diff --git a/CHANGELOG-Japanese.md b/CHANGELOG-Japanese.md index 0759136d9..c6376e94f 100644 --- a/CHANGELOG-Japanese.md +++ b/CHANGELOG-Japanese.md @@ -1,5 +1,20 @@ # 変更点 +## 2.10.0 [xxxx/xx/xx] "xxx Release" + +**改善:** + +xxx + +**バグ修正:** + +- まれにJSONフィールドが正しくパースされない状態を修正した。(#1145) (@hitenkoku) +- JSON出力で、`AllFieldInfo`は改行文字とタブ文字を除去していたが、出力するように修正した。 (#1189) (@hitenkoku) + +**その他:** + +xxx + ## 2.9.0 [2023/09/22] "Autumn Rain Release" **改善:** diff --git a/CHANGELOG.md b/CHANGELOG.md index b3aaea565..393ae849d 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,20 @@ # Changes +## 2.10.0 [xxxx/xx/xx] "xxx Release" + +**Enhancements:** + +xxx + +**Bug Fixes:** + +- Fixed that field information defined in `Details` was also output to `ExtraFieldInfo` in some cases. (#1145) (@hitenkoku) +- Fixed output of newline and tab characters in `AllFieldInfo` in JSON output. (#1189) (@hitenkoku) + +**Other:** + +xxx + ## 2.9.0 [2023/09/22] "Autumn Rain Release" **Enhancements:** diff --git a/Cargo.lock b/Cargo.lock index ad31e2014..3b26d36e0 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -30,9 +30,9 @@ dependencies = [ [[package]] name = "aho-corasick" -version = "1.1.1" +version = "1.1.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ea5d730647d4fadd988536d06fecce94b7b4f2a7efdae548f1cf4b63205518ab" +checksum = "b2969dcb958b36655471fc61f7e416fa76033bdd4bfed0678d8fee1e2d07a1f0" dependencies = [ "memchr", ] @@ -60,9 +60,9 @@ dependencies = [ [[package]] name = "anstream" -version = "0.5.0" +version = "0.6.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b1f58811cfac344940f1a400b6e6231ce35171f614f26439e80f8c1465c5cc0c" +checksum = "2ab91ebe16eb252986481c5b62f6098f3b698a45e34b5b98200cf20dd2484a44" dependencies = [ "anstyle", "anstyle-parse", @@ -74,15 +74,15 @@ dependencies = [ [[package]] name = "anstyle" -version = "1.0.3" +version = "1.0.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b84bf0a05bbb2a83e5eb6fa36bb6e87baa08193c35ff52bbf6b38d8af2890e46" +checksum = "7079075b41f533b8c61d2a4d073c4676e1f8b249ff94a393b0595db304e0dd87" [[package]] name = "anstyle-parse" -version = "0.2.1" +version = "0.2.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "938874ff5980b03a87c5524b3ae5b59cf99b1d6bc836848df7bc5ada9643c333" +checksum = "317b9a89c1868f5ea6ff1d9539a69f45dffc21ce321ac1fd1160dfa48c8e2140" dependencies = [ "utf8parse", ] @@ -98,9 +98,9 @@ dependencies = [ [[package]] name = "anstyle-wincon" -version = "2.1.0" +version = "3.0.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "58f54d10c6dfa51283a066ceab3ec1ab78d13fae00aa49243a45e4571fb79dfd" +checksum = "f0699d10d2f4d628a98ee7b57b289abbc98ff3bad977cb3152709d4bf2330628" dependencies = [ "anstyle", "windows-sys 0.48.0", @@ -164,9 +164,9 @@ checksum = "bef38d45163c2f1dde094a7dfd33ccf595c92905c8f8f4fdc18d06fb1037718a" [[package]] name = "bitflags" -version = "2.4.0" +version = "2.4.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b4682ae6287fcf752ecaabbfcc7b6f9b72aa33933dc23a554d853aea8eea8635" +checksum = "327762f6e5a765692301e5bb513e0d9fef63be86bbc14528052b1cd3e6f03e07" [[package]] name = "bumpalo" @@ -176,15 +176,15 @@ checksum = "7f30e7476521f6f8af1a1c4c0b8cc94f0bee37d91763d0ca2665f299b6cd8aec" [[package]] name = "bytecount" -version = "0.6.3" +version = "0.6.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2c676a478f63e9fa2dd5368a42f28bba0d6c560b775f38583c8bbaa7fcd67c9c" +checksum = "ad152d03a2c813c80bb94fedbf3a3f02b28f793e39e7c214c8a0bcc196343de7" [[package]] name = "byteorder" -version = "1.4.3" +version = "1.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "14c189c53d098945499cdfa7ecc63567cf3886b3332b312a5b4585d8d3a6a610" +checksum = "1fd0f2584146f6f2ef48085050886acf353beff7305ebd1ae69500e27c67f64b" [[package]] name = "bytes" @@ -209,9 +209,9 @@ dependencies = [ [[package]] name = "cargo-platform" -version = "0.1.3" +version = "0.1.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2cfa25e60aea747ec7e1124f238816749faa93759c6ff5b31f1ccdda137f4479" +checksum = "12024c4645c97566567129c204f65d5815a8c9aecf30fcbe682b2fe034996d36" dependencies = [ "serde", ] @@ -299,9 +299,9 @@ dependencies = [ [[package]] name = "clap" -version = "4.4.4" +version = "4.4.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b1d7b8d5ec32af0fadc644bf1fd509a688c2103b185644bb1e29d164e0703136" +checksum = "d04704f56c2cde07f43e8e2c154b43f216dc5c92fc98ada720177362f953b956" dependencies = [ "clap_builder", "clap_derive", @@ -309,9 +309,9 @@ dependencies = [ [[package]] name = "clap_builder" -version = "4.4.4" +version = "4.4.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5179bb514e4d7c2051749d8fcefa2ed6d06a9f4e6d69faf3805f5d80b8cf8d56" +checksum = "0e231faeaca65ebd1ea3c737966bf858971cd38c3849107aa3ea7de90a804e45" dependencies = [ "anstream", "anstyle", @@ -328,7 +328,7 @@ dependencies = [ "heck", "proc-macro2", "quote", - "syn 2.0.37", + "syn 2.0.38", ] [[package]] @@ -477,9 +477,9 @@ dependencies = [ [[package]] name = "csv-core" -version = "0.1.10" +version = "0.1.11" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2b2466559f260f48ad25fe6317b3c8dac77b5bdb5763ac7d9d6103530663bc90" +checksum = "5efa2b3d7902f4b634a20cae3c9c4e6209dc4779feb6863329607560143efa70" dependencies = [ "memchr", ] @@ -497,7 +497,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "978747c1d849a7d2ee5e8adc0159961c48fb7e5db2f06af6723b80123bb53856" dependencies = [ "cfg-if", - "hashbrown 0.14.0", + "hashbrown 0.14.1", "lock_api", "once_cell", "parking_lot_core", @@ -623,25 +623,14 @@ checksum = "5443807d6dff69373d433ab9ef5378ad8df50ca6298caf15de6e52e24aaf54d5" [[package]] name = "errno" -version = "0.3.3" +version = "0.3.