Skip to content

Commit

Permalink
prepare for rust 2024
Browse files Browse the repository at this point in the history
  • Loading branch information
@YamatoSecurity
YamatoSecurity committed Nov 28, 2024
1 parent aabad83 commit 581d7ec
Show file tree
Hide file tree
Showing 22 changed files with 123 additions and 124 deletions.
45 changes: 24 additions & 21 deletions Cargo.lock
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

6 changes: 3 additions & 3 deletions src/detections/configs.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -314,12 +314,12 @@ impl StoredStatic {
} else {
&fs::read_to_string(geo_ip_file_path).unwrap()
};
let geo_ip_mapping = if let Ok(loaded_yaml) = YamlLoader::load_from_str(contents) {
let geo_ip_mapping = match YamlLoader::load_from_str(contents) { Ok(loaded_yaml) => {
loaded_yaml
} else {
} _ => {
AlertMessage::alert("Parse error in geoip_field_mapping.yaml.").ok();
YamlLoader::load_from_str("").unwrap()
};
}};
let target_map = &geo_ip_mapping[0];
let empty_yaml_vec: Vec<Yaml> = vec![];
*GEOIP_FILTER.write().unwrap() = Some(
Expand Down
9 changes: 4 additions & 5 deletions src/detections/detection.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -549,17 +549,16 @@ impl Detection {
.insert("RecoveredRecord", RecoveredRecord(recovered_record.into()));
}
RenderedMessage(_) => {
let convert_value = if let Some(message) =
record_info.record["Event"]["RenderingInfo"]["Message"].as_str()
{
let convert_value = match record_info.record["Event"]["RenderingInfo"]["Message"].as_str()
{ Some(message) => {
message
.replace('\t', "\\t")
.split("\r\n")
.map(|x| x.trim())
.join("\\r\\n")
} else {
} _ => {
"n/a".into()
};
}};
profile_converter.insert(key.as_str(), RenderedMessage(convert_value.into()));
}
TgtASN(_) | TgtCountry(_) | TgtCity(_) => {
Expand Down
16 changes: 8 additions & 8 deletions src/detections/field_data_map.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -47,22 +47,22 @@ impl FieldDataMapKey {

fn build_field_data_map(yaml_data: Yaml) -> (FieldDataMapKey, FieldDataMapEntry) {
let rewrite_field_data = yaml_data["RewriteFieldData"].as_hash();
let hex2decimal = if let Some(s) = yaml_data["HexToDecimal"].as_str() {
let hex2decimal = match yaml_data["HexToDecimal"].as_str() { Some(s) => {
Some(YamlLoader::load_from_str(s).unwrap_or_default())
} else {
} _ => {
yaml_data["HexToDecimal"].as_vec().map(|v| v.to_owned())
};
}};
if rewrite_field_data.is_none() && hex2decimal.is_none() {
return (FieldDataMapKey::default(), FieldDataMapEntry::default());
}
let mut providers = HashSet::new();
if let Some(providers_yaml) = yaml_data["Provider_Name"].as_vec() {
match yaml_data["Provider_Name"].as_vec() { Some(providers_yaml) => {
for provider in providers_yaml {
providers.insert(provider.as_str().unwrap_or_default().to_string());
}
} else if let Some(provider_name) = yaml_data["Provider_Name"].as_str() {
} _ => { match yaml_data["Provider_Name"].as_str() { Some(provider_name) => {
providers.insert(provider_name.to_string());
}
} _ => {}}}}
let mut mapping = HashMap::new();
if let Some(x) = rewrite_field_data {
for (key_yaml, val_yaml) in x.iter() {
Expand Down Expand Up @@ -96,9 +96,9 @@ fn build_field_data_map(yaml_data: Yaml) -> (FieldDataMapKey, FieldDataMapEntry)

if let Some(fields) = hex2decimal {
for field in fields {
if let Some(key) = field.as_str() {
match field.as_str() { Some(key) => {
mapping.insert(key.to_lowercase(), HexToDecimal);
}
} _ => {}}
}
}
(FieldDataMapKey::new(yaml_data), mapping)
Expand Down
12 changes: 6 additions & 6 deletions src/detections/field_extract.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -33,14 +33,14 @@ fn extract_powershell_classic_fields(
break;
}
}
if let Some(Value::Object(fields)) = extracted_fields {
match extracted_fields { Some(Value::Object(fields)) => {
for (key, val) in fields {
map.insert(key.clone(), val.clone());
if let Value::String(s) = val {
match val { Value::String(s) => {
key_2_values.insert(key, s.to_string());
}
} _ => {}}
}
}
} _ => {}}
}
Value::Array(vec) => {
if let Some(val) = vec.get(data_index) {
Expand All @@ -51,9 +51,9 @@ fn extract_powershell_classic_fields(
.map(|s| s.trim_end_matches("\r\n").trim_end_matches('\r'))
.filter_map(|s| s.split_once('='))
.collect();
if let Ok(extracted_fields) = serde_json::to_value(fields_data) {
match serde_json::to_value(fields_data) { Ok(extracted_fields) => {
return Some(extracted_fields);
}
} _ => {}}
}
}
}
Expand Down
10 changes: 5 additions & 5 deletions src/detections/message.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -197,11 +197,11 @@ pub fn create_message(
);
}
} else {
let recinfos = if let Some(c) = record_details_info_map.get("#AllFieldInfo") {
let recinfos = match record_details_info_map.get("#AllFieldInfo") { Some(c) => {
c.to_owned()
} else {
} _ => {
utils::create_recordinfos(event_record, field_data_map_key, field_data_map)
};
}};
if is_json_timeline {
record_details_info_map.insert("#AllFieldInfo".into(), recinfos);
replaced_profiles.push((key.to_owned(), AllFieldInfo("".into())));
Expand Down Expand Up @@ -347,7 +347,7 @@ pub fn parse_message(
}
let hash_value = get_serde_number_to_string(tmp_event_record, false);
if hash_value.is_some() {
if let Some(hash_value) = hash_value {
match hash_value { Some(hash_value) => {
let field_data = if field_data_map.is_none() || field.is_empty() {
hash_value
} else {
Expand All @@ -368,7 +368,7 @@ pub fn parse_message(
[field_data.split_ascii_whitespace().join(" ").into()].to_vec(),
));
}
}
} _ => {}}
} else {
hash_map.push((
CompactString::from(full_target_str),
Expand Down
6 changes: 3 additions & 3 deletions src/detections/rule/condition_parser.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -136,11 +136,11 @@ impl ConditionCompiler {
};

