regex rule implemented

src/detections/detection.rs

@@ -1,9 +1,9 @@
-extern crate csv;
 extern crate chrono;
+extern crate csv;
 
+use crate::detections::print::Message;
 use crate::detections::rule;
 use crate::detections::rule::RuleNode;
-use crate::detections::print::{Message};
 use crate::yaml::ParseYaml;
 
 use chrono::{TimeZone, Utc};
@@ -13,18 +13,15 @@ use serde_json::{Error, Value};
 const DIRPATH_RULES: &str = "rules";
 
 #[derive(Debug)]
-pub struct Detection {
-    
-}
+pub struct Detection {}
 
 impl Detection {
     pub fn new() -> Detection {
-        Detection {
-        }
+        Detection {}
     }
 
     pub fn start(&mut self, mut parser: EvtxParser<std::fs::File>) {
-        // from .etvx to json
+        // serialize from .etvx to jsons
         let event_records: Vec<Value> = parser
             .records_json()
             .filter_map(|result_record| {
@@ -44,10 +41,6 @@ impl Detection {
             })
             .collect();
 
-        event_records.iter().for_each(|event_rec| {
-            println!("{}", event_rec["Event"]);
-        });
-
         // load rule files
         let mut rulefile_loader = ParseYaml::new();
         let resutl_readdir = rulefile_loader.read_dir(DIRPATH_RULES);
@@ -57,19 +50,39 @@ impl Detection {
         }
 
         // parse rule files
-        let rules: Vec<RuleNode> = rulefile_loader
+        let selection_rules: Vec<RuleNode> = rulefile_loader
             .files
             .into_iter()
             .map(|rule_file| rule::parse_rule(rule_file))
+            .filter_map(|mut rule| {
+                return rule
+                    .init()
+                    .or_else(|err_msgs| {
+                        print!(
+                            "Failed to parse Rule file. See following detail. [rule file title:{}]",
+                            rule.yaml["title"].as_str().unwrap_or("")
+                        );
+                        err_msgs.iter().for_each(|err_msg| println!("{}", err_msg));
+                        println!("\n");
+                        return Result::Err(err_msgs);
+                    })
+                    .and_then(|_empty| Result::Ok(rule))
+                    .ok();
+            })
             .collect();
 
-        // selection rule files and collect log
+        // selection rule files and collect message
         let mut message = Message::new();
-        rules.iter().for_each(|rule| {
+        selection_rules.iter().for_each(|rule| {
             &event_records
                 .iter()
-                .filter(|event_record| rule.detection.select(event_record))
-                .for_each(|event_record| message.insert(Utc.ymd(1996, 2, 27).and_hms(1, 5, 1), event_record.to_string()));
+                .filter(|event_record| rule.select(event_record))
+                .for_each(|event_record| {
+                    message.insert(
+                        Utc.ymd(1996, 2, 27).and_hms(1, 5, 1),
+                        event_record.to_string(),
+                    )
+                });
         });
 
         // output message