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "136526188508e25c6fef639d7927dfb3e0e3084488bf202267829cf7fc23dbdd" +checksum = "ac3e13f66a2f95e32a39eaa81f6b95d42878ca0e1db0c7543723dfe12557e860" dependencies = [ - "errno-dragonfly", "libc", "windows-sys 0.48.0", ] -[[package]] -name = "errno-dragonfly" -version = "0.1.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "aa68f1b12764fab894d2755d2518754e71b4fd80ecfb822714a1206c2aab39bf" -dependencies = [ - "cc", - "libc", -] - [[package]] name = "error-chain" version = "0.12.4" @@ -657,14 +646,14 @@ version = "0.8.7" source = "git+https://github.com/Yamato-Security/hayabusa-evtx.git?rev=d7af285#d7af285430398803e653ae06864bd65d61ec9063" dependencies = [ "anyhow", - "bitflags 2.4.0", + "bitflags 2.4.1", "byteorder", "chrono", "clap 3.2.25", "crc32fast", "dialoguer", "encoding", - "hashbrown 0.14.0", + "hashbrown 0.14.1", "indoc", "jemallocator", "log", @@ -681,9 +670,9 @@ dependencies = [ [[package]] name = "fastrand" -version = "2.0.0" +version = "2.0.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6999dc1837253364c2ebb0704ba97994bd874e8f195d665c50b7548f6ea92764" +checksum = "25cbce373ec4653f1a01a31e8a5e5ec0c622dc27ff9c4e6606eefef5cbbed4a5" [[package]] name = "file-chunker" @@ -697,9 +686,9 @@ dependencies = [ [[package]] name = "flate2" -version = "1.0.27" +version = "1.0.28" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c6c98ee8095e9d1dcbf2fcc6d95acccb90d1c81db1e44725c6a984b1dbdfb010" +checksum = "46303f565772937ffe1d394a4fac6f411c6013172fadde9dcdb1e147a086940e" dependencies = [ "crc32fast", "miniz_oxide", @@ -767,7 +756,7 @@ version = "0.18.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "fbf97ba92db08df386e10c8ede66a2a0369bd277090afd8710e19e38de9ec0cd" dependencies = [ - "bitflags 2.4.0", + "bitflags 2.4.1", "libc", "libgit2-sys", "log", @@ -790,9 +779,9 @@ checksum = "8a9ee70c43aaf417c914396645a0fa852624801b24ebb7ae78fe8272889ac888" [[package]] name = "hashbrown" -version = "0.14.0" +version = "0.14.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2c6201b9ff9fd90a5a3bac2e56a830d0caa509576f0e503818ee82c181b3437a" +checksum = "7dfda62a12f55daeae5015f81b0baea145391cb4520f86c248fc615d72640d12" dependencies = [ "ahash", "allocator-api2", @@ -800,14 +789,14 @@ dependencies = [ [[package]] name = "hayabusa" -version = "2.9.0" +version = "2.10.0" dependencies = [ "aho-corasick", "base64", "bytesize", "chrono", "cidr-utils", - "clap 4.4.4", + "clap 4.4.6", "comfy-table", "compact_str", "crossbeam-utils", @@ -818,10 +807,10 @@ dependencies = [ "evtx", "flate2", "git2", - "hashbrown 0.14.0", + "hashbrown 0.14.1", "hex", "horrorshow", - "indexmap 2.0.0", + "indexmap 2.0.2", "indicatif", "is_elevated", "itertools 0.11.0", @@ -930,19 +919,19 @@ dependencies = [ [[package]] name = "indexmap" -version = "2.0.0" +version = "2.0.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d5477fe2230a79769d8dc68e0eabf5437907c0457a5614a9e8dddb67f65eb65d" +checksum = "8adf3ddd720272c6ea8bf59463c04e0f93d0bbf7c5439b691bca2987e0270897" dependencies = [ "equivalent", - "hashbrown 0.14.0", + "hashbrown 0.14.1", ] [[package]] name = "indicatif" -version = "0.17.6" +version = "0.17.7" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0b297dc40733f23a0e52728a58fa9489a5b7638a324932de16b41adc3ef80730" +checksum = "fb28741c9db9a713d93deb3bb9515c20788cef5815265bee4980e87bde7e0f25" dependencies = [ "console", "instant", @@ -1041,9 +1030,9 @@ dependencies = [ [[package]] name = "jobserver" -version = "0.1.26" +version = "0.1.27" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "936cfd212a0155903bcbc060e316fb6cc7cbf2e1907329391ebadc1fe0ce77c2" +checksum = "8c37f63953c4c63420ed5fd3d6d398c719489b9f872b9fa683262f8edd363c7d" dependencies = [ "libc", ] @@ -1065,7 +1054,7 @@ checksum = "8244e0ff6c548152c07559ee9779dec5a5411eeee5bfd6146b38bd414a6841c6" dependencies = [ "anyhow", "chrono", - "clap 4.4.4", + "clap 4.4.6", "file-chunker", "memmap2 0.7.1", "num_cpus", @@ -1083,9 +1072,9 @@ checksum = "e2abad23fbc42b3700f2f279844dc832adb2b2eb069b2df918f455c4e18cc646" [[package]] name = "libc" -version = "0.2.148" +version = "0.2.149" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9cdc71e17332e86d2e1d38c1f99edcb6288ee11b815fb1a4b049eaa2114d369b" +checksum = "a08173bc88b7955d1b3145aa561539096c421ac8debde8cbc3612ec635fee29b" [[package]] name = "libgit2-sys" @@ -1152,9 +1141,9 @@ checksum = "ef53942eb7bf7ff43a617b3e2c1c4a5ecf5944a7c1bc12d7ee39bbb15e5c1519" [[package]] name = "linux-raw-sys" -version = "0.4.7" +version = "0.4.10" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1a9bad9f94746442c783ca431b22403b519cd7fbeed0533fdd6328b2f2212128" +checksum = "da2479e8c062e40bf0066ffa0bc823de0a9368974af99c9f6df941d2c231e03f" [[package]] name = "lock_api" @@ -1186,9 +1175,9 @@ dependencies = [ [[package]] name = "memchr" -version = "2.6.3" +version = "2.6.