refactor mactime2 layout

dfir-dd · Sep 25, 2023 · 2a6e2eb · 2a6e2eb
1 parent 7eb7bb8
commit 2a6e2eb
Show file tree

Hide file tree

Showing 16 changed files with 127 additions and 85 deletions.
diff --git a/src/bin/evtxanalyze/sessions/session_as_csv.rs b/src/bin/evtxanalyze/sessions/session_as_csv.rs
@@ -42,5 +42,5 @@ fn serialize_timestamp<S>(ts: &DateTime<Utc>, s: S) -> Result<S::Ok, S::Error>
 where
     S: Serializer,
 {
-    s.serialize_str(&ts.format("%Y-%m-%dT%H:%M:%S%z").to_string())
+    s.serialize_str(&ts.format("%Y-%m-%dT%H:%M:%S").to_string())
 }
diff --git a/src/bin/mactime2/application.rs b/src/bin/mactime2/application.rs
@@ -3,6 +3,7 @@ use chrono::{LocalResult, NaiveDateTime};
 use chrono_tz::Tz;
 use clap::ValueEnum;
 use clio::Input;
+use strum_macros::Display;
 
 use super::bodyfile::{BodyfileDecoder, BodyfileReader, BodyfileSorter};
 use super::cli::Cli;
@@ -11,22 +12,30 @@ use super::filter::{Consumer, Joinable, Provider, RunOptions, Sorter};
 use super::output::{CsvOutput, JsonSorter, TxtOutput};
 use super::stream::StreamReader;
 
-#[derive(ValueEnum, Clone)]
-pub enum InputFormat {
-    BODYFILE,
+#[derive(ValueEnum, Clone, Display)]
+enum InputFormat {
+    #[strum(serialize = "bodyfile")]
+    Bodyfile,
 
     #[cfg(feature = "elastic")]
-    JSON,
+    #[strum(serialize = "json")]
+    Json,
 }
 
-#[derive(ValueEnum, Clone)]
-pub enum OutputFormat {
-    CSV,
-    TXT,
-    JSON,
+#[derive(ValueEnum, Clone, Display)]
+pub (crate) enum OutputFormat {
+    #[strum(serialize = "csv")]
+    Csv,
+
+    #[strum(serialize = "txt")]
+    Txt,
+
+    #[strum(serialize = "json")]
+    Json,
 
     #[cfg(feature = "elastic")]
-    ELASTIC,
+    #[strum(serialize = "elastic")]
+    Elastic,
 }
 
 //#[derive(Builder)]
@@ -48,15 +57,15 @@ impl Mactime2Application {
             src_zone: self.src_zone,
         };
 
-        if matches!(self.format, OutputFormat::JSON) {
+        if matches!(self.format, OutputFormat::Json) {
             Box::new(JsonSorter::with_receiver(decoder.get_receiver(), options))
         } else {
             let mut sorter =
                 BodyfileSorter::default().with_receiver(decoder.get_receiver(), options);
 
             sorter = sorter.with_output(match self.format {
-                OutputFormat::CSV => Box::new(CsvOutput::new(self.src_zone, self.dst_zone)),
-                OutputFormat::TXT => Box::new(TxtOutput::new(self.src_zone, self.dst_zone)),
+                OutputFormat::Csv => Box::new(CsvOutput::new(self.src_zone, self.dst_zone)),
+                OutputFormat::Txt => Box::new(TxtOutput::new(self.src_zone, self.dst_zone)),
                 _ => panic!("invalid execution path"),
             });
             Box::new(sorter)
@@ -105,11 +114,11 @@ impl From<Cli> for Mactime2Application {
             Some(f) => f,
             None => {
                 if cli.csv_format {
-                    OutputFormat::CSV
+                    OutputFormat::Csv
                 } else if cli.json_format {
-                    OutputFormat::JSON
+                    OutputFormat::Json
                 } else {
-                    OutputFormat::TXT
+                    OutputFormat::Txt
                 }
             }
         };

diff --git a/src/bin/mactime2/bodyfile/bodyfile_decoder.rs b/src/bin/mactime2/bodyfile/bodyfile_decoder.rs
@@ -1,5 +1,5 @@
-use crate::apps::mactime2::filter::{Consumer, Filter, Joinable, Provider, RunOptions};
-use crate::common::bodyfile::Bodyfile3Line;
+use crate::filter::{Consumer, Filter, Joinable, Provider, RunOptions};
+use dfir_toolkit::common::bodyfile::Bodyfile3Line;
 use std::convert::TryFrom;
 use std::sync::mpsc::{self, Receiver, Sender};
 use std::thread::JoinHandle;

diff --git a/src/bin/mactime2/bodyfile/bodyfile_reader.rs b/src/bin/mactime2/bodyfile/bodyfile_reader.rs
@@ -3,8 +3,8 @@ use std::io::{BufRead, BufReader, Read};
 use std::sync::mpsc::{Receiver, Sender};
 use std::thread::JoinHandle;
 
