From 865761f35d052ddeb9760b8acffdf409029ef747 Mon Sep 17 00:00:00 2001 From: Tanaka Zakku <71482215+YamatoSecurity@users.noreply.github.com> Date: Tue, 7 Jun 2022 10:51:34 +0900 Subject: [PATCH 01/11] strip symbols when compiling --- CHANGELOG-Japanese.md | 6 ++++++ CHANGELOG.md | 6 ++++++ Cargo.toml | 3 ++- 3 files changed, 14 insertions(+), 1 deletion(-) diff --git a/CHANGELOG-Japanese.md b/CHANGELOG-Japanese.md index 12546b8d..88617cce 100644 --- a/CHANGELOG-Japanese.md +++ b/CHANGELOG-Japanese.md @@ -1,5 +1,11 @@ # 変更点 +## v1.3.1 [2022/xx/xx] + +**改善:** + +- LinuxとmacOSのバイナリサイズをより小さくするために、デバッグシンボルをストリップします。(#568) (@YamatoSecurity) + ## v1.3.0 [2022/06/06] **新機能:** diff --git a/CHANGELOG.md b/CHANGELOG.md index 7b7a6021..82736a6e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,11 @@ # Changes +## v1.3.1 [2022/xx/xx] + +**Enhancements:** + +- Strip debug symbols by default for smaller Linux and macOS binaries. (#568) (@YamatoSecurity) + ## v1.3.0 [2022/06/06] **New Features:** diff --git a/Cargo.toml b/Cargo.toml index 85faa503..b1f4c6f0 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -45,4 +45,5 @@ static_vcruntime = "2.0" openssl = { version = "*", features = ["vendored"] } #vendored is needed to compile statically. [profile.release] -lto = true \ No newline at end of file +lto = true +strip = "symbols" \ No newline at end of file From ca8b817b7a8089d5e5faf129c06d53ab53746930 Mon Sep 17 00:00:00 2001 From: Tanaka Zakku <71482215+YamatoSecurity@users.noreply.github.com> Date: Tue, 7 Jun 2022 18:10:47 +0900 Subject: [PATCH 02/11] update cargo --- Cargo.lock | 231 +++++++++++++++++++++++++++++++++++++++++++++++------ Cargo.toml | 6 +- 2 files changed, 211 insertions(+), 26 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 2c97c501..f9f51469 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -839,6 +839,21 @@ version = "0.1.31" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "3a471a38ef8ed83cd6e40aa59c1ffe17db6855c18e3604d9c4ed8c08ebc28678" +[[package]] +name = "futures-channel" +version = "0.3.21" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c3083ce4b914124575708913bca19bfe887522d6e2e6d0952943f5eac4a74010" +dependencies = [ + "futures-core", +] + +[[package]] +name = "futures-core" +version = "0.3.21" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0c09fd04b7e4073ac7156a9539b57a484a8ea920f79c7c675d05d289ab6110d3" + [[package]] name = "futures-cpupool" version = "0.1.8" @@ -849,6 +864,24 @@ dependencies = [ "num_cpus", ] +[[package]] +name = "futures-task" +version = "0.3.21" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "57c66a976bf5909d801bbef33416c41372779507e7a6b3a5e25e4749c58f776a" + +[[package]] +name = "futures-util" +version = "0.3.21" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d8b7abd5d659d9b90c8cba917f6ec750a74e2dc23902ef9cd4cc8c8b22e6036a" +dependencies = [ + "futures-core", + "futures-task", + "pin-project-lite", + "pin-utils", +] + [[package]] name = "getrandom" version = "0.1.16" @@ -908,7 +941,7 @@ dependencies = [ "bytes 0.4.12", "fnv", "futures", - "http", + "http 0.1.21", "indexmap", "log", "slab", @@ -933,12 +966,13 @@ dependencies = [ [[package]] name = "hayabusa" -version = "1.3.0" +version = "1.3.1-dev" dependencies = [ "base64 0.13.0", "bytesize", "chrono", "clap 2.34.0", + "crossbeam-utils 0.8.8", "csv", "dotenv", "downcast-rs", @@ -948,10 +982,13 @@ dependencies = [ "hashbrown 0.12.1", "hex 0.4.3", "hhmmss", + "hyper 