Moved main package to project's root

Signed-off-by: Quentin JEROME <[email protected]>
0xrawsec · Sep 13, 2023 · 8b3471a · 8b3471a
1 parent d7c0f75
commit 8b3471a
Show file tree

Hide file tree

Showing 7 changed files with 86 additions and 26 deletions.
diff --git a/coverage.sh b/coverage.sh
@@ -1,17 +1,13 @@
 #!/bin/bash
 set -e
 
-pkgs=("./engine" "./reducer")
-
 tmp=$(mktemp -d)
 coverprofile="${tmp}/coverage.out"
 coverage_dir=".github/coverage"
 tmp_out="${tmp}/coverage.txt"
 out="${coverage_dir}/coverage.txt"
-commit=$(git rev-parse HEAD)
-
 
-GOOS=linux go test -short -failfast -coverprofile="${coverprofile}" ${pkgs[*]}
+GOOS=linux go test -short -failfast -coverprofile="${coverprofile}" ./...
 go tool cover -func "${coverprofile}" | tee "${tmp_out}"
 
 mkdir -p "${coverage_dir}"

diff --git a/gene/gene.go → gene.go b/gene/gene.go → gene.go
@@ -15,6 +15,7 @@ import (
 
 	"github.com/0xrawsec/gene/v2/engine"
 	"github.com/0xrawsec/gene/v2/reducer"
+	"github.com/0xrawsec/gene/v2/template"
 	"github.com/0xrawsec/golang-evtx/evtx"
 	"github.com/0xrawsec/golang-utils/args"
 	"github.com/0xrawsec/golang-utils/datastructs"
@@ -89,7 +90,7 @@ func jsonEventGenerator() (ec chan *evtx.GoEvtxMap) {
 				// Printing Progress
 				eventCnt++
 				if flShowProgress && eventCnt >= oldEventCnt {
-					delta := time.Now().Sub(start)
+					delta := time.Since(start)
 					prog.Update(fmt.Sprintf("%d (%2.f EPS)", eventCnt, float64(eventCnt)/delta.Seconds()))
 					prog.Print()
 					oldEventCnt = eventCnt + cntChunk
@@ -122,7 +123,7 @@ func evtxEventGenerator() (ec chan *evtx.GoEvtxMap) {
 			for event := range ef.UnorderedEvents() {
 				eventCnt++
 				if flShowProgress && eventCnt >= oldEventCnt {
-					delta := time.Now().Sub(start)
+					delta := time.Since(start)
 					prog.Update(fmt.Sprintf("%d (%2.f EPS)", eventCnt, float64(eventCnt)/delta.Seconds()))
 					prog.Print()
 					oldEventCnt = eventCnt + cntChunk
@@ -142,9 +143,8 @@ func printInfo(writer io.Writer) {
 }
 
 var (
-	criticalityPath = evtx.Path("/Event/GeneInfo/Criticality")
-	sigPath         = evtx.Path("/Event/GeneInfo/Signature")
-	computerPath    = evtx.Path("/Event/System/Computer")
+	sigPath      = evtx.Path("/Event/GeneInfo/Signature")
+	computerPath = evtx.Path("/Event/System/Computer")
 )
 
 func reduce(e *engine.Engine) {
@@ -218,8 +218,6 @@ var (
 	rulesPath string
 	ruleExts  = args.ListVar{".gen", ".gene"}
 	jobs      = 1
-
-	tplExt = ".toml"
 )
 
 func main() {
@@ -284,17 +282,16 @@ func main() {
 
 	// Display rule template and exit if template flag
 	if flTemplate {
-		r := engine.NewRule()
-		r.Name = "ReplaceRuleName"
-		// metadata
-		r.Meta.Events["SomeEventSource"] = []int64{42}
-		r.Meta.Attack = append(r.Meta.Attack, engine.Attack{})
-		r.Meta.OSs = []string{"linux", "windows"}
-		r.Meta.Criticality = 5
+
+		r := engine.Rule{}
+		json.Unmarshal([]byte(template.RuleTemplate), &r)
+
+		// marshaling the stuff out
 		b, err := json.Marshal(r)
 		if err != nil {
 			log.Abort(exitFail, err)
 		}
+
 		fmt.Println(string(b))
 		os.Exit(exitSuccess)
 	}
@@ -360,7 +357,7 @@ func main() {
 
 	// actual rule loading
 	if err := e.LoadDirectory(realPath); err != nil {
-		log.Abort(exitFail, fmt.Errorf("Failed at loading rule directory %s: %s", realPath, err))
+		log.Abort(exitFail, fmt.Errorf("failed at loading rule directory %s: %s", realPath, err))
 	}
 
 	// Show message about successfuly compiled rules
@@ -369,7 +366,7 @@ func main() {
 	// If we just wanted to verify the rules, we should exit whatever
 	// the status of the compilation
 	if flVerify {
-		log.Infof("Rule(s) compilation: SUCCESSFUL")
+		log.Infof("Rule(s) compilation: SUCCESSFUL")
 		os.Exit(exitSuccess)
 	}
 
@@ -395,7 +392,7 @@ func main() {
 		tags := e.Tags()
 		sort.Strings(tags)
 		for _, t := range tags {
-			fmt.Println(fmt.Sprintf("\t%s", t))
+			fmt.Printf("\t%s\n", t)
 		}
 		os.Exit(exitSuccess)
 	}

diff --git a/make.sh b/make.sh
diff --git a/gene/makefile → makefile b/gene/makefile → makefile
@@ -51,4 +51,4 @@ ci-build: buildversion
 	go build $(OPTS) -o $(shell mktemp) ./
 
 clean:
-	rm -rf $(RELEASE)/*
+	rm -rf $(RELEASE)/*
diff --git a/template/template.go b/template/template.go
@@ -0,0 +1,47 @@
+package template
+
+var (
+	RuleTemplate = `
+{
+  "Name": "RuleName",
+  "Tags": [],
+  "Meta": {
+    "LogType": "winevt",
+    "Events": {
+      "SomeEventSource": [
+        42
+      ]
+    },
+    "OSs": [
+      "linux",
+      "windows"
+    ],
+    "Computers": [],
+    "ATTACK": [
+      {
+        "ID": "T4242",
+        "Tactic": "",
+        "Reference": "https://attack.mitre.org/T4242"
+      }
+    ],
+    "Criticality": 5,
+    "Disable": false,
+    "Filter": false,
+    "Schema": "2.0.0",
+    "Authors": [
+      "@rawsec"
+    ],
+    "Comments": [
+      "Rule catching technique documented in the following link",
+      "https://super.ttp.com"
+    ]
+  },
+  "Matches": [
+    "$a: SomeField = '42'",
+    "$b: /Absolute/Field/Path ~= 'SomeRegex'"
+  ],
+  "Condition": "$a or $b",
+  "Actions": []
+}
+	`
+)
diff --git a/template/template_test.go b/template/template_test.go
@@ -0,0 +1,17 @@
+package template
+
+import (
+	"testing"
+
+	"github.com/0xrawsec/gene/v2/engine"
+	"github.com/0xrawsec/toast"
+)
+
+// we make sure rule Template compiles properly
+func TestTemplate(t *testing.T) {
+	tt := toast.FromT(t)
+
+	e := engine.NewEngine()
+
+	tt.CheckErr(e.LoadString(RuleTemplate))
+}
diff --git a/version.go b/version.go
@@ -0,0 +1,6 @@
+package main
+
+const(
+    version="2.3.0"
+    commitID="d7c0f7585397ff99ac1ed8038204c41599314cc3"
+)