Skip to content

Commit

Permalink
refactor: remove unused fields/params
Browse files Browse the repository at this point in the history
  • Loading branch information
@fukusuket
fukusuket committed Jul 7, 2024
1 parent 95ee553 commit 79ce661
Show file tree
Hide file tree
Showing 3 changed files with 4 additions and 78 deletions.
9 changes: 3 additions & 6 deletions src/detections/detection.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1313,7 +1313,7 @@ mod tests {
fn test_output_aggregation_output_with_output() {
let default_time = Utc.with_ymd_and_hms(1977, 1, 1, 0, 0, 0).unwrap();
let agg_result: AggResult =
AggResult::new(2, "_".to_string(), vec![], default_time, ">= 1".to_string());
AggResult::new(2, "_".to_string(), vec![], default_time);
let rule_str = r#"
enabled: true
detection:
Expand Down Expand Up @@ -1341,7 +1341,7 @@ mod tests {
fn test_output_aggregation_output_no_filed_by() {
let default_time = Utc.with_ymd_and_hms(1977, 1, 1, 0, 0, 0).unwrap();
let agg_result: AggResult =
AggResult::new(2, "_".to_string(), vec![], default_time, ">= 1".to_string());
AggResult::new(2, "_".to_string(), vec![], default_time);
let rule_str = r#"
enabled: true
detection:
Expand All @@ -1368,7 +1368,7 @@ mod tests {
fn test_output_aggregation_output_with_timeframe() {
let default_time = Utc.with_ymd_and_hms(1977, 1, 1, 0, 0, 0).unwrap();
let agg_result: AggResult =
AggResult::new(2, "_".to_string(), vec![], default_time, ">= 1".to_string());
AggResult::new(2, "_".to_string(), vec![], default_time);
let rule_str = r#"
enabled: true
detection:
Expand Down Expand Up @@ -1400,7 +1400,6 @@ mod tests {
"_".to_string(),
vec!["7040".to_owned(), "9999".to_owned()],
default_time,
">= 1".to_string(),
);
let rule_str = r#"
enabled: true
Expand Down Expand Up @@ -1430,7 +1429,6 @@ mod tests {
"lsass.exe".to_string(),
vec!["0000".to_owned(), "1111".to_owned()],
default_time,
">= 1".to_string(),
);
let rule_str = r#"
enabled: true
Expand Down Expand Up @@ -1459,7 +1457,6 @@ mod tests {
"lsass.exe".to_string(),
vec![],
default_time,
">= 1".to_string(),
);
let rule_str = r#"
enabled: true
Expand Down
69 changes: 1 addition & 68 deletions src/detections/rule/count.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -188,36 +188,6 @@ pub fn aggregation_condition_select(
ret
}

/// aggregation condition内での条件式を文字として返す関数
pub fn get_str_agg_eq(rule: &RuleNode) -> String {
//この関数はaggregation ruleのパースが正常終了した後に呼ばれる想定のためOptionの判定は行わない
let agg_condition = rule.detection.aggregation_condition.as_ref().unwrap();
let mut ret: String = String::default();
match agg_condition._cmp_op {
AggregationConditionToken::EQ => {
ret.push_str("== ");
}
AggregationConditionToken::GE => {
ret.push_str(">= ");
}
AggregationConditionToken::LE => {
ret.push_str("<= ");
}
AggregationConditionToken::GT => {
ret.push_str("> ");
}
AggregationConditionToken::LT => {
ret.push_str("< ");
}
_ => {
//想定しない演算子のため、空白文字で対応するものがない
return "".to_string();
}
}
ret.push_str(&agg_condition._cmp_num.to_string());
ret
}

#[derive(Clone, Debug)]
/// countの括弧内の情報とレコードの情報を所持する構造体
pub struct AggRecordTimeInfo {
Expand Down Expand Up @@ -354,7 +324,6 @@ trait CountStrategy {
datas: &[AggRecordTimeInfo],
cnt: i64,
key: &str,
rule: &RuleNode,
) -> AggResult;
}

