CSEC_PUBLIC/hayabusa
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #715 from Yamato-Security/714-add-logopng-in-html-report

Browse Source 
Added logo,png in html report and Refactoring
This commit is contained in:
Yamato Security
2022-09-28 09:05:54 +09:00
committed by GitHub
parent 3ceef8fe8f 3c898a5e0f
commit d22d8ea603
11 changed files with 65 additions and 76 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
CHANGELOG-Japanese.md
View File

@@ -1,17 +1,16 @@
# 変更点
## 1.7.0 [2022/XX/XX]
## 1.7.0 [2022/09/29]
**新機能:**
- HTMLレポート機能の追加。 (#689) (@hitenkoku)
- HTMLレポート機能 (`-H, --html-report`)の追加。 (#689) (@hitenkoku)
**改善:**
- EventID解析のオプションをmetricsオプションに変更した。(旧: -s -> 新: -M) (#706) (@hitenkoku)
- EventID解析のオプションをmetricsオプションに変更した。(旧: `-s, --statistics` -> 新: `-M, --metrics`) (#706) (@hitenkoku)
- ルール更新オプション(`-u`)を利用したときにHayabusaの新バージョンがないかを確認し、表示するようにした。 (#710) (@hitenkoku)
**バグ修正:**
- HTMLレポート内にロゴを追加した。 (#714) (@hitenkoku)
## v1.6.0 [2022/09/16]

9
CHANGELOG.md
View File

@@ -1,18 +1,17 @@
# Changes
## 1.7.0 [2022/XX/XX]
## 1.7.0 [2022/09/29]
**New Features:**
- Added html summary output. (``-H, --html-report` option) (#689) (@hitenkoku)
- Added html summary output. (`-H, --html-report` option) (#689) (@hitenkoku)
**Enhancements:**
- Changed Event ID Statistics option to Event ID Metrics option. (`-s, --statistics` -> `-M, --metrics`) (#706) (@hitenkoku)
(Note: `statistics_event_info.txt` was changed to `event_id_info.txt`.)
- Added display new version of Hayabusa when updating. (#710) (@hitenkoku)
**Bug Fixes:**
- Display new version of Hayabusa link when updating if there is a newer version. (#710) (@hitenkoku)
- Added logo in HTML summary output. (#714) (@hitenkoku)
## v1.6.0 [2022/09/16]

16
src/afterfact.rs
View File

@@ -1,9 +1,6 @@
use crate::detections::configs;
use crate::detections::configs::{CURRENT_EXE_PATH, TERM_SIZE};
use crate::detections::message::{self, LEVEL_ABBR};
use crate::detections::message::{AlertMessage, LEVEL_FULL};
use crate::detections::utils::{self, format_time};
use crate::detections::utils::{get_writable_color, write_color_buffer};
use crate::detections::configs::{self, CURRENT_EXE_PATH, TERM_SIZE};
use crate::detections::message::{self, AlertMessage, LEVEL_ABBR, LEVEL_FULL};
use crate::detections::utils::{self, format_time, get_writable_color, write_color_buffer};
use crate::options::htmlreport;
use crate::options::profile::PROFILES;
use bytesize::ByteSize;
@@ -25,12 +22,9 @@ use num_format::{Locale, ToFormattedString};
use std::cmp::min;
use std::error::Error;
use std::fs::File;
use std::io;
use std::io::BufWriter;
use std::io::Write;
use std::io::{self, BufWriter, Write};
use std::fs;
use std::fs::{self, File};
use std::process;
use termcolor::{BufferWriter, Color, ColorChoice, ColorSpec, WriteColor};
use terminal_size::Width;

3
src/detections/configs.rs
View File

@@ -1,6 +1,5 @@
use crate::detections::message::AlertMessage;
use crate::detections::pivot::PivotKeyword;
use crate::detections::pivot::PIVOT_KEYWORD;
use crate::detections::pivot::{PivotKeyword, PIVOT_KEYWORD};
use crate::detections::utils;
use chrono::{DateTime, Utc};
use clap::{App, CommandFactory, Parser};

