Skip to content

Commit

Permalink
refactor: remove duplicated code
Browse files Browse the repository at this point in the history
  • Loading branch information
@fukusuket
fukusuket committed Jul 9, 2024
1 parent c55e3e9 commit d1ea60e
Showing 1 changed file with 31 additions and 36 deletions.
67 changes: 31 additions & 36 deletions src/detections/detection.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,7 @@ use crate::detections::configs::STORED_EKEY_ALIAS;
use crate::detections::field_data_map::FieldDataMapKey;
use crate::detections::message::{AlertMessage, DetectInfo, ERROR_LOG_STACK, TAGS_CONFIG};
use crate::detections::rule::correlation_parser::parse_correlation_rules;
use crate::detections::rule::count::AggRecordTimeInfo;
use crate::detections::rule::{self, AggResult, RuleNode};
use crate::detections::utils::{create_recordinfos, format_time, write_color_buffer};
use crate::detections::utils::{get_serde_number_to_string, make_ascii_titlecase};
Expand Down Expand Up @@ -792,37 +793,21 @@ impl Detection {
profile_converter.insert(
key.as_str(),
Computer(
agg_result
.agg_record_time_info
.iter()
.map(|x| x.computer.clone())
.collect::<HashSet<_>>() // HashSetに変換して重複を削除
.iter()
.cloned()
.collect::<Vec<_>>()
.iter()
.sorted()
.join(" ¦ ")
.into(),
Detection::join_agg_values(&agg_result.agg_record_time_info, |x| {
x.computer.clone()
})
.into(),
),
);
}
Channel(_) => {
profile_converter.insert(
key.as_str(),
Channel(
agg_result
.agg_record_time_info
.iter()
.map(|x| x.channel.clone())
.collect::<HashSet<_>>() // HashSetに変換して重複を削除
.iter()
.cloned()
.collect::<Vec<_>>()
.iter()
.sorted()
.join(" ¦ ")
.into(),
Detection::join_agg_values(&agg_result.agg_record_time_info, |x| {
x.channel.clone()
})
.into(),
),
);
}
Expand All @@ -840,18 +825,10 @@ impl Detection {
profile_converter.insert(
key.as_str(),
EventID(
agg_result
.agg_record_time_info
.iter()
.map(|x| x.event_id.clone())
.collect::<HashSet<_>>() // HashSetに変換して重複を削除
.iter()
.cloned()
.collect::<Vec<_>>()
.iter()
.sorted()
.join(" ¦ ")
.into(),
Detection::join_agg_values(&agg_result.agg_record_time_info, |x| {
x.event_id.clone()
})
.into(),
),
);
}
Expand Down Expand Up @@ -1032,6 +1009,24 @@ impl Detection {
detect_info
}

fn join_agg_values<F>(
agg_record_time_infos: &[AggRecordTimeInfo],
extractor: F,
) -> CompactString
where
F: Fn(&AggRecordTimeInfo) -> String,
{
agg_record_time_infos
.iter()
.map(&extractor)
.collect::<HashSet<_>>() // Convert to HashSet to remove duplicates
.into_iter()
.collect::<Vec<_>>() // Convert back to Vec to sort
.iter()
.sorted()
.join(" ¦ ")
.into() // Convert to CompactString
}
/// rule内のtagsの内容を配列として返却する関数
fn get_tag_info(rule: &RuleNode) -> Nested<String> {
Nested::from_iter(
Expand Down

0 comments on commit d1ea60e

Please sign in to comment.