From 063c25116a98dd698e74c9e1577f1ace9f59beb4 Mon Sep 17 00:00:00 2001 From: fukusuket <41001169+fukusuket@users.noreply.github.com> Date: Tue, 27 Feb 2024 23:23:22 +0900 Subject: [PATCH 1/4] perf: use slice instead of replacen --- src/detections/rule/condition_parser.rs | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/src/detections/rule/condition_parser.rs b/src/detections/rule/condition_parser.rs index 2ed2c9621..1060f2e62 100644 --- a/src/detections/rule/condition_parser.rs +++ b/src/detections/rule/condition_parser.rs @@ -91,7 +91,7 @@ impl ConditionToken { }; } - pub fn to_condition_token(token: String) -> ConditionToken { + pub fn to_condition_token(token: &str) -> ConditionToken { if token == "(" { ConditionToken::LeftParenthesis } else if token == ")" { @@ -105,7 +105,7 @@ impl ConditionToken { } else if token == "or" { ConditionToken::Or } else { - ConditionToken::SelectionReference(token) + ConditionToken::SelectionReference(token.to_string()) } } } @@ -130,7 +130,7 @@ impl ConditionCompiler { let captured = self::RE_PIPE.captures(condition_str.as_str()); let replaced_condition = if let Some(cap) = captured { let captured = cap.get(0).unwrap().as_str(); - condition_str.replacen(captured, "", 1) + condition_str.replace(captured, "") } else { condition_str.to_string() }; @@ -191,28 +191,28 @@ impl ConditionCompiler { /// 字句解析を行う fn tokenize(&self, condition_str: &str) -> Result, String> { - let mut cur_condition_str = condition_str.to_string(); + let mut cur_condition_str = condition_str; let mut tokens = Vec::new(); while !cur_condition_str.is_empty() { let captured = self::CONDITION_REGEXMAP.iter().find_map(|regex| { - return regex.captures(cur_condition_str.as_str()); + return regex.captures(cur_condition_str); }); if captured.is_none() { // トークンにマッチしないのはありえないという方針でパースしています。 return Result::Err("An unusable character was found.".to_string()); } - let mached_str = captured.unwrap().get(0).unwrap().as_str(); - let token = ConditionToken::to_condition_token(mached_str.to_string()); + let matched_str = captured.unwrap().get(0).unwrap().as_str(); + let token = ConditionToken::to_condition_token(matched_str); if let ConditionToken::Space = token { // 空白は特に意味ないので、読み飛ばす。 - cur_condition_str = cur_condition_str.replacen(mached_str, "", 1); + cur_condition_str = &cur_condition_str[matched_str.len()..]; continue; } tokens.push(token); - cur_condition_str = cur_condition_str.replacen(mached_str, "", 1); + cur_condition_str = &cur_condition_str[matched_str.len()..]; } Result::Ok(tokens) @@ -1625,4 +1625,4 @@ mod tests { check_select(rule_str(case4).as_str(), record_json_str, false); check_select(rule_str(case5).as_str(), record_json_str, false); } -} +} \ No newline at end of file From a7a63325b5d2cb9231fb53bddac90b668a4da646 Mon Sep 17 00:00:00 2001 From: fukusuket <41001169+fukusuket@users.noreply.github.com> Date: Tue, 27 Feb 2024 23:48:11 +0900 Subject: [PATCH 2/4] fix: cargo fmt error --- src/detections/rule/condition_parser.