CSEC_PUBLIC/hayabusa
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

cargo fmt

Browse Source
This commit is contained in:
DastInDark
2022-07-18 00:15:10 +09:00
parent ad2beac49a
commit ea63251a4b
2 changed files with 32 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
src/detections/detection.rs
View File

@@ -1,7 +1,7 @@
extern crate csv;
use crate::detections::configs;
use crate::detections::utils::{write_color_buffer, get_output_str_path};
use crate::detections::utils::{get_output_str_path, write_color_buffer};
use termcolor::{BufferWriter, Color, ColorChoice};
use crate::detections::message::AlertMessage;
@@ -255,7 +255,11 @@ impl Detection {
None
};
let conf = configs::CONFIG.read().unwrap();
let abs_rule_path = &PathBuf::from(&rule.rulepath).canonicalize().unwrap().display().to_string()[4..];
let abs_rule_path = &PathBuf::from(&rule.rulepath)
.canonicalize()
.unwrap()
.display()
.to_string()[4..];
let file_opt_path = if conf.args.filepath.is_some() {
conf.args.filepath.as_ref().unwrap()
} else {
@@ -263,7 +267,10 @@ impl Detection {
};
let detect_info = DetectInfo {
filepath: get_output_str_path(file_opt_path, Path::new(&record_info.evtx_filepath)),
rulepath: get_output_str_path(&configs::CONFIG.read().unwrap().args.rules, Path::new(abs_rule_path)),
rulepath: get_output_str_path(
&configs::CONFIG.read().unwrap().args.rules,
Path::new(abs_rule_path),
),
level: rule.yaml["level"].as_str().unwrap_or("-").to_string(),
computername: record_info.record["Event"]["System"]["Computer"]
.to_string()
@@ -307,11 +314,18 @@ impl Detection {
None
};
// canonicalizeを行った際に、windows環境で\\?\が必ず文字列として入ってしまう問題があったため先頭の4文字を除外している
let abs_rule_path = &PathBuf::from(&rule.rulepath).canonicalize().unwrap().display().to_string()[4..];
let abs_rule_path = &PathBuf::from(&rule.rulepath)
.canonicalize()
.unwrap()
.display()
.to_string()[4..];
let detect_info = DetectInfo {
filepath: "-".to_owned(),
rulepath: get_output_str_path(&configs::CONFIG.read().unwrap().args.rules, Path::new(abs_rule_path)),
rulepath: get_output_str_path(
&configs::CONFIG.read().unwrap().args.rules,
Path::new(abs_rule_path),
),
level: rule.yaml["level"].as_str().unwrap_or("").to_owned(),
computername: "-".to_owned(),
eventid: "-".to_owned(),

17
src/detections/utils.rs
View File

@@ -31,7 +31,8 @@ use termcolor::{BufferWriter, ColorSpec, WriteColor};
use super::detection::EvtxRecordInfo;
lazy_static! {
pub static ref OUTPUT_OMIT_REGEX:Regex = Regex::new(r"\.\./|\./|\.\.\\\\|\.\\|\.\.\\").unwrap();
pub static ref OUTPUT_OMIT_REGEX: Regex =
Regex::new(r"\.\./|\./|\.\.\\\\|\.\\|\.\.\\").unwrap();
}
pub fn concat_selection_key(key_list: &[String]) -> String {
@@ -400,10 +401,14 @@ pub fn get_output_str_path(option_path: &Path, target_path: &Path) -> String {
target_path.to_str().unwrap().to_string()
} else {
let diff_path_result = diff_paths(target_path, &env::current_dir().unwrap());
if let Some(diff_path) = diff_path_result {
OUTPUT_OMIT_REGEX.replace_all(diff_path.to_str().unwrap(), "").to_string()
if let Some(diff_path) = diff_path_result {
OUTPUT_OMIT_REGEX
.replace_all(diff_path.to_str().unwrap(), "")
.to_string()
} else {
OUTPUT_OMIT_REGEX.replace_all(target_path.to_str().unwrap(), "").to_string()
OUTPUT_OMIT_REGEX
.replace_all(target_path.to_str().unwrap(), "")
.to_string()
}
}
}
@@ -412,7 +417,9 @@ pub fn get_output_str_path(option_path: &Path, target_path: &Path) -> String {
mod tests {
use std::path::Path;
use crate::detections::utils::{self, check_setting_path, make_ascii_titlecase, get_output_str_path};
use crate::detections::utils::{
self, check_setting_path, get_output_str_path, make_ascii_titlecase,
};
use regex::Regex;
use serde_json::Value;