Feature/read dir#11 (#16)

* add info println function #9 * change println macro to function in function #9 * add warn message function #9 * change println macro to function in struct #9 * add dirpath option #11 * add process case of read-dir error #11 * add feature of read event file in directory #11 * add dir test case #11 * fixed directory option name #11 * add print separate #11 * change print! to println! #11
Yamato-Security · Apr 6, 2021 · 2368d4d · 2368d4d
1 parent 8acfb17
commit 2368d4d
Show file tree

Hide file tree

Showing 5 changed files with 66 additions and 0 deletions.
diff --git a/src/detections/configs.rs b/src/detections/configs.rs
@@ -48,6 +48,9 @@ fn build_app() -> clap::App<'static, 'static> {
         .arg(Arg::from_usage(
             "-f --filepath=[FILEPATH] 'analyze event file'",
         ))
+        .arg(Arg::from_usage(
+            "-d --dirpath=[DIRECTORYPATH] 'analyze event log files in directory'",
+        ))
         .arg(Arg::from_usage("-c --credits 'print credits infomation'"))
 }
 

diff --git a/src/main.rs b/src/main.rs
@@ -9,6 +9,14 @@ use std::{fs, path::PathBuf, process};
 fn main() {
     if let Some(filepath) = configs::singleton().args.value_of("filepath") {
         parse_file(&filepath.to_string());
+    } else if let Some(dirpath) = configs::singleton().args.value_of("dirpath") {
+        let target_paths = parse_dir(&dirpath.to_string());
+        for target_path in target_paths {
+            println!("---------------------");
+            println!("{}", target_path.display().to_string());
+            parse_file(&target_path.display().to_string());
+            println!("---------------------");
+        }
     }
 
     if configs::singleton().args.is_present("credits") {
@@ -46,3 +54,58 @@ fn parse_file(filepath: &str) {
     let mut detection = detection::Detection::new();
     &detection.start(parser);
 }
+
+fn parse_dir(dirpath: &str) -> Vec<PathBuf> {
+    let input_dir = fs::read_dir(dirpath);
+    if input_dir.is_err() {
+        let stdout = std::io::stdout();
+        let mut stdout = stdout.lock();
+        MessageNotation::alert(&mut stdout, format!("{}", input_dir.unwrap_err())).ok();
+        return vec![];
+    }
+    let mut ret = vec![];
+    for f in input_dir.unwrap() {
+        if f.is_err() {
+            continue;
+        }
+        let path = f.unwrap().path();
+        if path.is_dir() {
+            path.to_str().and_then(|path_str| {
+                let subdir_ret = parse_dir(path_str);
+                ret.extend(subdir_ret);
+                return Option::Some(());
+            });
+        } else {
+            let path_str = path.to_str().unwrap_or("");
+            if path_str.ends_with(".evtx") {
+                ret.push(path);
+            }
+        }
+    }
+    return ret;
+}
+
+#[cfg(test)]
+mod tests {
+    use crate::parse_dir;
+
+    #[test]
+    fn test_parse_dir_not_exists() {
+        let files = parse_dir("test_files/evtx/notfiles");
+        assert_eq!(0, files.len());
+    }
+
+    #[test]
+    fn test_parse_dir_exists() {
+        let files = parse_dir("test_files/evtx");
+        assert_eq!(3, files.len());
+        files.iter().for_each(|file| {
+            let is_contains = &vec!["test1.evtx", "test2.evtx", "testtest4.evtx"]
+                .into_iter()
+                .any(|filepath_str| {
+                    return file.file_name().unwrap().to_str().unwrap_or("") == filepath_str;
+                });
+            assert_eq!(is_contains, &true);
+        })
+    }
+}
diff --git a/test_files/evtx/sub/test2.evtx b/test_files/evtx/sub/test2.evtx
diff --git a/test_files/evtx/sub/testtest4.evtx b/test_files/evtx/sub/testtest4.evtx
diff --git a/test_files/evtx/test1.evtx b/test_files/evtx/test1.evtx