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8f232d6ef707e1956a43342693d2a31e72989554d58299d7a88738cc95b0d35c" +checksum = "f665ee40bc4a3c5590afb1e9677db74a508659dfd71e126420da8274909a0167" [[package]] name = "memmap2" @@ -1376,9 +1365,9 @@ dependencies = [ [[package]] name = "num-traits" -version = "0.2.16" +version = "0.2.17" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f30b0abd723be7e2ffca1272140fac1a2f084c77ec3e123c192b66af1ee9e6c2" +checksum = "39e3200413f237f41ab11ad6d161bc7239c84dcb631773ccd7de3dfe4b5c267c" dependencies = [ "autocfg", ] @@ -1420,7 +1409,7 @@ version = "0.10.57" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "bac25ee399abb46215765b1cb35bc0212377e58a061560d8b29b024fd0430e7c" dependencies = [ - "bitflags 2.4.0", + "bitflags 2.4.1", "cfg-if", "foreign-types", "libc", @@ -1437,7 +1426,7 @@ checksum = "a948666b637a0f465e8564c73e89d4dde00d72d4d473cc972f390fc3dcee7d9c" dependencies = [ "proc-macro2", "quote", - "syn 2.0.37", + "syn 2.0.38", ] [[package]] @@ -1470,9 +1459,9 @@ dependencies = [ [[package]] name = "os_str_bytes" -version = "6.5.1" +version = "6.6.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4d5d9eb14b174ee9aa2ef96dc2b94637a2d4b6e7cb873c7e171f0c20c6cf3eac" +checksum = "e2355d85b9a3786f481747ced0e0ff2ba35213a1f9bd406ed906554d7af805a1" [[package]] name = "parking_lot" @@ -1559,9 +1548,9 @@ dependencies = [ [[package]] name = "proc-macro2" -version = "1.0.67" +version = "1.0.69" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3d433d9f1a3e8c1263d9456598b16fec66f4acc9a74dacffd35c7bb09b3a1328" +checksum = "134c189feb4956b20f6f547d2cf727d4c0fe06722b20a0eec87ed445a97f92da" dependencies = [ "unicode-ident", ] @@ -1657,9 +1646,9 @@ dependencies = [ [[package]] name = "regex" -version = "1.9.5" +version = "1.10.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "697061221ea1b4a94a624f67d0ae2bfe4e22b8a17b6a192afb11046542cc8c47" +checksum = "380b951a9c5e80ddfd6136919eef32310721aa4aacd4889a8d39124b026ab343" dependencies = [ "aho-corasick", "memchr", @@ -1669,9 +1658,9 @@ dependencies = [ [[package]] name = "regex-automata" -version = "0.3.8" +version = "0.4.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c2f401f4955220693b56f8ec66ee9c78abffd8d1c4f23dc41a23839eb88f0795" +checksum = "5f804c7828047e88b2d32e2d7fe5a105da8ee3264f01902f796c8e067dc2483f" dependencies = [ "aho-corasick", "memchr", @@ -1680,9 +1669,9 @@ dependencies = [ [[package]] name = "regex-syntax" -version = "0.7.5" +version = "0.8.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "dbb5fb1acd8a1a18b3dd5be62d25485eb770e05afb408a9627d14d451bae12da" +checksum = "c08c74e62047bb2de4ff487b251e4a92e24f48745648451635cec7d591162d9f" [[package]] name = "ring" @@ -1727,9 +1716,9 @@ checksum = "d626bb9dae77e28219937af045c257c28bfd3f69333c512553507f5f9798cb76" [[package]] name = "rustix" -version = "0.37.23" +version = "0.37.25" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4d69718bf81c6127a49dc64e44a742e8bb9213c0ff8869a22c308f84c1d4ab06" +checksum = "d4eb579851244c2c03e7c24f501c3432bed80b8f720af1d6e5b0e0f01555a035" dependencies = [ "bitflags 1.3.2", "errno", @@ -1741,14 +1730,14 @@ dependencies = [ [[package]] name = "rustix" -version = "0.38.14" +version = "0.38.19" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "747c788e9ce8e92b12cd485c49ddf90723550b654b32508f979b71a7b1ecda4f" +checksum = "745ecfa778e66b2b63c88a61cb36e0eea109e803b0b86bf9879fbc77c70e86ed" dependencies = [ - "bitflags 2.4.0", + "bitflags 2.4.1", "errno", "libc", - "linux-raw-sys 0.4.7", + "linux-raw-sys 0.4.10", "windows-sys 0.48.0", ] @@ -1760,20 +1749,10 @@ checksum = "cd8d6c9f025a446bc4d18ad9632e69aec8f287aa84499ee335599fabd20c3fd8" dependencies = [ "log", "ring", - "rustls-webpki 0.101.6", + "rustls-webpki", "sct", ] -[[package]] -name = "rustls-webpki" -version = "0.100.3" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5f6a5fc258f1c1276dfe3016516945546e2d5383911efc0fc4f1cdc5df3a4ae3" -dependencies = [ - "ring", - "untrusted", -] - [[package]] name = "rustls-webpki" version = "0.101.6" @@ -1823,31 +1802,31 @@ dependencies = [ [[package]] name = "semver" -version = "1.0.18" +version = "1.0.20" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b0293b4b29daaf487284529cc2f5675b8e57c61f70167ba415a463651fd6a918" +checksum = "836fa6a3e1e547f9a2c4040802ec865b5d85f4014efe00555d7090a3dcaa1090" dependencies = [ "serde", ] [[package]] name = "serde" -version = "1.0.188" +version = "1.0.189" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "cf9e0fcba69a370eed61bcf2b728575f726b50b55cba78064753d708ddc7549e" +checksum = "8e422a44e74ad4001bdc8eede9a4570ab52f71190e9c076d14369f38b9200537" dependencies = [ "serde_derive", ] [[package]] name = "serde_derive" -version = "1.0.188" +version = "1.0.189" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4eca7ac642d82aa35b60049a6eccb4be6be75e599bd2e9adb5f875a737654af2" +checksum = "1e48d1f918009ce3145511378cf68d613e3b3d9137d67272562080d68a2b32d5" dependencies = [ "proc-macro2", "quote", - "syn 2.0.37", + "syn 2.0.38", ] [[package]] @@ -1978,9 +1957,9 @@ dependencies = [ [[package]] name = "syn" -version = "2.0.37" +version = "2.0.38" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7303ef2c05cd654186cb250d29049a24840ca25d2747c25c0381c8d9e2f582e8" +checksum = "e96b79aaa137db8f61e26363a0c9b47d8b4ec75da28b7d1d614c2303e232408b" dependencies = [ "proc-macro2", "quote", @@ -1996,7 +1975,7 @@ dependencies = [ "cfg-if", "fastrand", "redox_syscall", - "rustix 0.38.14", + "rustix 0.38.19", "windows-sys 0.48.0", ] @@ -2015,7 +1994,7 @@ version = "0.2.6" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "8e6bf6f19e9f8ed8d4048dc22981458ebcf406d67e94cd422e5ecd73d63b3237" dependencies = [ - "rustix 0.37.23", + "rustix 0.37.25", "windows-sys 0.48.0", ] @@ -2025,7 +2004,7 @@ version = "0.3.