIVOT_KEYWORD.read().unwrap().clone();
for (key, pivot_keyword) in pivot_key_unions.iter() {
pivot_key_unions.iter().for_each(|(key, pivot_keyword)| {
let mut f = BufWriter::new(
fs::File::create(pivot_file.to_owned() + "-" + key + ".txt").unwrap(),
);
let mut output = "".to_string();
output += &format!("{}: ", key).to_string();
output += "( ";
for i in pivot_keyword.fields.iter() {
output += &format!("%{}% ", i).to_string();
}
output += "):";
output += "\n";
for i in pivot_keyword.keywords.iter() {
output += &format!("{}\n", i).to_string();
}
f.write_all(output.as_bytes()).unwrap();
}
f.write_all(create_output(String::default(), key, pivot_keyword).as_bytes())
.unwrap();
});
//output to stdout
let mut output =
"Pivot keyword results saved to the following files:\n".to_string();
for (key, _) in pivot_key_unions.iter() {
output += &(pivot_file.to_owned() + "-" + key + ".txt" + "\n");
}
pivot_key_unions.iter().for_each(|(key, _)| {
writeln!(output, "{}", &(pivot_file.to_owned() + "-" + key + ".txt")).ok();
});
write_color_buffer(BufferWriter::stdout(ColorChoice::Always), None, &output).ok();
} else {
//標準出力の場合
let mut output = "The following pivot keywords were found:\n".to_string();
let pivot_key_unions = PIVOT_KEYWORD.read().unwrap().clone();
for (key, pivot_keyword) in pivot_key_unions.iter() {
output += &format!("{}: ", key).to_string();
output += "( ";
for i in pivot_keyword.fields.iter() {
output += &format!("%{}% ", i).to_string();
}
output += "):";
output += "\n";
for i in pivot_keyword.keywords.iter() {
output += &format!("{}\n", i).to_string();
}
output += "\n";
}
let output = "The following pivot keywords were found:".to_string();
write_color_buffer(BufferWriter::stdout(ColorChoice::Always), None, &output).ok();
pivot_key_unions.iter().for_each(|(key, pivot_keyword)| {
write_color_buffer(
BufferWriter::stdout(ColorChoice::Always),
None,
&create_output(String::default(), key, pivot_keyword),
)
.ok();
});
}
}
}

2
src/notify/mod.rs
View File

@@ -1 +1 @@
pub mod slack;

57
src/notify/slack.rs
View File

@@ -1,57 +0,0 @@
extern crate slack_hook;
use dotenv::dotenv;
use slack_hook::{PayloadBuilder, Slack};
use std::env;
pub struct SlackNotify {}
impl SlackNotify {
// Check if Slack is configured.
pub fn check_setting() -> bool {
dotenv().ok();
if env::var("CHANNEL").is_err() {
eprintln!("Channel not found");
return false;
}
if env::var("WEBHOOK_URL").is_err() {
eprintln!("WEBHOOK_URL not found");
return false;
}
true
}
// send message to slack.
pub fn notify(msg: String) -> Result<(), String> {
dotenv().ok();
if !SlackNotify::check_setting() {
return Ok(());
}
let channel = env::var("CHANNEL").expect("CHANNEL is not found");
let webhook_url = env::var("WEBHOOK_URL").expect("WEBHOOK_URL is not found");
let ret = SlackNotify::_send_to_slack(msg, &channel, &webhook_url);
if ret.is_ok() {
Ok(())
} else {
Err("Slack Notification Failed.".to_string())
}
}
fn _send_to_slack(
msg: String,
channel: &str,
webhook_url: &str,
) -> Result<(), slack_hook::Error> {
let slack = Slack::new(webhook_url).unwrap();
let p = PayloadBuilder::new()
.text(msg)
.channel(channel)
.username("hayabusa Notify Bot")
.icon_emoji(":scream:")
.build()
.unwrap();
slack.send(&p)
}
}