Expand Down Expand Up @@ -411,15 +380,13 @@ impl CountStrategy for FieldStrategy {
datas: &[AggRecordTimeInfo],
_cnt: i64,
key: &str,
rule: &RuleNode,
) -> AggResult {
let values: Vec<String> = self.value_2_cnt.drain().map(|(key, _)| key).collect(); // drainで初期化
AggResult::new(
values.len() as i64,
key.to_string(),
values,
datas[left as usize].record_time,
get_str_agg_eq(rule),
)
}
}
Expand Down Expand Up @@ -458,14 +425,12 @@ impl CountStrategy for NoFieldStrategy {
datas: &[AggRecordTimeInfo],
cnt: i64,
key: &str,
rule: &RuleNode,
) -> AggResult {
let ret = AggResult::new(
cnt,
key.to_string(),
vec![],
datas[left as usize].record_time,
get_str_agg_eq(rule),
);
self.cnt = 0; //cntを初期化
ret
Expand Down Expand Up @@ -541,7 +506,7 @@ pub fn judge_timeframe(
let cnt = counter.count();
if select_aggcon(cnt, rule) {
// 条件を満たすtimeframeが見つかった
ret.push(counter.create_agg_result(left, &datas, cnt, key, rule));
ret.push(counter.create_agg_result(left, &datas, cnt, key));
left = right;
} else {
// 条件を満たさなかったので、rightとleftを+1ずらす
Expand Down Expand Up @@ -710,7 +675,6 @@ mod tests {
"_".to_string(),
vec![],
Utc.with_ymd_and_hms(1977, 1, 1, 0, 0, 0).unwrap(),
">= 1".to_string(),
)];
check_count(
rule_str,
Expand Down Expand Up @@ -763,14 +727,12 @@ mod tests {
"_".to_string(),
vec![],
Utc.with_ymd_and_hms(1977, 1, 1, 0, 0, 0).unwrap(),
">= 1".to_string(),
),
AggResult::new(
1,
"_".to_string(),
vec![],
Utc.with_ymd_and_hms(1996, 2, 27, 1, 5, 1).unwrap(),
">= 1".to_string(),
),
];
check_count(
Expand Down Expand Up @@ -803,7 +765,6 @@ mod tests {
"_".to_string(),
vec!["System".to_owned()],
Utc.with_ymd_and_hms(1977, 1, 1, 0, 0, 0).unwrap(),
">= 1".to_string(),
);
check_count(
rule_str,
Expand Down Expand Up @@ -853,14 +814,12 @@ mod tests {
"System".to_owned(),
vec!["7040".to_owned()],
Utc.with_ymd_and_hms(1977, 1, 1, 0, 0, 0).unwrap(),
">= 1".to_string(),
),
AggResult::new(
1,
"Test".to_owned(),
vec!["9999".to_owned()],
Utc.with_ymd_and_hms(1996, 2, 27, 1, 5, 1).unwrap(),
">= 1".to_string(),
),
];
check_count(
Expand Down Expand Up @@ -911,14 +870,12 @@ mod tests {
"Windows Event Log".to_owned(),
vec!["7040".to_owned()],
Utc.with_ymd_and_hms(1977, 1, 1, 0, 0, 0).unwrap(),
">= 1".to_string(),
),
AggResult::new(
1,
"Test".to_owned(),
vec!["9999".to_owned()],
Utc.with_ymd_and_hms(1977, 1, 1, 0, 5, 0).unwrap(),
">= 1".to_string(),
),
];
check_count(
Expand Down Expand Up @@ -1031,7 +988,6 @@ mod tests {
"System".to_owned(),
vec!["7040".to_owned(), "9999".to_owned()],
Utc.with_ymd_and_hms(1977, 1, 1, 0, 0, 0).unwrap(),
">= 2".to_string(),
)];
check_count(
rule_str,
Expand Down Expand Up @@ -1081,7 +1037,6 @@ mod tests {
"System".to_owned(),
vec!["7040".to_owned(), "9999".to_owned()],
default_time,
">= 1".to_string(),
)];
check_count(
rule_str,
Expand Down Expand Up @@ -1111,7 +1066,6 @@ mod tests {
"_".to_owned(),
vec!["1".to_owned(), "2".to_owned(), "3".to_owned()],
default_time,
">= 3".to_string(),
)];
check_count(&rule_str, &recs, expected_count, expected_agg_result);
}
Expand Down Expand Up @@ -1145,7 +1099,6 @@ mod tests {
"_".to_owned(),
vec!["1".to_owned(), "2".to_owned(), "3".to_owned()],
default_time,
">= 3".to_string(),
)];
check_count(&rule_str, &recs, expected_count, expected_agg_result);
}
Expand Down Expand Up @@ -1179,7 +1132,6 @@ mod tests {
"_".to_owned(),
vec!["1".to_owned(), "2".to_owned(), "3".to_owned()],
default_time,
">= 3".to_string(),
)];
check_count(&rule_str, &recs, expected_count, expected_agg_result);
}
Expand All @@ -1195,7 +1147,6 @@ mod tests {
"_".to_owned(),
vec!["1".to_owned(), "2".to_owned(), "3".to_owned()],
default_time,
">= 3".to_string(),
)];
check_count(&rule_str, &recs, expected_count, expected_agg_result);
}
Expand All @@ -1219,7 +1170,6 @@ mod tests {
"_".to_owned(),
vec!["1".to_owned(), "2".to_owned(), "3".to_owned()],
default_time,
">= 3".to_string(),
)];
check_count(&rule_str, &recs, expected_count, expected_agg_result);
}
Expand Down Expand Up @@ -1253,7 +1203,6 @@ mod tests {
"_".to_owned(),
vec!["1".to_owned(), "2".to_owned(), "3".to_owned()],
default_time,
">= 3".to_string(),
)];
check_count(&rule_str, &recs, expected_count, expected_agg_result);
}
Expand Down Expand Up @@ -1287,7 +1236,6 @@ mod tests {
"_".to_owned(),
vec!["1".to_owned(), "2".to_owned(), "3".to_owned()],
default_time,
">= 3".to_string(),
)];
check_count(&rule_str, &recs, expected_count, expected_agg_result);
}
Expand Down Expand Up @@ -1327,7 +1275,6 @@ mod tests {
"_".to_owned(),
vec!["1".to_owned(), "2".to_owned(), "3".to_owned()],
default_time,
">= 3".to_string(),
)];
check_count(&rule_str, &recs, expected_count, expected_agg_result);
}
Expand Down Expand Up @@ -1367,7 +1314,6 @@ mod tests {
"_".to_owned(),
vec!["1".to_owned(), "2".to_owned(), "3".to_owned()],
default_time,
">= 3".to_string(),
)];
check_count(&rule_str, &recs, expected_count, expected_agg_result);
}
Expand Down Expand Up @@ -1415,7 +1361,6 @@ mod tests {
"_".to_owned(),
vec!["1".to_owned()],
default_time,
">= 1".to_string(),
)];
check_count(&rule_str, &recs, expected_count, expected_agg_result);
}
Expand All @@ -1437,7 +1382,6 @@ mod tests {
"Windows Event Log".to_owned(),
vec!["1".to_owned()],
default_time,
">= 1".to_string(),
)];
check_count(&rule_str, &recs, expected_count, expected_agg_result);
}
Expand Down Expand Up @@ -1475,7 +1419,6 @@ mod tests {
"_".to_owned(),
vec!["1".to_owned(), "2".to_owned(), "3".to_owned()],
Utc.with_ymd_and_hms(1977, 1, 9, 1, 30, 0).unwrap(),
">= 3".to_string(),
)];
check_count(&rule_str, &recs, expected_count, expected_agg_result);
}
Expand Down Expand Up @@ -1526,7 +1469,6 @@ mod tests {
"4".to_owned(),
],
Utc.with_ymd_and_hms(1977, 1, 9, 1, 30, 0).unwrap(),
">= 4".to_string(),
)];

