From e411dda696985027d34365c706ffb96a7a9e1f28 Mon Sep 17 00:00:00 2001 From: DastInDark <2350416+hitenkoku@users.noreply.github.com> Date: Wed, 28 Sep 2022 01:14:41 +0900 Subject: [PATCH 1/5] merged use --- src/afterfact.rs | 16 +++++----------- src/detections/configs.rs | 3 +-- src/detections/detection.rs | 11 +++-------- src/detections/message.rs | 13 ++++--------- src/detections/utils.rs | 11 +++++------ src/filter.rs | 4 +--- src/main.rs | 5 +++-- src/options/htmlreport.rs | 12 +++++++----- src/options/update.rs | 4 +--- 9 files changed, 30 insertions(+), 49 deletions(-) diff --git a/src/afterfact.rs b/src/afterfact.rs index 7e57103a..13dc42b7 100644 --- a/src/afterfact.rs +++ b/src/afterfact.rs @@ -1,9 +1,6 @@ -use crate::detections::configs; -use crate::detections::configs::{CURRENT_EXE_PATH, TERM_SIZE}; -use crate::detections::message::{self, LEVEL_ABBR}; -use crate::detections::message::{AlertMessage, LEVEL_FULL}; -use crate::detections::utils::{self, format_time}; -use crate::detections::utils::{get_writable_color, write_color_buffer}; +use crate::detections::configs::{self, CURRENT_EXE_PATH, TERM_SIZE}; +use crate::detections::message::{self, AlertMessage, LEVEL_ABBR, LEVEL_FULL}; +use crate::detections::utils::{self, format_time, get_writable_color, write_color_buffer}; use crate::options::htmlreport; use crate::options::profile::PROFILES; use bytesize::ByteSize; @@ -25,12 +22,9 @@ use num_format::{Locale, ToFormattedString}; use std::cmp::min; use std::error::Error; -use std::fs::File; -use std::io; -use std::io::BufWriter; -use std::io::Write; +use std::io::{self, BufWriter, Write}; -use std::fs; +use std::fs::{self, File}; use std::process; use termcolor::{BufferWriter, Color, ColorChoice, ColorSpec, WriteColor}; use terminal_size::Width; diff --git a/src/detections/configs.rs b/src/detections/configs.rs index 662d1b04..5a29b104 100644 --- a/src/detections/configs.rs +++ b/src/detections/configs.rs @@ -1,6 +1,5 @@ use crate::detections::message::AlertMessage; -use crate::detections::pivot::PivotKeyword; -use crate::detections::pivot::PIVOT_KEYWORD; +use crate::detections::pivot::{PivotKeyword, PIVOT_KEYWORD}; use crate::detections::utils; use chrono::{DateTime, Utc}; use clap::{App, CommandFactory, Parser}; diff --git a/src/detections/detection.rs b/src/detections/detection.rs index 43581a7c..42f7d727 100644 --- a/src/detections/detection.rs +++ b/src/detections/detection.rs @@ -9,17 +9,12 @@ use chrono::{TimeZone, Utc}; use itertools::Itertools; use termcolor::{BufferWriter, Color, ColorChoice}; -use crate::detections::message::AlertMessage; -use crate::detections::message::DetectInfo; -use crate::detections::message::ERROR_LOG_STACK; -use crate::detections::message::{CH_CONFIG, DEFAULT_DETAILS, TAGS_CONFIG}; use crate::detections::message::{ - LOGONSUMMARY_FLAG, METRICS_FLAG, PIVOT_KEYWORD_LIST_FLAG, QUIET_ERRORS_FLAG, + AlertMessage, DetectInfo, CH_CONFIG, DEFAULT_DETAILS, ERROR_LOG_STACK, LOGONSUMMARY_FLAG, + METRICS_FLAG, PIVOT_KEYWORD_LIST_FLAG, QUIET_ERRORS_FLAG, TAGS_CONFIG, }; use crate::detections::pivot::insert_pivot_keyword; -use crate::detections::rule; -use crate::detections::rule::AggResult; -use crate::detections::rule::RuleNode; +use crate::detections::rule::{self, AggResult, RuleNode}; use crate::detections::utils::{get_serde_number_to_string, make_ascii_titlecase}; use crate::filter; use crate::options::htmlreport::{self}; diff --git a/src/detections/message.rs b/src/detections/message.rs index 