-use crate::apps::mactime2::filter::{Joinable, Provider};
-use crate::apps::mactime2::stream::{StreamReader, StreamWorker};
+use crate::filter::{Joinable, Provider};
+use crate::stream::{StreamReader, StreamWorker};
 
 pub struct BodyfileReader {
     worker: Option<JoinHandle<()>>,

diff --git a/src/bin/mactime2/bodyfile/bodyfile_sorter.rs b/src/bin/mactime2/bodyfile/bodyfile_sorter.rs
@@ -1,13 +1,13 @@
-use crate::common::bodyfile::Bodyfile3Line;
+use dfir_toolkit::common::bodyfile::Bodyfile3Line;
 use std::borrow::Borrow;
 use std::cmp::Ordering;
 use std::collections::{BTreeMap, HashSet};
 use std::sync::mpsc::Receiver;
 use std::sync::Arc;
 use std::thread::JoinHandle;
 
-use crate::apps::mactime2::error::MactimeError;
-use crate::apps::mactime2::filter::{Joinable, RunOptions, Runnable, Sorter};
+use crate::error::MactimeError;
+use crate::filter::{Joinable, RunOptions, Runnable, Sorter};
 
 use super::MACBFlags;
 
@@ -134,7 +134,6 @@ impl BodyfileSorter {
                         bf.get_name(),
                         bf.get_inode()
                     );
-                    //return Err(MactimeError::AmbiguousFilename(bf.get_name().to_owned()))
                 }
                 names.insert((bf.get_inode().to_owned(), bf.get_name().to_owned()));
             } // delete the borrow to line

diff --git a/src/bin/mactime2/cli.rs b/src/bin/mactime2/cli.rs
@@ -3,7 +3,7 @@ use clio::Input;
 use log::LevelFilter;
 use chrono_tz::Tz;
 
-use crate::common::{HasVerboseFlag,TzArgument};
+use dfir_toolkit::common::{HasVerboseFlag,TzArgument};
 
 use super::OutputFormat;
 

diff --git a/src/bin/mactime2/error.rs b/src/bin/mactime2/error.rs
@@ -2,6 +2,4 @@ use thiserror::Error;
 
 #[derive(Error, Debug)]
 pub enum MactimeError {
-    #[error("ambigious file name: '{0}'")]
-    AmbiguousFilename(String),
 }
diff --git a/src/bin/mactime2/main.rs b/src/bin/mactime2/main.rs
@@ -1,9 +1,17 @@
+mod application;
+mod stream;
+mod bodyfile;
+mod error;
+mod filter;
+mod output;
+mod cli;
+
+use application::*;
+use cli::*;
+
 use anyhow::Result;
 use dfir_toolkit::common::{FancyParser, TzArgument};
 
-use dfir_toolkit::apps::mactime2::Cli;
-use dfir_toolkit::apps::mactime2::Mactime2Application;
-
 fn main() -> Result<()> {
     let cli: Cli = Cli::parse_cli();
 

diff --git a/src/bin/mactime2/mod.rs b/src/bin/mactime2/mod.rs
diff --git a/src/bin/mactime2/output/csv_output.rs b/src/bin/mactime2/output/csv_output.rs
@@ -1,22 +1,25 @@
 use chrono_tz::Tz;
 
-use crate::apps::mactime2::{bodyfile::{Mactime2Writer, ListEntry}, Mactime2Application};
+use crate::{
+    bodyfile::{ListEntry, Mactime2Writer},
+    Mactime2Application,
+};
 
-pub struct CsvOutput {
-    src_zone: Tz, dst_zone: Tz
+pub (crate) struct CsvOutput {
+    src_zone: Tz,
+    dst_zone: Tz,
 }
 
 impl CsvOutput {
     pub fn new(src_zone: Tz, dst_zone: Tz) -> Self {
-        Self {
-            src_zone, dst_zone
-        }
+        Self { src_zone, dst_zone }
     }
 }
 
 impl Mactime2Writer for CsvOutput {
     fn fmt(&self, timestamp: &i64, entry: &ListEntry) -> String {
-        let timestamp = Mactime2Application::format_date(*timestamp, &self.src_zone, &self.dst_zone);
+        let timestamp =
+            Mactime2Application::format_date(*timestamp, &self.src_zone, &self.dst_zone);
         format!(
             "{},{},{},{},{},{},{},\"{}\"",
             timestamp,
@@ -33,16 +36,16 @@ impl Mactime2Writer for CsvOutput {
 