check_count(&rule_str, &recs, expected_count, expected_agg_result);
Expand Down Expand Up @@ -1554,7 +1496,6 @@ mod tests {
"_".to_owned(),
vec!["1".to_owned(), "2".to_owned(), "3".to_owned()],
Utc.with_ymd_and_hms(1977, 1, 9, 1, 30, 0).unwrap(),
">= 3".to_string(),
)];

check_count(&rule_str, &recs, expected_count, expected_agg_result);
Expand Down Expand Up @@ -1604,7 +1545,6 @@ mod tests {
"4".to_owned(),
],
Utc.with_ymd_and_hms(1977, 1, 9, 1, 30, 0).unwrap(),
">= 4".to_string(),
),
AggResult::new(
4,
Expand All @@ -1616,7 +1556,6 @@ mod tests {
"4".to_owned(),
],
Utc.with_ymd_and_hms(1977, 1, 9, 5, 30, 0).unwrap(),
">= 4".to_string(),
),
AggResult::new(
4,
Expand All @@ -1628,7 +1567,6 @@ mod tests {
"4".to_owned(),
],
Utc.with_ymd_and_hms(1977, 1, 9, 9, 30, 0).unwrap(),
">= 4".to_string(),
),
];

Expand Down Expand Up @@ -1666,7 +1604,6 @@ mod tests {
"_".to_owned(),
vec!["2".to_owned(), "3".to_owned(), "4".to_owned()],
Utc.with_ymd_and_hms(1977, 1, 9, 3, 30, 0).unwrap(),
">= 3".to_string(),
),
AggResult::new(
4,
Expand All @@ -1678,7 +1615,6 @@ mod tests {
"5".to_owned(),
],
Utc.with_ymd_and_hms(1977, 1, 9, 20, 00, 0).unwrap(),
">= 3".to_string(),
),
];
check_count(&rule_str, &recs, expected_count, expected_agg_result);
Expand Down Expand Up @@ -1773,7 +1709,6 @@ mod tests {
let mut expect_key = vec![];
let mut expect_field_values = vec![];
let mut expect_start_timedate = vec![];
let mut expect_condition_op_num = vec![];
for expect_agg in expect_agg_results {
let expect_count = expected_counts.get(&expect_agg.key).unwrap_or(&-1);
//countupの関数が機能しているかを確認
Expand All @@ -1785,7 +1720,6 @@ mod tests {
expect_key.push(expect_agg.key);
expect_field_values.push(expect_agg.field_values);
expect_start_timedate.push(expect_agg.start_timedate);
expect_condition_op_num.push(expect_agg.condition_op_num);
}
for agg_result in agg_results {
println!("{}", &agg_result.start_timedate);
Expand All @@ -1801,7 +1735,6 @@ mod tests {
// field`要素の順番については以降の処理で関連しない
assert!(agg_result.field_values.contains(expect_field_value));
}
assert_eq!(agg_result.condition_op_num, expect_condition_op_num[index]);
}
}
}
Loading

0 comments on commit 79ce661

Please sign in to comment.