0.14.19", "is_elevated", "krapslog", "lazy_static", "linked-hash-map", + "lock_api 0.4.7", + "miow 0.4.0", "num_cpus", "openssl", "pbr", @@ -965,7 +1002,7 @@ dependencies = [ "static_vcruntime", "termcolor", "terminal_size", - "tokio 1.19.0", + "tokio 1.19.2", "yaml-rust", ] @@ -1011,6 +1048,17 @@ dependencies = [ "itoa 0.4.8", ] +[[package]] +name = "http" +version = "0.2.8" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "75f43d41e26995c17e71ee126451dd3941010b0514a81a9d11f3b341debc2399" +dependencies = [ + "bytes 1.1.0", + "fnv", + "itoa 1.0.2", +] + [[package]] name = "http-body" version = "0.1.0" @@ -1019,16 +1067,33 @@ checksum = "6741c859c1b2463a423a1dbce98d418e6c3c3fc720fb0d45528657320920292d" dependencies = [ "bytes 0.4.12", "futures", - "http", + "http 0.1.21", "tokio-buf", ] +[[package]] +name = "http-body" +version = "0.4.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d5f38f16d184e36f2408a55281cd658ecbd3ca05cce6d6510a176eca393e26d1" +dependencies = [ + "bytes 1.1.0", + "http 0.2.8", + "pin-project-lite", +] + [[package]] name = "httparse" version = "1.7.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "496ce29bb5a52785b44e0f7ca2847ae0bb839c9bd28f69acac9b99d461c0c04c" +[[package]] +name = "httpdate" +version = "1.0.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c4a1e36c821dbe04574f602848a19f742f4fb3c98d40449f11bcad18d6b17421" + [[package]] name = "humantime" version = "1.3.0" @@ -1048,8 +1113,8 @@ dependencies = [ "futures", "futures-cpupool", "h2", - "http", - "http-body", + "http 0.1.21", + "http-body 0.1.0", "httparse", "iovec", "itoa 0.4.8", @@ -1065,7 +1130,29 @@ dependencies = [ "tokio-tcp", "tokio-threadpool", "tokio-timer", - "want", + "want 0.2.0", +] + +[[package]] +name = "hyper" +version = "0.14.19" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "42dc3c131584288d375f2d07f822b0cb012d8c6fb899a5b9fdb3cb7eb9b6004f" +dependencies = [ + "bytes 1.1.0", + "futures-channel", + "futures-core", + "futures-util", + "http 0.2.8", + "http-body 0.4.5", + "httparse", + "httpdate", + "itoa 1.0.2", + "pin-project-lite", + "tokio 1.19.2", + "tower-service", + "tracing", + "want 0.3.0", ] [[package]] @@ -1076,7 +1163,7 @@ checksum = "3a800d6aa50af4b5850b2b0f659625ce9504df908e9733b635720483be26174f" dependencies = [ "bytes 0.4.12", "futures", - "hyper", + "hyper 0.12.36", "native-tls", "tokio-io", ] @@ -1337,9 +1424,9 @@ checksum = "2dffe52ecf27772e601905b7522cb4ef790d2cc203488bbd0e2fe85fcb74566d" [[package]] name = "memmap2" -version = "0.5.3" +version = "0.5.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "057a3db23999c867821a7a59feb06a578fcb03685e983dff90daf9e7d24ac08f" +checksum = "d5172b50c23043ff43dd53e51392f36519d9b35a8f3a410d30ece5d1aedd58ae" dependencies = [ "libc", ] @@ -1400,7 +1487,7 @@ dependencies = [ "kernel32-sys", "libc", "log", - "miow", + "miow 0.2.2", "net2", "slab", "winapi 0.2.8", @@ -1415,7 +1502,7 @@ dependencies = [ "libc", "log", "wasi 0.11.0+wasi-snapshot-preview1", - "windows-sys", + "windows-sys 0.36.1", ] [[package]] @@ -1430,6 +1517,15 @@ dependencies = [ "ws2_32-sys", ] +[[package]] +name = "miow" +version = "0.4.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a7377f7792b3afb6a3cba68daa54ca23c032137010460d667fda53a8d66be00e" +dependencies = [ + "windows-sys 0.28.0", +] + [[package]] name = "native-tls" version = "0.2.10" @@ -1627,7 +1723,7 @@ dependencies = [ "libc", "redox_syscall 0.2.13", "smallvec 1.8.0", - "windows-sys", + "windows-sys 0.36.1", ] [[package]] @@ -1660,6 +1756,12 @@ version = "0.2.9" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "e0a7ae3ac2f1173085d398531c705756c94a4c56843785df85a60c1a0afac116" +[[package]] +name = "pin-utils" +version = "0.