14
src/detections/detection.rs
View File

@@ -9,17 +9,12 @@ use chrono::{TimeZone, Utc};
use itertools::Itertools;
use termcolor::{BufferWriter, Color, ColorChoice};
use crate::detections::message::AlertMessage;
use crate::detections::message::DetectInfo;
use crate::detections::message::ERROR_LOG_STACK;
use crate::detections::message::{CH_CONFIG, DEFAULT_DETAILS, TAGS_CONFIG};
use crate::detections::message::{
LOGONSUMMARY_FLAG, METRICS_FLAG, PIVOT_KEYWORD_LIST_FLAG, QUIET_ERRORS_FLAG,
AlertMessage, DetectInfo, CH_CONFIG, DEFAULT_DETAILS, ERROR_LOG_STACK, LOGONSUMMARY_FLAG,
METRICS_FLAG, PIVOT_KEYWORD_LIST_FLAG, QUIET_ERRORS_FLAG, TAGS_CONFIG,
};
use crate::detections::pivot::insert_pivot_keyword;
use crate::detections::rule;
use crate::detections::rule::AggResult;
use crate::detections::rule::RuleNode;
use crate::detections::rule::{self, AggResult, RuleNode};
use crate::detections::utils::{get_serde_number_to_string, make_ascii_titlecase};
use crate::filter;
use crate::options::htmlreport::{self};
@@ -32,8 +27,7 @@ use std::path::Path;
use std::sync::Arc;
use tokio::{runtime::Runtime, spawn, task::JoinHandle};
use super::message;
use super::message::LEVEL_ABBR;
use super::message::{self, LEVEL_ABBR};
// イベントファイルの1レコード分の情報を保持する構造体
#[derive(Clone, Debug)]

13
src/detections/message.rs
View File

@@ -1,9 +1,6 @@
extern crate lazy_static;
use crate::detections::configs;
use crate::detections::configs::CURRENT_EXE_PATH;
use crate::detections::utils;
use crate::detections::utils::get_serde_number_to_string;
use crate::detections::utils::write_color_buffer;
use crate::detections::configs::{self, CURRENT_EXE_PATH};
use crate::detections::utils::{self, get_serde_number_to_string, write_color_buffer};
use crate::options::profile::PROFILES;
use chrono::{DateTime, Local, Utc};
use dashmap::DashMap;
@@ -13,10 +10,8 @@ use linked_hash_map::LinkedHashMap;
use regex::Regex;
use serde_json::Value;
use std::env;
use std::fs::create_dir;
use std::fs::File;
use std::io::BufWriter;
use std::io::{self, Write};
use std::fs::{create_dir, File};
use std::io::{self, BufWriter, Write};
use std::path::Path;
use std::sync::Mutex;
use termcolor::{BufferWriter, ColorChoice};

20
src/detections/utils.rs
View File

@@ -2,17 +2,15 @@ extern crate base64;
extern crate csv;
extern crate regex;
use crate::detections::configs;
use crate::detections::configs::CURRENT_EXE_PATH;
use crate::detections::configs::{self, CURRENT_EXE_PATH};
use hashbrown::HashMap;
use std::path::Path;
use std::path::PathBuf;
use std::path::{Path, PathBuf};
use chrono::Local;
use termcolor::Color;
use tokio::runtime::Builder;
use tokio::runtime::Runtime;
use tokio::runtime::{Builder, Runtime};
use chrono::{DateTime, TimeZone, Utc};
use regex::Regex;
@@ -28,6 +26,7 @@ use std::vec;
use termcolor::{BufferWriter, ColorSpec, WriteColor};
use super::detection::EvtxRecordInfo;
use super::message::AlertMessage;
pub fn concat_selection_key(key_list: &[String]) -> String {
return key_list
@@ -481,6 +480,15 @@ where
}
}
/// Check file path exist. If path is existed, output alert message.
pub fn check_file_expect_not_exist(path: &Path, exist_alert_str: String) -> bool {
let ret = path.exists();
if ret {
AlertMessage::alert(&exist_alert_str).ok();
}
ret
}
#[cfg(test)]
mod tests {
use std::path::Path;