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/detections/rule/condition_parser.rs b/src/detections/rule/condition_parser.rs index 1060f2e62..c0d8c4dde 100644 --- a/src/detections/rule/condition_parser.rs +++ b/src/detections/rule/condition_parser.rs @@ -1625,4 +1625,4 @@ mod tests { check_select(rule_str(case4).as_str(), record_json_str, false); check_select(rule_str(case5).as_str(), record_json_str, false); } -} \ No newline at end of file +} From d8d8086ea621a46104e0147cc8c6fde26043b987 Mon Sep 17 00:00:00 2001 From: fukusuket <41001169+fukusuket@users.noreply.github.com> Date: Tue, 27 Feb 2024 23:59:22 +0900 Subject: [PATCH 3/4] perf: use slice instead of replacen --- src/detections/rule/aggregation_parser.rs | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/src/detections/rule/aggregation_parser.rs b/src/detections/rule/aggregation_parser.rs index bfe985d18..2b6d52fdc 100644 --- a/src/detections/rule/aggregation_parser.rs +++ b/src/detections/rule/aggregation_parser.rs @@ -88,29 +88,29 @@ impl AggegationConditionCompiler { &self, condition_str: String, ) -> Result, String> { - let mut cur_condition_str = condition_str; + let mut cur_condition_str = condition_str.as_str(); let mut tokens = Vec::new(); while !cur_condition_str.is_empty() { let captured = self::AGGREGATION_REGEXMAP.iter().find_map(|regex| { - return regex.captures(cur_condition_str.as_str()); + return regex.captures(cur_condition_str); }); if captured.is_none() { // トークンにマッチしないのはありえないという方針でパースしています。 return Result::Err("An unusable character was found.".to_string()); } - let mached_str = captured.unwrap().get(0).unwrap().as_str(); - let token = self.to_enum(mached_str.to_string()); + let matched_str = captured.unwrap().get(0).unwrap().as_str(); + let token = self.to_enum(matched_str); if let AggregationConditionToken::Space = token { // 空白は特に意味ないので、読み飛ばす。 - cur_condition_str = cur_condition_str.replacen(mached_str, "", 1); + cur_condition_str = &cur_condition_str[matched_str.len()..]; continue; } tokens.push(token); - cur_condition_str = cur_condition_str.replacen(mached_str, "", 1); + cur_condition_str = &cur_condition_str[matched_str.len()..]; } Result::Ok(tokens) @@ -226,7 +226,7 @@ impl AggegationConditionCompiler { } /// 文字列をConditionTokenに変換する。 - fn to_enum(&self, token: String) -> AggregationConditionToken { + fn to_enum(&self, token: &str) -> AggregationConditionToken { if token.starts_with("count(") { let count_field = token .replacen("count(", "", 1) @@ -248,7 +248,7 @@ impl AggegationConditionCompiler { } else if token == ">" { AggregationConditionToken::GT } else { - AggregationConditionToken::Keyword(token) + AggregationConditionToken::Keyword(token.to_string()) } } } From 78ead06f6a742391b2a27c2ce10a57007aa55f5f Mon Sep 17 00:00:00 2001 From: Yamato Security <71482215+YamatoSecurity@users.noreply.github.com> Date: Wed, 28 Feb 2024 11:04:10 +0900 Subject: [PATCH 4/4] update changelog --- CHANGELOG-Japanese.md | 1 + CHANGELOG.md | 1 + 2 files changed, 2 insertions(+) diff --git a/CHANGELOG-Japanese.md b/CHANGELOG-Japanese.md index df1806a56..50beed6ba 100644 --- a/CHANGELOG-Japanese.md +++ b/CHANGELOG-Japanese.md @@ -6,6 +6,7 @@ - 指定した`status`のルールのみを利用する`--include-status`オプションを追加した。 (#1193) (@hitenkoku) - 未使用のクレートを削除した。(@YamatoSecurity) +- パフォーマンスの改善 (#1277, #1278) (@fukusuket) **バグ修正:** diff --git a/CHANGELOG.md b/CHANGELOG.md index 21e774d3f..edf06cb6e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,6 +6,7 @@ - Added `--include-status` option: You can specify rules based on their `status`. (#1193) (@hitenkoku) - Removed unused crates. (@YamatoSecurity) +- Performance enchancements. (#1277, #1278) (@fukusuket) **Bug Fixes:**