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8b870d8c151b6f2fb93e84a13146138f05d02ed11c7e7c54f8826aaaf7c9f184" + [[package]] name = "pkg-config" version = "0.3.25" @@ -1966,8 +2068,8 @@ dependencies = [ "encoding_rs", "flate2", "futures", - "http", - "hyper", + "http 0.1.21", + "hyper 0.12.36", "hyper-tls", "log", "mime", @@ -2056,7 +2158,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "88d6731146462ea25d9244b2ed5fd1d716d25c52e4d54aa4fb0f3c4e9854dbe2" dependencies = [ "lazy_static", - "windows-sys", + "windows-sys 0.36.1", ] [[package]] @@ -2524,9 +2626,9 @@ dependencies = [ [[package]] name = "tokio" -version = "1.19.0" +version = "1.19.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0f392c8f16bda3456c0b00c6de39cb100449b98de55ac41c6cdd2bfcf53a1245" +checksum = "c51a52ed6686dd62c320f9b89299e9dfb46f730c7a48e635c19f21d116cb1439" dependencies = [ "bytes 1.1.0", "libc", @@ -2586,9 +2688,9 @@ dependencies = [ [[package]] name = "tokio-macros" -version = "1.7.0" +version = "1.8.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b557f72f448c511a979e2564e55d74e6c4432fc96ff4f6241bc6bded342643b7" +checksum = "9724f9a975fb987ef7a3cd9be0350edcbe130698af5b8f7a631e23d42d052484" dependencies = [ "proc-macro2", "quote", @@ -2667,6 +2769,32 @@ dependencies = [ "tokio-executor", ] +[[package]] +name = "tower-service" +version = "0.3.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "360dfd1d6d30e05fda32ace2c8c70e9c0a9da713275777f5a4dbb8a1893930c6" + +[[package]] +name = "tracing" +version = "0.1.34" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5d0ecdcb44a79f0fe9844f0c4f33a342cbcbb5117de8001e6ba0dc2351327d09" +dependencies = [ + "cfg-if 1.0.0", + "pin-project-lite", + "tracing-core", +] + +[[package]] +name = "tracing-core" +version = "0.1.26" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f54c8ca710e81886d498c2fd3331b56c93aa248d49de2222ad2742247c60072f" +dependencies = [ + "lazy_static", +] + [[package]] name = "try-lock" version = "0.2.3" @@ -2806,6 +2934,16 @@ dependencies = [ "try-lock", ] +[[package]] +name = "want" +version = "0.3.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1ce8a968cb1cd110d136ff8b819a556d6fb6d919363c61534f6860c7eb172ba0" +dependencies = [ + "log", + "try-lock", +] + [[package]] name = "wasi" version = "0.9.0+wasi-snapshot-preview1" @@ -2921,43 +3059,86 @@ version = "0.4.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "712e227841d057c1ee1cd2fb22fa7e5a5461ae8e48fa2ca79ec42cfc1931183f" +[[package]] +name = "windows-sys" +version = "0.28.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "82ca39602d5cbfa692c4b67e3bcbb2751477355141c1ed434c94da4186836ff6" +dependencies = [ + "windows_aarch64_msvc 0.28.0", + "windows_i686_gnu 0.28.0", + "windows_i686_msvc 0.28.0", + "windows_x86_64_gnu 0.28.0", + "windows_x86_64_msvc 0.28.0", +] + [[package]] name = "windows-sys" version = "0.36.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "ea04155a16a59f9eab786fe12a4a450e75cdb175f9e0d80da1e17db09f55b8d2" dependencies = [ - "windows_aarch64_msvc", - "windows_i686_gnu", - "windows_i686_msvc", - "windows_x86_64_gnu", - "windows_x86_64_msvc", + "windows_aarch64_msvc 0.36.1", + "windows_i686_gnu 0.36.1", + "windows_i686_msvc 0.36.1", + "windows_x86_64_gnu 0.36.1", + "windows_x86_64_msvc 0.36.1", ] +[[package]] +name = "windows_aarch64_msvc" +version = "0.28.