From a8cac1eec09e14349369004b4a87efc0315e4ab4 Mon Sep 17 00:00:00 2001 From: DustInDark <2350416+hitenkoku@users.noreply.github.com> Date: Fri, 2 Feb 2024 02:33:12 +0900 Subject: [PATCH 1/2] fix(search): removed newline characters in search command output #1253 --- src/detections/configs.rs | 4 ++++ src/timeline/search.rs | 17 +++++++++++++---- 2 files changed, 17 insertions(+), 4 deletions(-) diff --git a/src/detections/configs.rs b/src/detections/configs.rs index 89495ad49..d7c2b3666 100644 --- a/src/detections/configs.rs +++ b/src/detections/configs.rs @@ -35,6 +35,10 @@ lazy_static! { Regex::new(r"^[0-9a-z]{8}-[0-9a-z]{4}-[0-9a-z]{4}-[0-9a-z]{4}-[0-9a-z]{12}$").unwrap(); pub static ref CONTROL_CHAT_REPLACE_MAP: HashMap = create_control_chat_replace_map(); + pub static ref ALLFIELDINFO_SPECIAL_CHARS: AhoCorasick = AhoCorasickBuilder::new() + .match_kind(MatchKind::LeftmostLongest) + .build(["๐Ÿ›‚r", "๐Ÿ›‚n", "๐Ÿ›‚t"]) + .unwrap(); } pub struct ConfigReader { diff --git a/src/timeline/search.rs b/src/timeline/search.rs index 567cd7614..7f16b9e32 100644 --- a/src/timeline/search.rs +++ b/src/timeline/search.rs @@ -1,4 +1,4 @@ -use crate::detections::configs::OutputOption; +use crate::detections::configs::{OutputOption, ALLFIELDINFO_SPECIAL_CHARS}; use crate::detections::field_data_map::FieldDataMapKey; use crate::detections::message; use crate::detections::utils::format_time; @@ -180,14 +180,18 @@ impl EventSearch { if search_condition(keywords) { let (timestamp, hostname, channel, eventid, recordid, allfieldinfo) = extract_search_event_info(record, eventkey_alias, output_option); - + let allfieldinfo_newline_splited = ALLFIELDINFO_SPECIAL_CHARS + .replace_all(&allfieldinfo, &["๐Ÿฆ…", "๐Ÿฆ…", "๐Ÿฆ…"]) + .split('๐Ÿฆ…') + .filter(|x| !x.is_empty()) + .join(" "); self.search_result.insert(( timestamp, hostname, channel, eventid, recordid, - allfieldinfo, + allfieldinfo_newline_splited.into(), self.filepath.clone(), )); } @@ -222,13 +226,18 @@ impl EventSearch { if re.is_match(&record.data_string) { let (timestamp, hostname, channel, eventid, recordid, allfieldinfo) = extract_search_event_info(record, eventkey_alias, output_option); + let allfieldinfo_newline_splited = ALLFIELDINFO_SPECIAL_CHARS + .replace_all(&allfieldinfo, &["๐Ÿฆ…", "๐Ÿฆ…", "๐Ÿฆ…"]) + .split('๐Ÿฆ…') + .filter(|x| !x.is_empty()) + .join(" "); self.search_result.insert(( timestamp, hostname, channel, eventid, recordid, - allfieldinfo, + allfieldinfo_newline_splited.into(), self.filepath.clone(), )); } From c6b3378afb57805dfda7e6f3adf831040f762608 Mon Sep 17 00:00:00 2001 From: DustInDark <2350416+hitenkoku@users.noreply.github.com> Date: Fri, 2 Feb 2024 02:35:49 +0900 Subject: [PATCH 2/2] docs(CHANGELOG): added #1253 --- CHANGELOG-Japanese.md | 2 +- CHANGELOG.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/CHANGELOG-Japanese.md b/CHANGELOG-Japanese.md index f9de8457d..c006dea9d 100644 --- a/CHANGELOG-Japanese.md +++ b/CHANGELOG-Japanese.md @@ -16,7 +16,7 @@ **ใƒใ‚ฐไฟฎๆญฃ:** -- XXX +- `search`ใ‚ณใƒžใƒณใƒ‰ใฎๅ‡บๅŠ›ใซๅ…ฅใฃใฆใ„ใ‚‹ไธ่ฆใชๆ”น่กŒๆ–‡ๅญ—ใ‚’ๅ‰Š้™คใ—ใŸใ€‚ (#1253) (@hitenkoku) **ใใฎไป–:** diff --git a/CHANGELOG.md b/CHANGELOG.md index 35da39892..d98cda746 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -16,7 +16,7 @@ **Bug Fixes:** -- XXX +- Removed newline characters in `search` command output. (#1253) (@hitenkoku) **Other:**