9f46e0bf..d5e90603 100644 --- a/src/detections/message.rs +++ b/src/detections/message.rs @@ -1,9 +1,6 @@ extern crate lazy_static; -use crate::detections::configs; -use crate::detections::configs::CURRENT_EXE_PATH; -use crate::detections::utils; -use crate::detections::utils::get_serde_number_to_string; -use crate::detections::utils::write_color_buffer; +use crate::detections::configs::{self, CURRENT_EXE_PATH}; +use crate::detections::utils::{self, get_serde_number_to_string, write_color_buffer}; use crate::options::profile::PROFILES; use chrono::{DateTime, Local, Utc}; use dashmap::DashMap; @@ -13,10 +10,8 @@ use linked_hash_map::LinkedHashMap; use regex::Regex; use serde_json::Value; use std::env; -use std::fs::create_dir; -use std::fs::File; -use std::io::BufWriter; -use std::io::{self, Write}; +use std::fs::{create_dir, File}; +use std::io::{self, BufWriter, Write}; use std::path::Path; use std::sync::Mutex; use termcolor::{BufferWriter, ColorChoice}; diff --git a/src/detections/utils.rs b/src/detections/utils.rs index 259dc32b..2e4dd4f6 100644 --- a/src/detections/utils.rs +++ b/src/detections/utils.rs @@ -2,17 +2,15 @@ extern crate base64; extern crate csv; extern crate regex; -use crate::detections::configs; -use crate::detections::configs::CURRENT_EXE_PATH; +use crate::detections::configs::{self, CURRENT_EXE_PATH}; + use hashbrown::HashMap; -use std::path::Path; -use std::path::PathBuf; +use std::path::{Path, PathBuf}; use chrono::Local; use termcolor::Color; -use tokio::runtime::Builder; -use tokio::runtime::Runtime; +use tokio::runtime::{Builder, Runtime}; use chrono::{DateTime, TimeZone, Utc}; use regex::Regex; @@ -28,6 +26,7 @@ use std::vec; use termcolor::{BufferWriter, ColorSpec, WriteColor}; use super::detection::EvtxRecordInfo; +use super::message::AlertMessage; pub fn concat_selection_key(key_list: &[String]) -> String { return key_list diff --git a/src/filter.rs b/src/filter.rs index c78b7880..d5c6d3c5 100644 --- a/src/filter.rs +++ b/src/filter.rs @@ -1,7 +1,5 @@ use crate::detections::configs; -use crate::detections::message::AlertMessage; -use crate::detections::message::ERROR_LOG_STACK; -use crate::detections::message::QUIET_ERRORS_FLAG; +use crate::detections::message::{AlertMessage, ERROR_LOG_STACK, QUIET_ERRORS_FLAG}; use hashbrown::HashMap; use regex::Regex; use std::fs::File; diff --git a/src/main.rs b/src/main.rs index d20fc8fe..280770ce 100644 --- a/src/main.rs +++ b/src/main.rs @@ -7,8 +7,9 @@ use bytesize::ByteSize; use chrono::{DateTime, Datelike, Local}; use evtx::{EvtxParser, ParserSettings}; use hashbrown::{HashMap, HashSet}; -use hayabusa::detections::configs::{load_pivot_keywords, TargetEventTime, TARGET_EXTENSIONS}; -use hayabusa::detections::configs::{CONFIG, CURRENT_EXE_PATH}; +use hayabusa::detections::configs::{ + load_pivot_keywords, TargetEventTime, CONFIG, CURRENT_EXE_PATH, TARGET_EXTENSIONS, +}; use hayabusa::detections::detection::{self, EvtxRecordInfo}; use hayabusa::detections::message::{ AlertMessage, ERROR_LOG_PATH, ERROR_LOG_STACK, LOGONSUMMARY_FLAG, METRICS_FLAG, diff --git a/src/options/htmlreport.rs b/src/options/htmlreport.rs index 89826a1e..372a7b36 100644 --- a/src/options/htmlreport.rs +++ b/src/options/htmlreport.rs @@ -3,10 +3,8 @@ use horrorshow::helper::doctype; use horrorshow::prelude::*; use lazy_static::lazy_static; use pulldown_cmark::{html, Options, Parser}; -use std::fs::create_dir; -use std::fs::File; -use std::io::BufWriter; -use std::io::Write; +use std::fs::{create_dir, File}; +use