 #[cfg(test)]
 mod tests {
-    use crate::apps::mactime2::bodyfile::ListEntry;
-    use crate::apps::mactime2::bodyfile::MACBFlags;
-    use crate::apps::mactime2::bodyfile::Mactime2Writer;
+    use crate::bodyfile::ListEntry;
+    use crate::bodyfile::MACBFlags;
+    use crate::bodyfile::Mactime2Writer;
 
     use super::CsvOutput;
     use chrono::DateTime;
-    use chrono_tz::TZ_VARIANTS;
     use chrono_tz::Tz;
+    use chrono_tz::TZ_VARIANTS;
+    use dfir_toolkit::common::bodyfile::Bodyfile3Line;
     use std::sync::Arc;
-    use crate::common::bodyfile::Bodyfile3Line;
 
     fn random_tz() -> Tz {
         let index = rand::random::<usize>() % TZ_VARIANTS.len();
@@ -58,13 +61,20 @@ mod tests {
             let bf_line = Bodyfile3Line::new().with_crtime(unix_ts);
             let entry = ListEntry {
                 flags: MACBFlags::B,
-                line: Arc::new(bf_line)
+                line: Arc::new(bf_line),
             };
 
             let out_line = output.fmt(&unix_ts, &entry);
             let out_ts = out_line.split(',').next().unwrap();
             let rfc3339 = DateTime::parse_from_rfc3339(out_ts).expect(out_ts);
-            assert_eq!(unix_ts, rfc3339.timestamp(), "Timestamp {} converted to '{}' and back to {}", unix_ts, out_ts, rfc3339.timestamp());
+            assert_eq!(
+                unix_ts,
+                rfc3339.timestamp(),
+                "Timestamp {} converted to '{}' and back to {}",
+                unix_ts,
+                out_ts,
+                rfc3339.timestamp()
+            );
         }
     }
 
@@ -78,18 +88,22 @@ mod tests {
             let bf_line = Bodyfile3Line::new().with_crtime(unix_ts);
             let entry = ListEntry {
                 flags: MACBFlags::B,
-                line: Arc::new(bf_line)
+                line: Arc::new(bf_line),
             };
 
             let out_line = output.fmt(&unix_ts, &entry);
             let out_ts = out_line.split(',').next().unwrap();
             let rfc3339 = match DateTime::parse_from_rfc3339(out_ts) {
                 Ok(ts) => ts,
-                Err(e) => return Err(format!("error while parsing '{}': {}", out_ts, e))
+                Err(e) => return Err(format!("error while parsing '{}': {}", out_ts, e)),
             };
             let offset = rfc3339.offset().local_minus_utc() as i64;
             let calculated_ts = rfc3339.timestamp() + offset;
-            assert_eq!(unix_ts, calculated_ts, "Timestamp {} converted to '{}' and back to {} (offset was {}s)", unix_ts, out_ts, calculated_ts, offset);
+            assert_eq!(
+                unix_ts, calculated_ts,
+                "Timestamp {} converted to '{}' and back to {} (offset was {}s)",
+                unix_ts, out_ts, calculated_ts, offset
+            );
         }
         Ok(())
     }

diff --git a/src/bin/mactime2/output/json_sorter.rs b/src/bin/mactime2/output/json_sorter.rs
@@ -5,12 +5,14 @@ use std::{
     thread::JoinHandle,
 };
 
-use crate::common::bodyfile::Bodyfile3Line;
 use chrono_tz::Tz;
-use crate::es4forensics::{objects::PosixFile, TimelineObject, Timestamp};
+use dfir_toolkit::{
+    common::bodyfile::Bodyfile3Line,
+    es4forensics::{objects::PosixFile, Timestamp, TimelineObject},
+};
 use std::convert::TryFrom;
 
-use crate::apps::mactime2::{
+use crate::{
     error::MactimeError,
     filter::RunOptions,
     filter::{Consumer, Joinable, Runnable, Sorter},

diff --git a/src/bin/mactime2/output/mod.rs b/src/bin/mactime2/output/mod.rs
@@ -2,6 +2,6 @@ mod csv_output;
 mod txt_output;
 mod json_sorter;
 
-pub use csv_output::*;
-pub use txt_output::*;
-pub use json_sorter::*;
+pub (crate) use csv_output::*;
+pub (crate) use txt_output::*;
+pub (crate) use json_sorter::*;