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "52695a41e536859d5308cc613b4a022261a274390b25bd29dfff4bf08505f3c2" + [[package]] name = "windows_aarch64_msvc" version = "0.36.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "9bb8c3fd39ade2d67e9874ac4f3db21f0d710bee00fe7cab16949ec184eeaa47" +[[package]] +name = "windows_i686_gnu" +version = "0.28.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f54725ac23affef038fecb177de6c9bf065787c2f432f79e3c373da92f3e1d8a" + [[package]] name = "windows_i686_gnu" version = "0.36.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "180e6ccf01daf4c426b846dfc66db1fc518f074baa793aa7d9b9aaeffad6a3b6" +[[package]] +name = "windows_i686_msvc" +version = "0.28.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "51d5158a43cc43623c0729d1ad6647e62fa384a3d135fd15108d37c683461f64" + [[package]] name = "windows_i686_msvc" version = "0.36.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "e2e7917148b2812d1eeafaeb22a97e4813dfa60a3f8f78ebe204bcc88f12f024" +[[package]] +name = "windows_x86_64_gnu" +version = "0.28.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "bc31f409f565611535130cfe7ee8e6655d3fa99c1c61013981e491921b5ce954" + [[package]] name = "windows_x86_64_gnu" version = "0.36.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "4dcd171b8776c41b97521e5da127a2d86ad280114807d0b2ab1e462bc764d9e1" +[[package]] +name = "windows_x86_64_msvc" +version = "0.28.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3f2b8c7cbd3bfdddd9ab98769f9746a7fad1bca236554cd032b78d768bc0e89f" + [[package]] name = "windows_x86_64_msvc" version = "0.36.1" diff --git a/Cargo.toml b/Cargo.toml index b1f4c6f0..780a37c0 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "hayabusa" -version = "1.3.0" +version = "1.3.1-dev" authors = ["Yamato Security @SecurityYamato"] edition = "2021" @@ -36,6 +36,10 @@ prettytable-rs = "0.8" krapslog = "*" terminal_size = "*" bytesize = "1.1" +hyper = "0.14.19" +miow = "0.4.0" +lock_api = "0.4.7" +crossbeam-utils = "0.8.8" [target.'cfg(windows)'.dependencies] is_elevated = "0.1.2" From a2de1314f96b27f351c512434986b1d0c8426041 Mon Sep 17 00:00:00 2001 From: DustInDark Date: Tue, 7 Jun 2022 19:04:42 +0900 Subject: [PATCH 03/11] fixed cargo clippy errors --- src/afterfact.rs | 5 +++-- src/detections/pivot.rs | 4 ++-- src/detections/print.rs | 3 ++- src/detections/rule/matchers.rs | 2 +- src/detections/utils.rs | 4 ++-- src/timeline/timelines.rs | 22 ++++++++++++---------- 6 files changed, 22 insertions(+), 18 deletions(-) diff --git a/src/afterfact.rs b/src/afterfact.rs index 5f7dff25..9d83f8c2 100644 --- a/src/afterfact.rs +++ b/src/afterfact.rs @@ -228,7 +228,8 @@ fn emit_csv( let mut timestamps: Vec = Vec::new(); let mut plus_header = true; let mut detected_record_idset: HashSet = HashSet::new(); - for (time, detect_infos) in messages.iter() { + let detect_union = messages.iter(); + for (time, detect_infos) in detect_union { timestamps.push(_get_timestamp(time)); for detect_info in detect_infos { detected_record_idset.insert(format!("{}_{}", time, detect_info.eventid)); @@ -429,7 +430,7 @@ fn _get_serialized_disp_output(dispformat: Option) -> String { /// return str position in output file fn _format_cellpos(colval: &str, column: ColPos) -> String { - return match column { + match column { ColPos::First => format!("{} ", colval), ColPos::Last => format!(" {}", colval), ColPos::Other => format!