From eadf576065edb127b7407cb825cb3b11759a0b89 Mon Sep 17 00:00:00 2001
From: itiB <is0312vx@ed.ritsumei.ac.jp>
Date: Thu, 19 Nov 2020 01:21:03 +0900
Subject: [PATCH] Add: afterfact.rs for emit csv file

---
 src/afterfact.rs        | 31 +++++++++++++++++++++++++++++++
 src/detections/print.rs |  4 ++++
 src/lib.rs              |  1 +
 src/main.rs             |  7 +++++++
 4 files changed, 43 insertions(+)
 create mode 100644 src/afterfact.rs

diff --git a/src/afterfact.rs b/src/afterfact.rs
new file mode 100644
index 00000000..076454e9
--- /dev/null
+++ b/src/afterfact.rs
@@ -0,0 +1,31 @@
+use crate::detections::configs;
+use crate::detections::print;
+use chrono::{DateTime, TimeZone, Utc};
+use serde::Serialize;
+use std::error::Error;
+
+#[derive(Debug, Serialize)]
+#[serde(rename_all = "PascalCase")]
+pub struct CsvFormat<'a> {
+    time: DateTime<Utc>,
+    message: &'a str,
+}
+
+pub fn after_fact() -> Result<(), Box<dyn Error>> {
+    if let Some(csv_path) = configs::singleton().args.value_of("csv-timeline") {
+        let mut wtr = csv::Writer::from_path(csv_path)?;
+        let messages = print::MESSAGES.lock().unwrap();
+
+        for (time, texts) in messages.iter() {
+            for text in texts {
+                wtr.serialize(CsvFormat {
+                    time: *time,
+                    message: text,
+                })?;
+            }
+        }
+        wtr.flush()?;
+    }
+
+    Ok(())
+}
diff --git a/src/detections/print.rs b/src/detections/print.rs
index 793737e4..fc1a4955 100644
--- a/src/detections/print.rs
+++ b/src/detections/print.rs
@@ -45,6 +45,10 @@ impl Message {
     pub fn debug(&self) {
         println!("{:?}", self.map);
     }
+
+    pub fn iter(&self) -> &BTreeMap<DateTime<Utc>, Vec<String>> {
+        &self.map
+    }
 }
 
 #[test]
diff --git a/src/lib.rs b/src/lib.rs
index d9abfe41..2f0bb054 100644
--- a/src/lib.rs
+++ b/src/lib.rs
@@ -1,3 +1,4 @@
+pub mod afterfact;
 pub mod detections;
 pub mod models;
 pub mod omikuji;
diff --git a/src/main.rs b/src/main.rs
index c2e44c76..50fd0e2e 100644
--- a/src/main.rs
+++ b/src/main.rs
@@ -1,8 +1,11 @@
 extern crate serde;
+#[macro_use]
+extern crate serde_derive;
 
 use evtx::EvtxParser;
 use quick_xml::de::DeError;
 use std::{fs, path::PathBuf, process};
+use yamato_event_analyzer::afterfact::after_fact;
 use yamato_event_analyzer::detections::configs;
 use yamato_event_analyzer::detections::detection;
 use yamato_event_analyzer::omikuji::Omikuji;
@@ -17,6 +20,10 @@ fn main() -> Result<(), DeError> {
         parse_file(&filepath);
     }
 
+    if let Err(err) = after_fact() {
+        println!("{}", err);
+    }
+
     Ok(())
 }