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "21bebf2b7c9e0a515f6e0f8c51dc0f8e4696391e6f1ff30379559f8365fb0df7" dependencies = [ - "rustix 0.38.14", + "rustix 0.38.19", "windows-sys 0.48.0", ] @@ -2043,22 +2022,22 @@ checksum = "222a222a5bfe1bba4a77b45ec488a741b3cb8872e5e499451fd7d0129c9c7c3d" [[package]] name = "thiserror" -version = "1.0.48" +version = "1.0.49" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9d6d7a740b8a666a7e828dd00da9c0dc290dff53154ea77ac109281de90589b7" +checksum = "1177e8c6d7ede7afde3585fd2513e611227efd6481bd78d2e82ba1ce16557ed4" dependencies = [ "thiserror-impl", ] [[package]] name = "thiserror-impl" -version = "1.0.48" +version = "1.0.49" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "49922ecae66cc8a249b77e68d1d0623c1b2c514f0060c27cdc68bd62a1219d35" +checksum = "10712f02019e9288794769fba95cd6847df9874d49d871d062172f9dd41bc4cc" dependencies = [ "proc-macro2", "quote", - "syn 2.0.37", + "syn 2.0.38", ] [[package]] @@ -2078,9 +2057,9 @@ checksum = "1f3ccbac311fea05f86f61904b462b55fb3df8837a366dfc601a0161d0532f20" [[package]] name = "tokio" -version = "1.32.0" +version = "1.33.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "17ed6077ed6cd6c74735e21f37eb16dc3935f96878b1fe961074089cc80893f9" +checksum = "4f38200e3ef7995e5ef13baec2f432a6da0aa9ac495b2c0e8f3b7eec2c92d653" dependencies = [ "backtrace", "bytes", @@ -2103,7 +2082,7 @@ checksum = "630bdcf245f78637c13ec01ffae6187cca34625e8c63150d424b59e55af2675e" dependencies = [ "proc-macro2", "quote", - "syn 2.0.37", + "syn 2.0.38", ] [[package]] @@ -2150,16 +2129,16 @@ checksum = "a156c684c91ea7d62626509bce3cb4e1d9ed5c4d978f7b4352658f96a4c26b4a" [[package]] name = "ureq" -version = "2.7.1" +version = "2.8.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0b11c96ac7ee530603dcdf68ed1557050f374ce55a5a07193ebf8cbc9f8927e9" +checksum = "f5ccd538d4a604753ebc2f17cd9946e89b77bf87f6a8e2309667c6f2e87855e3" dependencies = [ "base64", "flate2", "log", "once_cell", "rustls", - "rustls-webpki 0.100.3", + "rustls-webpki", "url", "webpki-roots", ] @@ -2230,7 +2209,7 @@ dependencies = [ "once_cell", "proc-macro2", "quote", - "syn 2.0.37", + "syn 2.0.38", "wasm-bindgen-shared", ] @@ -2252,7 +2231,7 @@ checksum = "54681b18a46765f095758388f2d0cf16eb8d4169b639ab575a8f5693af210c7b" dependencies = [ "proc-macro2", "quote", - "syn 2.0.37", + "syn 2.0.38", "wasm-bindgen-backend", "wasm-bindgen-shared", ] @@ -2275,12 +2254,9 @@ dependencies = [ [[package]] name = "webpki-roots" -version = "0.23.1" +version = "0.25.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b03058f88386e5ff5310d9111d53f48b17d732b401aeb83a8d5190f2ac459338" -dependencies = [ - "rustls-webpki 0.100.3", -] +checksum = "14247bb57be4f377dfb94c72830b8ce8fc6beac03cf4bf7b9732eadd414123fc" [[package]] name = "winapi" diff --git a/Cargo.toml b/Cargo.toml index d3023845f..08aaa2409 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "hayabusa" -version = "2.9.0" +version = "2.10.0" repository = "https://github.com/Yamato-Security/hayabusa" authors = ["Yamato Security @SecurityYamato"] edition = "2021" diff --git a/src/afterfact.rs b/src/afterfact.rs index 7b8a00dc3..5dbbc2876 100644 --- a/src/afterfact.rs +++ b/src/afterfact.rs @@ -59,12 +59,15 @@ pub fn set_output_color(no_color_flag: bool) -> HashMap { if no_color_flag { return color_map; } - if read_result.is_err() { - // color情報がない場合は通常の白色の出力が出てくるのみで動作への影響を与えない為warnとして処理する - AlertMessage::warn(read_result.as_ref().unwrap_err()).ok(); - return color_map; - } - read_result.unwrap().iter().for_each(|line| { + let color_map_contents = match read_result { + Ok(c) => c, + Err(e) => { + // color情報がない場合は通常の白色の出力が出てくるのみで動作への影響を与えない為warnとして処理する + AlertMessage::warn(&e).ok(); + return color_map; + } + }; + color_map_contents.iter().for_each(|line| { if line.len() != 2 { return; } @@ -488,10 +491,7 @@ fn emit_csv( .or_insert_with(|| extract_author_name(&detect_info.rulepath, stored_static)) .clone(); let author_str = author_list.iter().join(", "); - detect_rule_authors.insert( - detect_info.rulepath.to_owned(), - author_str.to_owned().into(), - ); + detect_rule_authors.insert(detect_info.rulepath.to_owned(), author_str.into()); if !detected_rule_files.contains(&detect_info.rulepath) { detected_rule_files.insert(detect_info.rulepath.to_owned()); @@ -1578,9 +1578,9 @@ pub fn output_json_str( output_stock.push(format!(" \"{key}\": {{")); }; for (idx, contents) in details_target_stock.iter().enumerate() { - let (key, value) = contents.split_once(": ").unwrap_or_default(); + let (key, value) = contents.split_once(':').unwrap_or_default(); let output_key = _convert_valid_json_str(&[key], false); - let fmted_val = _convert_valid_json_str(&[value], false); + let fmted_val = _convert_valid_json_str(&[value.trim_start()], false); if idx != details_target_stock.len() - 1 { output_stock.push(format!( @@ -2045,7 +2045,7 @@ mod tests { }, expect_time, &profile_converter, - (false, false, false), + (false, false), (&eventkey_alias, &FieldDataMapKey::default(), &None), ); *profile_converter.get_mut("Computer").unwrap() = @@ -2068,7 +2068,7 @@ mod tests { }, expect_time, &profile_converter, - (false, false, false), + (false, false), (&eventkey_alias, &FieldDataMapKey::default(), &None), ); let multi = message::MESSAGES.get(&expect_time).unwrap(); @@ -2372,7 +2372,7 @@ mod tests { }, expect_time, &profile_converter, - (false, false, true), + (false, false), (&eventkey_alias, &FieldDataMapKey::default(), &None), ); *profile_converter.get_mut("Computer").unwrap() = @@ -2395,7 +2395,7 @@ mod tests { }, expect_time, &profile_converter, - (false, false, true), + (false, false), (&eventkey_alias, &FieldDataMapKey::default(), &None), ); let multi = message::MESSAGES.get(&expect_time).unwrap(); @@ -2689,7 +2689,7 @@ mod tests { }, expect_time, &profile_converter, - (false, false, false), + (false, false), (&eventkey_alias, &FieldDataMapKey::default(), &None), ); *profile_converter.get_mut("Computer").unwrap() = @@ -2712,7 +2712,7 @@ mod tests { }, expect_time, &profile_converter, - (false, false, false), + (false, false), (&eventkey_alias, &FieldDataMapKey::default(), &None), ); let multi = message::MESSAGES.get(&expect_time).unwrap(); @@ -3016,7 +3016,7 @@ mod tests { }, expect_time, &profile_converter, - (false, true, true), + (false, true), (&eventkey_alias, &FieldDataMapKey::default(), &None), ); *profile_converter.get_mut("Computer").unwrap() = @@ -3039,7 +3039,7 @@ mod tests { }, expect_time, &profile_converter, - (false, true, true), + (false, true), (&eventkey_alias, &FieldDataMapKey::default(), &None), ); let multi = message::MESSAGES.get(&expect_time).unwrap(); @@ -3566,7 +3566,7 @@ mod tests { }, expect_time, &profile_converter, - (false, true, true), + (false, true), (&eventkey_alias, &FieldDataMapKey::default(), &None), ); *profile_converter.get_mut("Computer").unwrap() = @@ -3831,7 +3831,7 @@ mod tests { }, expect_time, &profile_converter, - (false, true, true), + (false, true), (&eventkey_alias, &FieldDataMapKey::default(), &None), ); *profile_converter.get_mut("Computer").unwrap() = diff --git a/src/detections/configs.rs b/src/detections/configs.rs index d4c08a24c..de78357d0 100644 --- a/src/detections/configs.rs +++ b/src/detections/configs.rs @@ -12,7 +12,6 @@ use compact_str::CompactString; use hashbrown::{HashMap, HashSet}; use itertools::Itertools; use lazy_static::lazy_static; -use nested::Nested; use regex::Regex; use std::env::current_exe; use std::path::{Path, PathBuf}; @@ -729,7 +728,7 @@ fn check_thread_number(config: &Config) -> Option { pub enum Action { #[clap( author = "Yamato Security (https://github.com/Yamato-Security/hayabusa - @SecurityYamato)", - help_template = "\nHayabusa v2.9.0 - Autumn Rain Release\n{author-with-newline}\n{usage-heading}\n hayabusa.exe csv-timeline [OPTIONS]\n\n{all-args}", + help_template = "\nHayabusa v2.10.0-dev - Dev Build\n{author-with-newline}\n{usage-heading}\n hayabusa.exe csv-timeline [OPTIONS]\n\n{all-args}", term_width = 400, disable_help_flag = true, display_order = 290 @@ -739,7 +738,7 @@ pub enum Action { #[clap( author = "Yamato Security (https://github.com/Yamato-Security/hayabusa - @SecurityYamato)", - help_template = "\nHayabusa v2.9.0 - Autumn Rain Release\n{author-with-newline}\n{usage-heading}\n hayabusa.exe json-timeline [OPTIONS]\n\n{all-args}", + help_template = "\nHayabusa v2.10.0-dev - Dev Build\n{author-with-newline}\n{usage-heading}\n hayabusa.exe json-timeline [OPTIONS]\n\n{all-args}", term_width = 400, disable_help_flag = true, display_order = 360 @@ -749,7 +748,7 @@ pub enum Action { #[clap( author = "Yamato Security (https://github.com/Yamato-Security/hayabusa - @SecurityYamato)", - help_template = "\nHayabusa v2.9.0 - Autumn Rain Release\n{author-with-newline}\n{usage-heading}\n hayabusa.exe logon-summary [OPTIONS]\n\n{all-args}", + help_template = "\nHayabusa v2.10.0-dev - Dev Build\n{author-with-newline}\n{usage-heading}\n hayabusa.exe logon-summary [OPTIONS]\n\n{all-args}", term_width = 400, disable_help_flag = true, display_order = 383 @@ -759,7 +758,7 @@ pub enum Action { #[clap( author = "Yamato Security (https://github.com/Yamato-Security/hayabusa - @SecurityYamato)", - help_template = "\nHayabusa v2.9.0 - Autumn Rain Release\n{author-with-newline}\n{usage-heading}\n hayabusa.exe eid-metrics [OPTIONS]\n\n{all-args}", + help_template = "\nHayabusa v2.10.0-dev - Dev Build\n{author-with-newline}\n{usage-heading}\n hayabusa.exe eid-metrics [OPTIONS]\n\n{all-args}", term_width = 400, disable_help_flag = true, display_order = 310 @@ -769,7 +768,7 @@ pub enum Action { #[clap( author = "Yamato Security (https://github.com/Yamato-Security/hayabusa - @SecurityYamato)", - help_template = "\nHayabusa v2.9.0 - Autumn Rain Release\n{author-with-newline}\n{usage-heading}\n hayabusa.exe pivot-keywords-list [OPTIONS]\n\n{all-args}", + help_template = "\nHayabusa v2.10.0-dev - Dev Build\n{author-with-newline}\n{usage-heading}\n hayabusa.exe pivot-keywords-list [OPTIONS]\n\n{all-args}", term_width = 400, disable_help_flag = true, display_order = 420 @@ -779,7 +778,7 @@ pub enum Action { #[clap( author = "Yamato Security (https://github.com/Yamato-Security/hayabusa - @SecurityYamato)", - help_template = "\nHayabusa v2.9.0 - Autumn Rain Release\n{author-with-newline}\n{usage-heading}\n hayabusa.exe search <--keywords \"\" OR --regex \"\"> [OPTIONS]\n\n{all-args}", + help_template = "\nHayabusa v2.10.0-dev - Dev Build\n{author-with-newline}\n{usage-heading}\n hayabusa.exe search <--keywords \"\" OR --regex \"\"> [OPTIONS]\n\n{all-args}", term_width = 400, disable_help_flag = true, display_order = 450 @@ -789,7 +788,7 @@ pub enum Action { #[clap( author = "Yamato Security (https://github.com/Yamato-Security/hayabusa - @SecurityYamato)", - help_template = "\nHayabusa v2.9.0 - Autumn Rain Release\n{author-with-newline}\n{usage-heading}\n {usage}\n\n{all-args}", + help_template = "\nHayabusa v2.10.0-dev - Dev Build\n{author-with-newline}\n{usage-heading}\n {usage}\n\n{all-args}", term_width = 400, disable_help_flag = true, display_order = 470 @@ -799,7 +798,7 @@ pub enum Action { #[clap( author = "Yamato Security (https://github.com/Yamato-Security/hayabusa - @SecurityYamato)", - help_template = "\nHayabusa v2.9.0 - Autumn Rain Release\n{author-with-newline}\n{usage-heading}\n {usage}\n\n{all-args}", + help_template = "\nHayabusa v2.10.0-dev - Dev Build\n{author-with-newline}\n{usage-heading}\n {usage}\n\n{all-args}", term_width = 400, disable_help_flag = true, display_order = 380 @@ -809,7 +808,7 @@ pub enum Action { #[clap( author = "Yamato Security (https://github.com/Yamato-Security/hayabusa - @SecurityYamato)", - help_template = "\nHayabusa v2.9.0 - Autumn Rain Release\n{author-with-newline}\n{usage-heading}\n {usage}\n\n{all-args}", + help_template = "\nHayabusa v2.10.0-dev - Dev Build\n{author-with-newline}\n{usage-heading}\n {usage}\n\n{all-args}", term_width = 400, disable_help_flag = true, display_order = 451 @@ -827,7 +826,7 @@ pub enum Action { #[clap( author = "Yamato Security (https://github.com/Yamato-Security/hayabusa - @SecurityYamato)", - help_template = "\nHayabusa v2.9.0 - Autumn Rain Release\n{author-with-newline}\n{usage-heading}\n {usage}\n\n{all-args}", + help_template = "\nHayabusa v2.10.0-dev - Dev Build\n{author-with-newline}\n{usage-heading}\n {usage}\n\n{all-args}", term_width = 400, disable_help_flag = true, display_order = 290 @@ -1624,7 +1623,7 @@ pub struct ComputerMetricsOption { #[derive(Parser, Clone, Debug)] #[clap( author = "Yamato Security (https://github.com/Yamato-Security/hayabusa - @SecurityYamato)", - help_template = "\nHayabusa v2.9.0 - Autumn Rain Release\n{author-with-newline}\n{usage-heading}\n hayabusa.exe [OPTIONS]\n hayabusa.exe help \n\n{all-args}{options}", + help_template = "\nHayabusa v2.10.0-dev - Dev Build\n{author-with-newline}\n{usage-heading}\n hayabusa.exe [OPTIONS]\n hayabusa.exe help \n\n{all-args}{options}", term_width = 400, disable_help_flag = true )] @@ -1685,13 +1684,16 @@ impl TargetIds { fn load_target_ids(path: &str) -> TargetIds { let mut ret = TargetIds::default(); - let lines = utils::read_txt(path); // ファイルが存在しなければエラーとする - if lines.is_err() { - AlertMessage::alert(lines.as_ref().unwrap_err()).ok(); - return ret; - } + let lines = match utils::read_txt(path) { + Ok(lines) => lines, + Err(e) => { + // ファイルが存在しなければエラーとする + AlertMessage::alert(&e).ok(); + return ret; + } + }; - for line in lines.unwrap_or_else(|_| Nested::::new()).iter() { + for line in lines.iter() { if line.is_empty() { continue; } @@ -1986,8 +1988,8 @@ pub fn load_eventkey_alias(path: &str) -> EventKeyAliasConfig { // eventkey_aliasが読み込めなかったらエラーで終了とする。 let read_result = utils::read_csv(path); - if read_result.is_err() { - AlertMessage::alert(read_result.as_ref().unwrap_err()).ok(); + if let Err(e) = read_result { + AlertMessage::alert(&e).ok(); return config; } @@ -2017,12 +2019,15 @@ pub fn load_eventkey_alias(path: &str) -> EventKeyAliasConfig { ///設定ファイルを読み込み、keyとfieldsのマップをPIVOT_KEYWORD大域変数にロードする。 pub fn load_pivot_keywords(path: &str) { - let read_result = utils::read_txt(path); - if read_result.is_err() { - AlertMessage::alert(read_result.as_ref().unwrap_err()).ok(); - } + let read_result = match utils::read_txt(path) { + Ok(v) => v, + Err(e) => { + AlertMessage::alert(&e).ok(); + return; + } + }; - read_result.unwrap().iter().for_each(|line| { + read_result.iter().for_each(|line| { let mut map = line.split('.').take(2); if let Some(size) = map.size_hint().1 { if size < 2 { @@ -2466,14 +2471,16 @@ impl EventInfoConfig { fn load_eventcode_info(path: &str) -> EventInfoConfig { let mut infodata = EventInfo::new(); let mut config = EventInfoConfig::new(); - let read_result = utils::read_csv(path); - if read_result.is_err() { - AlertMessage::alert(read_result.as_ref().unwrap_err()).ok(); - return config; - } + let read_result = match utils::read_csv(path) { + Ok(v) => v, + Err(e) => { + AlertMessage::alert(&e).ok(); + return config; + } + }; // channel_eid_info.txtが読み込めなかったらエラーで終了とする。 - read_result.unwrap().iter().for_each(|line| { + read_result.iter().for_each(|line| { if line.len() != 3 { return; } diff --git a/src/detections/detection.rs b/src/detections/detection.rs index 01a096994..73d3fda9e 100644 --- a/src/detections/detection.rs +++ b/src/detections/detection.rs @@ -5,10 +5,10 @@ use crate::detections::utils::{ create_recordinfos, format_time, output_profile_name, write_color_buffer, }; use crate::options::profile::Profile::{ - self, AllFieldInfo, Channel, Computer, EventID, EvtxFile, Level, MitreTactics, MitreTags, - OtherTags, Provider, RecordID, RecoveredRecord, RenderedMessage, RuleAuthor, RuleCreationDate, - RuleFile, RuleID, RuleModifiedDate, RuleTitle, SrcASN, SrcCity, SrcCountry, Status, TgtASN, - TgtCity, TgtCountry, Timestamp, + self, Channel, Computer, EventID, EvtxFile, Level, MitreTactics, MitreTags, OtherTags, + Provider, RecordID, RecoveredRecord, RenderedMessage, RuleAuthor, RuleCreationDate, RuleFile, + RuleID, RuleModifiedDate, RuleTitle, SrcASN, SrcCity, SrcCountry, Status, TgtASN, TgtCity, + TgtCountry, Timestamp, }; use chrono::{TimeZone, Utc}; use compact_str::CompactString; @@ -276,7 +276,6 @@ impl Detection { let tags_config_values: Vec<&CompactString> = TAGS_CONFIG.values().collect(); let binding = STORED_EKEY_ALIAS.read().unwrap(); let eventkey_alias = binding.as_ref().unwrap(); - let mut included_all_field_info_flag = false; let is_json_timeline = matches!