(" {} ", colval), diff --git a/src/detections/pivot.rs b/src/detections/pivot.rs index f8be1801..24f6ad69 100644 --- a/src/detections/pivot.rs +++ b/src/detections/pivot.rs @@ -57,8 +57,8 @@ pub fn insert_pivot_keyword(event_record: &Value) { } else { return; } - - for (_, pivot) in PIVOT_KEYWORD.write().unwrap().iter_mut() { + let mut pivots = PIVOT_KEYWORD.write().unwrap().iter_mut(); + for (_, pivot) in pivots { for field in &pivot.fields { if let Some(array_str) = configs::EVENTKEY_ALIAS.get_event_key(&String::from(field)) { let split: Vec<&str> = array_str.split('.').collect(); diff --git a/src/detections/print.rs b/src/detections/print.rs index 6d4433f3..c7288369 100644 --- a/src/detections/print.rs +++ b/src/detections/print.rs @@ -252,7 +252,8 @@ impl AlertMessage { .as_bytes(), ) .ok(); - for error_log in ERROR_LOG_STACK.lock().unwrap().iter() { + let error_logs = ERROR_LOG_STACK.lock().unwrap().iter(); + for error_log in error_logs { writeln!(error_log_writer, "{}", error_log).ok(); } println!( diff --git a/src/detections/rule/matchers.rs b/src/detections/rule/matchers.rs index 744b45a0..5ed1a8c8 100644 --- a/src/detections/rule/matchers.rs +++ b/src/detections/rule/matchers.rs @@ -483,7 +483,7 @@ impl PipeElement { wildcard_regex_value.to_string() }; - return format!("{}{}", acc, regex_value); + format!("{}{}", acc, regex_value) }, ); diff --git a/src/detections/utils.rs b/src/detections/utils.rs index bfad4c46..4dc2fed9 100644 --- a/src/detections/utils.rs +++ b/src/detections/utils.rs @@ -276,7 +276,7 @@ fn create_recordinfos(record: &Value) -> String { let summary: Vec = output .iter() .map(|(key, value)| { - return format!("{}:{}", key, value); + format!("{}:{}", key, value) }) .collect(); @@ -314,7 +314,7 @@ fn _collect_recordinfo<'a>( continue; } // Event.Systemは出力しない - if key.eq("System") && keys.get(0).unwrap_or(&"").eq(&"Event") { + if key.eq("System") && keys.first().unwrap_or(&"").eq(&"Event") { continue; } diff --git a/src/timeline/timelines.rs b/src/timeline/timelines.rs index 20e1ea77..420aaf8b 100644 --- a/src/timeline/timelines.rs +++ b/src/timeline/timelines.rs @@ -35,11 +35,12 @@ impl Timeline { } pub fn tm_stats_dsp_msg(&mut self) { - if !configs::CONFIG - .read() - .unwrap() - .args - .is_present("statistics") + let statics_flag = configs::CONFIG + .read() + .unwrap() + .args + .is_present("statistics"); + if ! statics_flag { return; } @@ -70,11 +71,12 @@ impl Timeline { } pub fn tm_logon_stats_dsp_msg(&mut self) { - if !configs::CONFIG - .read() - .unwrap() - .args - .is_present("logon-summary") + let logon_summary_flag = configs::CONFIG + .read() + .unwrap() + .args + .is_present("logon-summary"); + if !logon_summary_flag { return; } From 4b623bb6312e20c18d635d12c4eceea493bb20a9 Mon Sep 17 00:00:00 2001 From: DustInDark Date: Tue, 7 Jun 2022 19:05:26 +0900 Subject: [PATCH 04/11] cargo fmt --- src/detections/utils.rs | 4 +--- src/timeline/timelines.rs | 22 ++++++++++------------ 2 files changed, 11 insertions(+), 15 deletions(-) diff --git a/src/detections/utils.rs b/src/detections/utils.rs index 4dc2fed9..fa86b628 100644 --- a/src/detections/utils.rs +++ b/src/detections/utils.rs @@ -275,9 +275,7 @@ fn create_recordinfos(record: &Value) -> String { let summary: Vec = output .iter() - .map(|(key, value)| { - format!("{}:{}", key, value) - }) + .map(|(key, value)| format!