let result = self.compile_condition_body(&replaced_condition, name_2_node);
if let Result::Err(msg) = result {
match result { Result::Err(msg) => {
Result::Err(format!("A condition parse error has occurred. {msg}"))
} else {
} _ => {
result
}
}}
}

// all of selection* と 1 of selection* を通常のand/orに変換する
Expand Down
8 changes: 4 additions & 4 deletions src/detections/rule/correlation_parser.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,11 +28,11 @@ fn is_referenced_rule(rule_node: &RuleNode, id_or_title: &str) -> bool {
return true;
}
}
if let Some(title) = hash.get(&Yaml::String("name".to_string())) {
match hash.get(&Yaml::String("name".to_string())) { Some(title) => {
if title.as_str() == Some(id_or_title) {
return true;
}
}
} _ => {}}
}
false
}
Expand Down Expand Up @@ -78,13 +78,13 @@ fn parse_condition(
) -> Result<(AggregationConditionToken, i64, Option<String>), Box<dyn Error>> {
if let Some(hash) = yaml.as_hash() {
let rule_type = hash.get(&Yaml::String("type".to_string()));
if let Some(condition) = hash.get(&Yaml::String("condition".to_string())) {
match hash.get(&Yaml::String("condition".to_string())) { Some(condition) => {
if let Some(condition_hash) = condition.as_hash() {
let pair: Vec<(&Yaml, &Yaml)> = condition_hash.iter().collect();
let field = find_condition_field_value(rule_type, pair.clone());
return process_condition_pairs(pair, field);
}
}
} _ => {}}
}
Err("Failed to parse condition".into())
}
Expand Down
6 changes: 3 additions & 3 deletions src/detections/rule/matchers.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -454,15 +454,15 @@ impl LeafMatcher for DefaultMatcher {
for p in pattern {
let pattern = DefaultMatcher::from_pattern_to_regex_str(p, &self.pipes);
// Pipeで処理されたパターンを正規表現に変換
if let Ok(re_result) = Regex::new(&pattern) {
match Regex::new(&pattern) { Ok(re_result) => {
re_result_vec.push(re_result);
} else {
} _ => {
let errmsg = format!(
"Cannot parse regex. [regex:{pattern}, key:{}]",
utils::concat_selection_key(key_list)
);
return Err(vec![errmsg]);
}
}}
}
self.re = Some(re_result_vec);
}
Expand Down
10 changes: 5 additions & 5 deletions src/detections/rule/mod.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -228,11 +228,11 @@ impl DetectionNode {
let mut err_msgs = vec![];
let compiler = condition_parser::ConditionCompiler::new();
let compile_result = compiler.compile_condition(condition_str, &self.name_to_selection);
if let Result::Err(err_msg) = compile_result {
match compile_result { Result::Err(err_msg) => {
err_msgs.extend(vec![err_msg]);
} else {
} _ => {
self.condition = Option::Some(compile_result.unwrap());
}
}}

// aggregation condition(conditionのパイプ以降の部分)をパース
let agg_compiler = aggregation_parser::AggegationConditionCompiler::new();
Expand Down Expand Up @@ -286,7 +286,7 @@ impl DetectionNode {

// パースして、エラーメッセージがあれば配列にためて、戻り値で返す。
let selection_node = self.parse_selection(&detection_hash[key]);
if let Some(node) = selection_node {
match selection_node { Some(node) => {
let mut selection_node = node;
let init_result = selection_node.init();
if let Err(err_detail) = init_result {
Expand All @@ -296,7 +296,7 @@ impl DetectionNode {
self.name_to_selection
.insert(name.to_string(), rc_selection);
}
}
} _ => {}}
}
if !err_msgs.is_empty() {
return Result::Err(err_msgs);
Expand Down
4 changes: 2 additions & 2 deletions src/detections/rule/selectionnodes.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -452,10 +452,10 @@ impl SelectionNode for LeafSelectionNode {
&& !self.key_list.is_empty()
&& !self.key_list[0].contains("|")
{
if let Some(event_id) = self.select_value.as_i64() {
match self.select_value.as_i64() { Some(event_id) => {
// 正規表現は重いので、数値のEventIDのみ文字列完全一致で判定
return event_value.unwrap_or(&String::default()) == &event_id.to_string();
}
} _ => {}}
}
if !self.key_list.is_empty() && self.key_list[0].eq("|all") {
event_value = Some(&event_record.data_string);
Expand Down
Loading

0 comments on commit 581d7ec

Please sign in to comment.