std::io::{BufWriter, Write}; use std::path::Path; use std::sync::RwLock; @@ -105,7 +103,11 @@ pub fn create_html_file(input_html: String, path_str: String) { link(rel="stylesheet", type="text/css", href="./hayabusa_report.css"); link(rel="icon", type="image/png", href="./favicon.png"); } - body : Raw(input_html.clone().as_str()) + body { + img(id="logo", src = "./logo.png"); + : Raw(input_html.clone().as_str()); + } + } } ); diff --git a/src/options/update.rs b/src/options/update.rs index 0fa81367..8f896512 100644 --- a/src/options/update.rs +++ b/src/options/update.rs @@ -5,7 +5,7 @@ use crate::yaml::ParseYaml; use chrono::{DateTime, Local, TimeZone}; use git2::Repository; use serde_json::Value; -use std::fs::{self}; +use std::fs::{self, create_dir}; use std::path::Path; use hashbrown::{HashMap, HashSet}; @@ -13,8 +13,6 @@ use std::cmp::Ordering; use std::time::SystemTime; -use std::fs::create_dir; - use termcolor::{BufferWriter, ColorChoice}; pub struct Update {} From fde482696ae50c8f121d852c7eed3269faceaf9f Mon Sep 17 00:00:00 2001 From: DastInDark <2350416+hitenkoku@users.noreply.github.com> Date: Wed, 28 Sep 2022 01:15:59 +0900 Subject: [PATCH 2/5] merged use --- src/detections/detection.rs | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/src/detections/detection.rs b/src/detections/detection.rs index 42f7d727..d6264d01 100644 --- a/src/detections/detection.rs +++ b/src/detections/detection.rs @@ -27,8 +27,7 @@ use std::path::Path; use std::sync::Arc; use tokio::{runtime::Runtime, spawn, task::JoinHandle}; -use super::message; -use super::message::LEVEL_ABBR; +use super::message::{self, LEVEL_ABBR}; // イベントファイルの1レコード分の情報を保持する構造体 #[derive(Clone, Debug)] From 4244157809fc18698553a50177100226f908b80a Mon Sep 17 00:00:00 2001 From: DastInDark <2350416+hitenkoku@users.noreply.github.com> Date: Wed, 28 Sep 2022 01:22:53 +0900 Subject: [PATCH 3/5] refactoring output option file already exists #713 --- src/detections/utils.rs | 9 +++++++++ src/main.rs | 32 +++++++++++++++++--------------- 2 files changed, 26 insertions(+), 15 deletions(-) diff --git a/src/detections/utils.rs b/src/detections/utils.rs index 2e4dd4f6..c938775d 100644 --- a/src/detections/utils.rs +++ b/src/detections/utils.rs @@ -480,6 +480,15 @@ where } } +/// Check file path exist. If path is existed, output alert message. +pub fn check_file_expect_not_exist(path: &Path, exist_alert_str: String) -> bool { + let ret = path.exists(); + if ret { + AlertMessage::alert(&exist_alert_str).ok(); + } + ret +} + #[cfg(test)] mod tests { use std::path::Path; diff --git a/src/main.rs b/src/main.rs index 280770ce..b08f2659 100644 --- a/src/main.rs +++ b/src/main.rs @@ -219,20 +219,21 @@ impl App { pivot_key_unions.iter().for_each(|(key, _)| { let keywords_file_name = csv_path.as_path().display().to_string() + "-" + key + ".txt"; - if Path::new(&keywords_file_name).exists() { - AlertMessage::alert(&format!( + utils::check_file_expect_not_exist( + Path::new(&keywords_file_name), + format!( " The file {} already exists. Please specify a different filename.", &keywords_file_name - )) - .ok(); - } + ), + ); }); - if csv_path.exists() { - AlertMessage::alert(&format!( + if utils::check_file_expect_not_exist( + csv_path, + format!( " The file {} already exists. Please specify a different filename.", csv_path.as_os_str().to_str().unwrap() - )) - .ok(); + ), + ) { return; } } @@ -263,14 +264,15 @@ impl App { println!