(stored_static.config.action, Some(Action::JsonTimeline(_))); for (key, profile) in stored_static.profiles.as_ref().unwrap().iter() { @@ -649,9 +648,6 @@ impl Detection { .entry("SrcCity") .and_modify(|p| *p = SrcCity(src_data.next().unwrap().to_owned().into())); } - AllFieldInfo(_) => { - included_all_field_info_flag = true; - } _ => {} } } @@ -703,7 +699,7 @@ impl Detection { detect_info, time, &profile_converter, - (false, is_json_timeline, included_all_field_info_flag), + (false, is_json_timeline), ( eventkey_alias, &field_data_map_key, @@ -926,7 +922,7 @@ impl Detection { detect_info, agg_result.start_timedate, &profile_converter, - (true, is_json_timeline, false), + (true, is_json_timeline), (eventkey_alias, &field_data_map_key, &None), ) } diff --git a/src/detections/message.rs b/src/detections/message.rs index d61389420..50d338a8b 100644 --- a/src/detections/message.rs +++ b/src/detections/message.rs @@ -24,6 +24,7 @@ use std::sync::Mutex; use termcolor::{BufferWriter, ColorChoice}; use super::configs::EventKeyAliasConfig; +use super::utils::remove_sp_char; #[derive(Debug, Clone, PartialEq, Eq, Default)] pub struct DetectInfo { @@ -78,12 +79,14 @@ pub fn create_output_filter_config( is_lower_case: bool, ) -> HashMap { let mut ret: HashMap = HashMap::new(); - let read_result = utils::read_csv(path); - if read_result.is_err() { - AlertMessage::alert(read_result.as_ref().unwrap_err()).ok(); - return HashMap::default(); - } - read_result.unwrap().iter().for_each(|line| { + let read_result = match utils::read_csv(path) { + Ok(c) => c, + Err(e) => { + AlertMessage::alert(&e).ok(); + return HashMap::default(); + } + }; + read_result.iter().for_each(|line| { if line.len() != 2 { return; } @@ -116,7 +119,7 @@ pub fn insert( mut detect_info: DetectInfo, time: DateTime, profile_converter: &HashMap<&str, Profile>, - (is_agg, is_json_timeline, included_all_field_info): (bool, bool, bool), + (is_agg, is_json_timeline): (bool, bool), (eventkey_alias, field_data_map_key, field_data_map): ( &EventKeyAliasConfig, &FieldDataMapKey, @@ -124,9 +127,10 @@ pub fn insert( ), ) { let mut record_details_info_map = HashMap::new(); + let mut sp_removed_details_in_record = vec![]; if !is_agg { //ここの段階でdetailsの内容でaliasを置き換えた内容と各種、key,valueの組み合わせのmapを取得する - let (removed_sp_parsed_detail, details_in_record) = parse_message( + let (removed_sp_parsed_detail, mut details_in_record) = parse_message( event_record, &output, eventkey_alias, @@ -134,80 +138,57 @@ pub fn insert( field_data_map_key, field_data_map, ); - - let removed_sp_char = |cs: CompactString| -> CompactString { - let mut newline_replaced_cs = cs - .replace('\n', "🛂n") - .replace('\r', "🛂r") - .replace('\t', "🛂t"); - let mut prev = 'a'; - newline_replaced_cs.retain(|ch| { - let retain_flag = (prev == ' ' && ch == ' ') || ch.is_control(); - if !retain_flag { - prev = ch; - } - !retain_flag - }); - newline_replaced_cs.into() - }; - let mut sp_removed_details_in_record = vec![]; - details_in_record.iter().for_each(|v| { - sp_removed_details_in_record.push(removed_sp_char(v.clone())); + details_in_record.drain(..).for_each(|v| { + sp_removed_details_in_record.push(remove_sp_char(v)); }); - record_details_info_map.insert("#Details".into(), sp_removed_details_in_record); + if is_json_timeline { + record_details_info_map.insert("#Details".into(), sp_removed_details_in_record.clone()); + } // 特殊文字の除外のためのretain処理 // Details内にある改行文字は除外しないために絵文字を含めた特殊な文字に変換することで対応する - let parsed_detail = removed_sp_char(removed_sp_parsed_detail); + let parsed_detail = remove_sp_char(removed_sp_parsed_detail); detect_info.detail = if parsed_detail.is_empty() { CompactString::from("-") } else { parsed_detail }; + } else if output != "-" { + record_details_info_map.insert("#Details".into(), vec![output]); + } else if detect_info.detail != "-" { + record_details_info_map.insert("#Details".into(), vec![detect_info.detail.clone()]); + } else { + record_details_info_map.insert("#Details".into(), vec!["-".into()]); } let mut replaced_profiles: Vec<(CompactString, Profile)> = vec![]; + let mut exist_all_field_info_in_ext_field = false; for (key, profile) in detect_info.ext_field.iter() { match profile { Details(_) => { - // Detailsの要素がすでにreplaced_profilesに存在する場合は次の処理に進み - let existed_flag = replaced_profiles - .iter() - .any(|(_, y)| matches!(y, Details(_))); - if existed_flag { - continue; - } if detect_info.detail.is_empty() { //Detailsの中身が何も入っていない場合はそのままの値を入れる replaced_profiles.push((key.to_owned(), profile.to_owned())); } else { - replaced_profiles - .push((key.to_owned(), Details(detect_info.detail.clone().into()))); - detect_info.details_convert_map.insert( - "#Details".into(), - detect_info.detail.split(" ¦ ").map(|x| x.into()).collect(), - ); - if is_agg { - if output != "-" { - record_details_info_map.insert("#Details".into(), vec![output.clone()]); - } else if detect_info.detail != "-" { - record_details_info_map - .insert("#Details".into(), vec![detect_info.detail.clone()]); - } else { - record_details_info_map.insert("#Details".into(), vec!["-".into()]); - } - } + replaced_profiles.push((key.to_owned(), Details(detect_info.detail.into()))); + // メモリの節約のためにDetailsの中身を空にする detect_info.detail = CompactString::default(); } } AllFieldInfo(_) => { + exist_all_field_info_in_ext_field = true; if is_agg { replaced_profiles.push((key.to_owned(), AllFieldInfo("-".into()))); - } else if record_details_info_map.get("#AllFieldInfo").is_some() { - // ExtraFieldInfoの要素の作成の際に、record_details_info_mapに要素を追加しているときにはAllFieldInfoの要素をすでに追加しているためスキップする - continue; } else { - let recinfos = - utils::create_recordinfos(event_record, field_data_map_key, field_data_map); + let recinfos = if let Some(c) = record_details_info_map.get("#AllFieldInfo") { + c.to_owned() + } else { + utils::create_recordinfos(event_record, field_data_map_key, field_data_map) + }; + if is_json_timeline { + record_details_info_map.insert("#AllFieldInfo".into(), recinfos); + replaced_profiles.push((key.to_owned(), AllFieldInfo("".into()))); + continue; + } let rec = if recinfos.is_empty() { "-".to_string() } else if !is_json_timeline { @@ -215,12 +196,7 @@ pub fn insert( } else { String::default() }; - if is_json_timeline { - record_details_info_map.insert("#AllFieldInfo".into(), recinfos); - replaced_profiles.push((key.to_owned(), AllFieldInfo("".into()))); - } else { - replaced_profiles.push((key.to_owned(), AllFieldInfo(rec.into()))); - } + replaced_profiles.push((key.to_owned(), AllFieldInfo(rec.into()))); } } Literal(_) => replaced_profiles.push((key.to_owned(), profile.to_owned())), @@ -235,41 +211,24 @@ pub fn insert( } continue; } - let empty = vec![]; - let record_details_info_ref = record_details_info_map.clone(); - let profile_all_field_info_prof = record_details_info_ref.get("#AllFieldInfo"); - let details_splits: HashSet<&str> = HashSet::from_iter( - record_details_info_ref - .get("#Details") - .unwrap_or(&empty) - .iter() - .map(|x| x.split_once(": ").unwrap_or_default().1), - ); + let profile_all_field_info_prof = record_details_info_map.get("#AllFieldInfo"); + let details_splits: HashSet<&str> = { + let details = sp_removed_details_in_record.iter().map(|x| { + let v = x.split_once(": ").unwrap_or_default().1; + // 末尾のカンマが含まれている場合と含まれていない場合でExtraFieldInfoでの一致判定が変わってしまうため判定用のハッシュセットの末尾のカンマを削除する + v.strip_suffix(',').unwrap_or(v) + }); + HashSet::from_iter(details) + }; let profile_all_field_info = if let Some(all_field_info_val) = profile_all_field_info_prof { all_field_info_val.to_owned() } else { - let recinfos = + let recinfo = utils::create_recordinfos(event_record, field_data_map_key, field_data_map); - let rec = if recinfos.is_empty() { - "-".to_string() - } else if !is_json_timeline { - recinfos.join(" ¦ ") - } else { - String::default() - }; - - if included_all_field_info { - record_details_info_map.insert("#AllFieldInfo".into(), recinfos.clone()); - if is_json_timeline { - replaced_profiles.push((key.to_owned(), AllFieldInfo("".into()))); - } else { - replaced_profiles - .push((key.to_owned(), AllFieldInfo(rec.clone().into()))); - } - } - recinfos + record_details_info_map.insert("#AllFieldInfo".into(), recinfo.clone()); + recinfo }; let extra_field_vec = profile_all_field_info .iter() @@ -313,6 +272,9 @@ pub fn insert( } } } + if !exist_all_field_info_in_ext_field { + record_details_info_map.remove("#AllFieldInfo"); + } detect_info.ext_field = replaced_profiles; detect_info.details_convert_map = record_details_info_map; insert_message(detect_info, time) diff --git a/src/detections/utils.rs b/src/detections/utils.rs index 8da856864..2743fad0a 100644 --- a/src/detections/utils.rs +++ b/src/detections/utils.rs @@ -218,7 +218,7 @@ pub fn get_serde_number_to_string( if value.is_string() { let val_str = value.as_str().unwrap_or(""); if val_str.ends_with(',') { - Some(CompactString::from(val_str.strip_suffix(',').unwrap())) + Some(CompactString::from(val_str)) } else { Option::Some(CompactString::from(val_str)) } @@ -398,11 +398,11 @@ pub fn create_recordinfos( if let Some(converted_str) = convert_field_data(map, field_data_map_key, &key.to_lowercase(), value) { - let val = converted_str.strip_suffix(',').unwrap_or(&converted_str); - return format!("{key}: {val}").into(); + let val = remove_sp_char(converted_str); + return format!("{key}: {val}",).into(); } } - let val = value.strip_suffix(',').unwrap_or(value); + let val = remove_sp_char(value.into()); format!("{key}: {val}").into() }) .collect() @@ -448,8 +448,10 @@ fn _collect_recordinfo<'a>( // 一番子の要素の値しか収集しない let strval = value_to_string(value); if let Some(strval) = strval { - let strval = strval.trim().chars().fold(String::default(), |mut acc, c| { - if c.is_control() || c.is_ascii_whitespace() { + let strval = strval.chars().fold(String::default(), |mut acc, c| { + if (c.is_control() || c.is_ascii_whitespace()) + && !['\r', '\n', '\t'].contains(&c) + { acc.push(' '); } else { acc.push(c); @@ -692,6 +694,22 @@ pub fn output_duration(d: Duration) -> String { format!("{h:02}:{m:02}:{s:02}.{ms:03}") } +pub fn remove_sp_char(record_value: CompactString) -> CompactString { + let mut newline_replaced_cs: String = record_value + .replace('\n', "🛂n") + .replace('\r', "🛂r") + .replace('\t', "🛂t"); + let mut prev = 'a'; + newline_replaced_cs.retain(|ch| { + let retain_flag = (prev == ' ' && ch == ' ') || ch.is_control(); + if !retain_flag { + prev = ch; + } + !retain_flag + }); + newline_replaced_cs.trim().into() +} + #[cfg(test)] mod tests { use std::path::Path; diff --git a/src/options/level_tuning.rs b/src/options/level_tuning.rs index d213fbf00..e8642ba87 100644 --- a/src/options/level_tuning.rs +++ b/src/options/level_tuning.rs @@ -16,14 +16,14 @@ impl LevelTuning { rules_path: &str, stored_static: &StoredStatic, ) -> Result<(), String> { - let read_result = utils::read_csv(level_tuning_config_path); - if read_result.is_err() { - return Result::Err(read_result.as_ref().unwrap_err().to_string()); - } + let read_result = match utils::read_csv(level_tuning_config_path) { + Ok(c) => c, + Err(e) => return Result::Err(e.to_string()), + }; // Read Tuning files let mut tuning_map: HashMap = HashMap::new(); - read_result.unwrap().iter().try_for_each(|line| -> Result<(), String> { + read_result.iter().try_for_each(|line| -> Result<(), String> { // 1つ目の要素も存在しない場合はread_csvの段階で読み飛ばされるためget(0)がNoneにはならない let id = line.get(0).unwrap(); if !configs::IDS_REGEX.is_match(id) {