Merge pull request #512 from Yamato-Security/511-move-level_tuning.txt

level_tuning.txtのパスを./rules/configに移動

src/detections/configs.rs

@@ -102,7 +102,7 @@ fn build_app<'a>() -> ArgMatches<'a> {
         .arg(
             // TODO: When update claps to 3.x, these can write in usage texts...
             Arg::from_usage("--level-tuning=[LEVEL_TUNING_FILE] 'Adjust rule level.'")
-                .default_value("./config/level_tuning.txt"),
+                .default_value("./rules/config/level_tuning.txt"),
         )
         .usage(usages)
         .args_from_usage(usages)

src/filter.rs

@@ -19,10 +19,16 @@ pub struct RuleExclude {
     pub no_use_rule: HashSet<String>,
 }
 
+impl RuleExclude {
+    pub fn default() -> RuleExclude {
+        RuleExclude {
+            no_use_rule: HashSet::new(),
+        }
+    }
+}
+
 pub fn exclude_ids() -> RuleExclude {
-    let mut exclude_ids = RuleExclude {
-        no_use_rule: HashSet::new(),
-    };
+    let mut exclude_ids = RuleExclude::default();
 
     if !configs::CONFIG
         .read()

src/main.rs

@@ -235,7 +235,7 @@ impl App {
                 .unwrap()
                 .args
                 .value_of("level-tuning")
-                .unwrap_or("./config/level_tuning.txt")
+                .unwrap_or("./rules/config/level_tuning.txt")
                 .to_string();
 
             if Path::new(&level_tuning_config_path).exists() {
@@ -253,7 +253,7 @@ impl App {
             } else {
                 AlertMessage::alert(
                     &mut BufWriter::new(std::io::stderr().lock()),
-                    "Need rule_levels.txt file to use --level-tuning option [default: ./config/level_tuning.txt]",
+                    "Need rule_levels.txt file to use --level-tuning option [default: ./rules/config/level_tuning.txt]",
                 )
                 .ok();
             }
@@ -775,9 +775,7 @@ impl App {
             .read_dir(
                 rule_folder_path,
                 "INFORMATIONAL",
-                &filter::RuleExclude {
-                    no_use_rule: HashSet::new(),
-                },
+                &filter::RuleExclude::default(),
             )
             .ok();
 

src/options/level_tuning.rs

@@ -1,5 +1,5 @@
 use crate::detections::{configs, utils};
-use crate::filter;
+use crate::filter::RuleExclude;
 use crate::yaml::ParseYaml;
 use std::collections::HashMap;
 use std::fs::{self, File};
@@ -45,8 +45,9 @@ impl LevelTuning {
 
         // Read Rule files
         let mut rulefile_loader = ParseYaml::new();
+        //noisy rules and exclude rules treats as update target
         let result_readdir =
-            rulefile_loader.read_dir(rules_path, "informational", &filter::exclude_ids());
+            rulefile_loader.read_dir(rules_path, "informational", &RuleExclude::default());
         if result_readdir.is_err() {
             return Result::Err(format!("{}", result_readdir.unwrap_err()));
         }
@@ -98,9 +99,6 @@ impl LevelTuning {
 #[cfg(test)]
 mod tests {
 
-    // use crate::{filter::RuleExclude, yaml};
-    // use hashbrown::HashSet;
-
     use super::*;
 
     #[test]

src/yaml.rs

@@ -290,9 +290,7 @@ mod tests {
         AlertMessage::create_error_log(ERROR_LOG_PATH.to_string());
 
         let mut yaml = yaml::ParseYaml::new();
-        let exclude_ids = RuleExclude {
-            no_use_rule: HashSet::new(),
-        };
+        let exclude_ids = RuleExclude::default();
         let _ = &yaml.read_dir(
             "test_files/rules/yaml/1.yml",
             &String::default(),
@@ -401,9 +399,7 @@ mod tests {
 
         let mut yaml = yaml::ParseYaml::new();
         let path = Path::new("test_files/rules/yaml");
-        let exclude_ids = RuleExclude {
-            no_use_rule: HashSet::new(),
-        };
+        let exclude_ids = RuleExclude::default();
         yaml.read_dir(path, "", &exclude_ids).unwrap();
         assert_eq!(yaml.ignorerule_count, 0);
     }
@@ -411,9 +407,7 @@ mod tests {
     fn test_exclude_deprecated_rules_file() {
         let mut yaml = yaml::ParseYaml::new();
         let path = Path::new("test_files/rules/deprecated");
-        let exclude_ids = RuleExclude {
-            no_use_rule: HashSet::new(),
-        };
+        let exclude_ids = RuleExclude::default();
         yaml.read_dir(path, "", &exclude_ids).unwrap();
         assert_eq!(yaml.ignorerule_count, 1);
     }