(); } - if let Some(path) = &configs::CONFIG.read().unwrap().args.html_report { + if let Some(html_path) = &configs::CONFIG.read().unwrap().args.html_report { // if already exists same html report file. output alert message and exit - if path.exists() { - AlertMessage::alert(&format!( + if utils::check_file_expect_not_exist( + html_path.as_path(), + format!( " The file {} already exists. Please specify a different filename.", - path.to_str().unwrap() - )) - .ok(); + html_path.to_str().unwrap() + ), + ) { return; } } From 552e3baec5e5ad991b1e3dad8ef82b3d949cd393 Mon Sep 17 00:00:00 2001 From: DastInDark <2350416+hitenkoku@users.noreply.github.com> Date: Wed, 28 Sep 2022 01:30:17 +0900 Subject: [PATCH 4/5] updated changelog #714 --- CHANGELOG-Japanese.md | 1 + CHANGELOG.md | 1 + 2 files changed, 2 insertions(+) diff --git a/CHANGELOG-Japanese.md b/CHANGELOG-Japanese.md index 2c89d72b..80dd57d2 100644 --- a/CHANGELOG-Japanese.md +++ b/CHANGELOG-Japanese.md @@ -10,6 +10,7 @@ - EventID解析のオプションをmetricsオプションに変更した。(旧: -s -> 新: -M) (#706) (@hitenkoku) - ルール更新オプション(`-u`)を利用したときにHayabusaの新バージョンがないかを確認し、表示するようにした。 (#710) (@hitenkoku) +- HTMLレポート内にロゴを追加した。 (#714) (@hitenkoku) **バグ修正:** diff --git a/CHANGELOG.md b/CHANGELOG.md index b7de01be..7bf7b4d9 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -11,6 +11,7 @@ - Changed Event ID Statistics option to Event ID Metrics option. (`-s, --statistics` -> `-M, --metrics`) (#706) (@hitenkoku) (Note: `statistics_event_info.txt` was changed to `event_id_info.txt`.) - Added display new version of Hayabusa when updating. (#710) (@hitenkoku) +- Added logo in HTML summary output. (#714) (@hitenkoku) **Bug Fixes:** From 3c898a5e0f012884205911a41cf29a18a4def788 Mon Sep 17 00:00:00 2001 From: Yamato Security <71482215+YamatoSecurity@users.noreply.github.com> Date: Wed, 28 Sep 2022 08:50:00 +0900 Subject: [PATCH 5/5] update changelog --- CHANGELOG-Japanese.md | 8 +++----- CHANGELOG.md | 8 +++----- 2 files changed, 6 insertions(+), 10 deletions(-) diff --git a/CHANGELOG-Japanese.md b/CHANGELOG-Japanese.md index 80dd57d2..2e59ede0 100644 --- a/CHANGELOG-Japanese.md +++ b/CHANGELOG-Japanese.md @@ -1,19 +1,17 @@ # 変更点 -## 1.7.0 [2022/XX/XX] +## 1.7.0 [2022/09/29] **新機能:** -- HTMLレポート機能の追加。 (#689) (@hitenkoku) +- HTMLレポート機能 (`-H, --html-report`)の追加。 (#689) (@hitenkoku) **改善:** -- EventID解析のオプションをmetricsオプションに変更した。(旧: -s -> 新: -M) (#706) (@hitenkoku) +- EventID解析のオプションをmetricsオプションに変更した。(旧: `-s, --statistics` -> 新: `-M, --metrics`) (#706) (@hitenkoku) - ルール更新オプション(`-u`)を利用したときにHayabusaの新バージョンがないかを確認し、表示するようにした。 (#710) (@hitenkoku) - HTMLレポート内にロゴを追加した。 (#714) (@hitenkoku) -**バグ修正:** - ## v1.6.0 [2022/09/16] **新機能:** diff --git a/CHANGELOG.md b/CHANGELOG.md index 7bf7b4d9..dd6703b3 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,20 +1,18 @@ # Changes -## 1.7.0 [2022/XX/XX] +## 1.7.0 [2022/09/29] **New Features:** -- Added html summary output. (``-H, --html-report` option) (#689) (@hitenkoku) +- Added html summary output. (`-H, --html-report` option) (#689) (@hitenkoku) **Enhancements:** - Changed Event ID Statistics option to Event ID Metrics option. (`-s, --statistics` -> `-M, --metrics`) (#706) (@hitenkoku) (Note: `statistics_event_info.txt` was changed to `event_id_info.txt`.) -- Added display new version of Hayabusa when updating. (#710) (@hitenkoku) +- Display new version of Hayabusa link when updating if there is a newer version. (#710) (@hitenkoku) - Added logo in HTML summary output. (#714) (@hitenkoku) -**Bug Fixes:** - ## v1.6.0 [2022/09/16] **New Features:**