("{}:{}", key, value)) .collect(); // 標準出力する時はセルがハイプ区切りになるので、パイプ区切りにしない diff --git a/src/timeline/timelines.rs b/src/timeline/timelines.rs index 420aaf8b..508babbd 100644 --- a/src/timeline/timelines.rs +++ b/src/timeline/timelines.rs @@ -36,12 +36,11 @@ impl Timeline { pub fn tm_stats_dsp_msg(&mut self) { let statics_flag = configs::CONFIG - .read() - .unwrap() - .args - .is_present("statistics"); - if ! statics_flag - { + .read() + .unwrap() + .args + .is_present("statistics"); + if !statics_flag { return; } // 出力メッセージ作成 @@ -72,12 +71,11 @@ impl Timeline { pub fn tm_logon_stats_dsp_msg(&mut self) { let logon_summary_flag = configs::CONFIG - .read() - .unwrap() - .args - .is_present("logon-summary"); - if !logon_summary_flag - { + .read() + .unwrap() + .args + .is_present("logon-summary"); + if !logon_summary_flag { return; } // 出力メッセージ作成 From 4327a39f5c4b735f0e111cef87942f16b8c80cba Mon Sep 17 00:00:00 2001 From: DustInDark Date: Tue, 7 Jun 2022 19:11:56 +0900 Subject: [PATCH 05/11] fixed cargo clippy error --- src/afterfact.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/afterfact.rs b/src/afterfact.rs index 9d83f8c2..32c40b35 100644 --- a/src/afterfact.rs +++ b/src/afterfact.rs @@ -434,7 +434,7 @@ fn _format_cellpos(colval: &str, column: ColPos) -> String { ColPos::First => format!("{} ", colval), ColPos::Last => format!(" {}", colval), ColPos::Other => format!(" {} ", colval), - }; + } } /// output info which unique detection count and all detection count information(devided by level and total) to stdout. From c3f31c4ac2dfd484c640a8fb4fff5fd7b4acfdbc Mon Sep 17 00:00:00 2001 From: DustInDark Date: Tue, 7 Jun 2022 19:24:23 +0900 Subject: [PATCH 06/11] fixed cargo fmt --- src/detections/pivot.rs | 4 ++-- src/detections/print.rs | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/src/detections/pivot.rs b/src/detections/pivot.rs index 24f6ad69..391590c0 100644 --- a/src/detections/pivot.rs +++ b/src/detections/pivot.rs @@ -57,8 +57,8 @@ pub fn insert_pivot_keyword(event_record: &Value) { } else { return; } - let mut pivots = PIVOT_KEYWORD.write().unwrap().iter_mut(); - for (_, pivot) in pivots { + let mut pivots = PIVOT_KEYWORD.write().unwrap(); + for (_, pivot) in pivots.iter_mut() { for field in &pivot.fields { if let Some(array_str) = configs::EVENTKEY_ALIAS.get_event_key(&String::from(field)) { let split: Vec<&str> = array_str.split('.').collect(); diff --git a/src/detections/print.rs b/src/detections/print.rs index c7288369..de607eec 100644 --- a/src/detections/print.rs +++ b/src/detections/print.rs @@ -252,8 +252,8 @@ impl AlertMessage { .as_bytes(), ) .ok(); - let error_logs = ERROR_LOG_STACK.lock().unwrap().iter(); - for error_log in error_logs { + let error_logs = ERROR_LOG_STACK.lock().unwrap(); + for error_log in error_logs.iter() { writeln!(error_log_writer, "{}", error_log).ok(); } println!( From eded81e39b39c50e4cd9a25666ae5b200ae80771 Mon Sep 17 00:00:00 2001 From: DustInDark Date: Tue, 7 Jun 2022 19:42:41 +0900 Subject: [PATCH 07/11] fixed clippy error --- src/timeline/timelines.rs | 67 ++++++++++++++++++++------------------- 1 file changed, 34 insertions(+), 33 deletions(-) diff --git a/src/timeline/timelines.rs b/src/timeline/timelines.rs index 508babbd..6eb1025d 100644 --- a/src/timeline/timelines.rs +++ b/src/timeline/timelines.rs @@ -1,4 +1,4 @@ -use crate::detections::{configs, detection::EvtxRecordInfo}; +use crate::detections::{configs::CONFIG, detection::EvtxRecordInfo}; use prettytable::{Cell, Row, Table}; use super::statistics::EventStatistics; @@ -35,11 +35,7 @@ impl Timeline { } pub fn