4
src/filter.rs
View File

@@ -1,7 +1,5 @@
use crate::detections::configs;
use crate::detections::message::AlertMessage;
use crate::detections::message::ERROR_LOG_STACK;
use crate::detections::message::QUIET_ERRORS_FLAG;
use crate::detections::message::{AlertMessage, ERROR_LOG_STACK, QUIET_ERRORS_FLAG};
use hashbrown::HashMap;
use regex::Regex;
use std::fs::File;

37
src/main.rs
View File

@@ -7,8 +7,9 @@ use bytesize::ByteSize;
use chrono::{DateTime, Datelike, Local};
use evtx::{EvtxParser, ParserSettings};
use hashbrown::{HashMap, HashSet};
use hayabusa::detections::configs::{load_pivot_keywords, TargetEventTime, TARGET_EXTENSIONS};
use hayabusa::detections::configs::{CONFIG, CURRENT_EXE_PATH};
use hayabusa::detections::configs::{
load_pivot_keywords, TargetEventTime, CONFIG, CURRENT_EXE_PATH, TARGET_EXTENSIONS,
};
use hayabusa::detections::detection::{self, EvtxRecordInfo};
use hayabusa::detections::message::{
AlertMessage, ERROR_LOG_PATH, ERROR_LOG_STACK, LOGONSUMMARY_FLAG, METRICS_FLAG,
@@ -218,20 +219,21 @@ impl App {
pivot_key_unions.iter().for_each(|(key, _)| {
let keywords_file_name =
csv_path.as_path().display().to_string() + "-" + key + ".txt";
if Path::new(&keywords_file_name).exists() {
AlertMessage::alert(&format!(
utils::check_file_expect_not_exist(
Path::new(&keywords_file_name),
format!(
" The file {} already exists. Please specify a different filename.",
&keywords_file_name
))
.ok();
}
),
);
});
if csv_path.exists() {
AlertMessage::alert(&format!(
if utils::check_file_expect_not_exist(
csv_path,
format!(
" The file {} already exists. Please specify a different filename.",
csv_path.as_os_str().to_str().unwrap()
))
.ok();
),
) {
return;
}
}
@@ -262,14 +264,15 @@ impl App {
println!();
}
if let Some(path) = &configs::CONFIG.read().unwrap().args.html_report {
if let Some(html_path) = &configs::CONFIG.read().unwrap().args.html_report {
// if already exists same html report file. output alert message and exit
if path.exists() {
AlertMessage::alert(&format!(
if utils::check_file_expect_not_exist(
html_path.as_path(),
format!(
" The file {} already exists. Please specify a different filename.",
path.to_str().unwrap()
))
.ok();
html_path.to_str().unwrap()
),
) {
return;
}
}

12
src/options/htmlreport.rs
View File

@@ -3,10 +3,8 @@ use horrorshow::helper::doctype;
use horrorshow::prelude::*;
use lazy_static::lazy_static;
use pulldown_cmark::{html, Options, Parser};
use std::fs::create_dir;
use std::fs::File;
use std::io::BufWriter;
use std::io::Write;
use std::fs::{create_dir, File};
use std::io::{BufWriter, Write};
use std::path::Path;
use std::sync::RwLock;
@@ -105,7 +103,11 @@ pub fn create_html_file(input_html: String, path_str: String) {
link(rel="stylesheet", type="text/css", href="./hayabusa_report.css");
link(rel="icon", type="image/png", href="./favicon.png");
}
body : Raw(input_html.clone().as_str())
body {
img(id="logo", src = "./logo.png");
: Raw(input_html.clone().as_str());
}
}
}
);

4
src/options/update.rs
View File

@@ -5,7 +5,7 @@ use crate::yaml::ParseYaml;
use chrono::{DateTime, Local, TimeZone};
use git2::Repository;
use serde_json::Value;
use std::fs::{self};
use std::fs::{self, create_dir};
use std::path::Path;
use hashbrown::{HashMap, HashSet};
@@ -13,8 +13,6 @@ use std::cmp::Ordering;
use std::time::SystemTime;
use std::fs::create_dir;
use termcolor::{BufferWriter, ColorChoice};
pub struct Update {}