tm_stats_dsp_msg(&mut self) { - let statics_flag = configs::CONFIG - .read() - .unwrap() - .args - .is_present("statistics"); + let statics_flag = CONFIG.read().unwrap().args.is_present("statistics"); if !statics_flag { return; } @@ -70,11 +66,7 @@ impl Timeline { } pub fn tm_logon_stats_dsp_msg(&mut self) { - let logon_summary_flag = configs::CONFIG - .read() - .unwrap() - .args - .is_present("logon-summary"); + let logon_summary_flag = CONFIG.read().unwrap().args.is_present("logon-summary"); if !logon_summary_flag { return; } @@ -102,31 +94,40 @@ impl Timeline { let rate: f32 = **event_cnt as f32 / self.stats.total as f32; // イベント情報取得(eventtitleなど) - let conf = configs::CONFIG.read().unwrap(); + let conf = CONFIG + .read() + .unwrap() + .event_timeline_config + .get_event_id(*event_id) + .is_some(); // statistics_event_info.txtに登録あるものは情報設定 - match conf.event_timeline_config.get_event_id(*event_id) { - Some(e) => { - // 出力メッセージ1行作成 - msges.push(format!( - "{0} ({1:.1}%)\t{2}\t{3}", - event_cnt, - (rate * 1000.0).round() / 10.0, - event_id, - e.evttitle, - )); - } - None => { - // 出力メッセージ1行作成 - msges.push(format!( - "{0} ({1:.1}%)\t{2}\t{3}", - event_cnt, - (rate * 1000.0).round() / 10.0, - event_id, - "Unknown", - )); - } + if conf { + // 出力メッセージ1行作成 + msges.push(format!( + "{0} ({1:.1}%)\t{2}\t{3}", + event_cnt, + (rate * 1000.0).round() / 10.0, + event_id, + &CONFIG + .read() + .unwrap() + .event_timeline_config + .get_event_id(*event_id) + .unwrap() + .evttitle, + )); + } else { + // 出力メッセージ1行作成 + msges.push(format!( + "{0} ({1:.1}%)\t{2}\t{3}", + event_cnt, + (rate * 1000.0).round() / 10.0, + event_id, + "Unknown", + )); } } + msges.push("---------------------------------------".to_string()); msges } From ac5ac7fe1a0f8e9eb052f4f4ebc0857b808cfe13 Mon Sep 17 00:00:00 2001 From: DustInDark Date: Tue, 7 Jun 2022 19:48:47 +0900 Subject: [PATCH 08/11] fixed cargo clippy --- src/detections/pivot.rs | 2 +- src/detections/print.rs | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/detections/pivot.rs b/src/detections/pivot.rs index 391590c0..c732ddfa 100644 --- a/src/detections/pivot.rs +++ b/src/detections/pivot.rs @@ -57,7 +57,7 @@ pub fn insert_pivot_keyword(event_record: &Value) { } else { return; } - let mut pivots = PIVOT_KEYWORD.write().unwrap(); + let mut pivots = PIVOT_KEYWORD.write().unwrap().clone(); for (_, pivot) in pivots.iter_mut() { for field in &pivot.fields { if let Some(array_str) = configs::EVENTKEY_ALIAS.get_event_key(&String::from(field)) { diff --git a/src/detections/print.rs b/src/detections/print.rs index de607eec..0f83b02e 100644 --- a/src/detections/print.rs +++ b/src/detections/print.rs @@ -252,7 +252,7 @@ impl AlertMessage { .as_bytes(), ) .ok(); - let error_logs = ERROR_LOG_STACK.lock().unwrap(); + let error_logs = ERROR_LOG_STACK.lock().unwrap().clone(); for error_log in error_logs.iter() { writeln!(error_log_writer, "{}", error_log).ok(); } From f273ffd74d871bedf6a0f701ca616a382bd77335 Mon Sep 17 00:00:00 2001 From: DustInDark Date: Tue, 7 Jun 2022 20:00:04 +0900 Subject: [PATCH 09/11] fixed cargo clippy error --- src/detections/pivot.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/detections/pivot.rs b/src/detections/pivot.rs index c732ddfa..845ded27 100644 --- a/src/detections/pivot.rs +++ b/src/detections/pivot.rs @@ -7,7 +7,7 @@ use std::sync::RwLock; use crate::detections::configs; use crate::detections::utils::get_serde_number_to_string; -#[derive(Debug)] +#[derive(Debug, Clone)] pub struct PivotKeyword { pub keywords: HashSet, pub fields: HashSet, From c8d2ab1d4c2b4f4bffc537cb0f0c4e424c306378 Mon Sep 17 00:00:00 2001 From: DustInDark Date: Tue, 7 Jun 2022 20:16:28 +0900 Subject: [PATCH 10/11] fixed cargo clippy error --- src/main.rs | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/src/main.rs b/src/main.rs index cb18dec4..aae3f64b 100644 --- a/src/main.rs +++ b/src/main.rs @@ -152,7 +152,8 @@ impl App { } if let Some(csv_path) = configs::CONFIG.read().unwrap().args.value_of("output") { - for (key, _) in PIVOT_KEYWORD.read().unwrap().iter() { + let pivot_key_unions = PIVOT_KEYWORD.read().unwrap().clone(); + for (key, _) in pivot_key_unions.iter() { let keywords_file_name = csv_path.to_owned() + "-" + key + ".txt"; if Path::new(&keywords_file_name).exists() { AlertMessage::alert(&format!( @@ -320,14 +321,17 @@ impl App { //output to stdout let mut output = "Pivot keyword results saved to the following files:\n".to_string(); - for (key, _) in PIVOT_KEYWORD.read().unwrap().iter() { + let pivot_key_unions = PIVOT_KEYWORD.read().unwrap().clone(); + + for (key, _) in pivot_key_unions.iter() { output += &(pivot_file.to_owned() + "-" + key + ".txt" + "\n"); } write_color_buffer(BufferWriter::stdout(ColorChoice::Always), None, &output).ok(); } else { //標準出力の場合 let mut output = "The following pivot keywords were found:\n".to_string(); - for (key, pivot_keyword) in PIVOT_KEYWORD.read().unwrap().iter() { + let pivot_key_unions = PIVOT_KEYWORD.read().unwrap().clone(); + for (key, pivot_keyword) in pivot_key_unions.iter() { output += &format!("{}: ", key).to_string(); output += "( "; From 9362e81f53b158217d517f213add7d7f4fffc3f3 Mon Sep 17 00:00:00 2001 From: DustInDark Date: Tue, 7 Jun 2022 20:39:08 +0900 Subject: [PATCH 11/11] fixed cargo clippy error --- src/detections/pivot.rs | 6 +++--- src/main.rs | 4 ++-- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/src/detections/pivot.rs b/src/detections/pivot.rs index 845ded27..2f83c162 100644 --- a/src/detections/pivot.rs +++ b/src/detections/pivot.rs @@ -57,8 +57,8 @@ pub fn insert_pivot_keyword(event_record: &Value) { } else { return; } - let mut pivots = PIVOT_KEYWORD.write().unwrap().clone(); - for (_, pivot) in pivots.iter_mut() { + let mut pivots = PIVOT_KEYWORD.write().unwrap(); + pivots.iter_mut().into_iter().for_each(|(_, pivot)| { for field in &pivot.fields { if let Some(array_str) = configs::EVENTKEY_ALIAS.get_event_key(&String::from(field)) { let split: Vec<&str> = array_str.split('.').collect(); @@ -82,7 +82,7 @@ pub fn insert_pivot_keyword(event_record: &Value) { } } } - } + }); } #[cfg(test)] diff --git a/src/main.rs b/src/main.rs index aae3f64b..78b05eb1 100644 --- a/src/main.rs +++ b/src/main.rs @@ -297,7 +297,8 @@ impl App { if *PIVOT_KEYWORD_LIST_FLAG { //ファイル出力の場合 if let Some(pivot_file) = configs::CONFIG.read().unwrap().args.value_of("output") { - for (key, pivot_keyword) in PIVOT_KEYWORD.read().unwrap().iter() { + let pivot_key_unions = PIVOT_KEYWORD.read().unwrap().clone(); + for (key, pivot_keyword) in pivot_key_unions.iter() { let mut f = BufWriter::new( fs::File::create(pivot_file.to_owned() + "-" + key + ".txt").unwrap(), ); @@ -321,7 +322,6 @@ impl App { //output to stdout let mut output = "Pivot keyword results saved to the following files:\n".to_string(); - let pivot_key_unions = PIVOT_KEYWORD.read().unwrap().clone(); for (key, _) in pivot_key_unions.iter() { output += &(pivot_file.to_owned() + "-" + key + ".txt" + "\n");