Merge pull request #1261 from Yamato-Security/1257-make-search-comman…

…d-line-options-stricter fixed `search` command line options associate
Yamato-Security · Feb 2, 2024 · 19c8c06 · 19c8c06
2 parents e052fc5 + 5397061
commit 19c8c06
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 4 deletions.
diff --git a/README.md b/README.md
@@ -774,7 +774,7 @@ Filtering:
 Output:
   -J, --JSON-output    Save the search results in JSON format (ex: -J -o results.json)
   -L, --JSONL-output   Save the search results in JSONL format (ex: -L -o results.jsonl)
-  -M, --multiline      Output event field information in multiple rows
+  -M, --multiline      Output event field information in multiple rows for CSV output
   -o, --output <FILE>  Save the search results in CSV format (ex: search.csv)
 
 General Options:

diff --git a/src/detections/configs.rs b/src/detections/configs.rs
@@ -951,6 +951,7 @@ pub struct DefaultProfileOption {
 }
 
 #[derive(Args, Clone, Debug)]
+#[clap(group(ArgGroup::new("search_input_filtering").args(["keywords", "regex"]).required(true)))]
 pub struct SearchOption {
     #[clap(flatten)]
     pub common_options: CommonOptions,
@@ -1055,7 +1056,7 @@ pub struct SearchOption {
     #[arg(help_heading = Some("Display Settings"), short = 'v', long, display_order = 480)]
     pub verbose: bool,
 
-    /// Output event field information in multiple rows
+    /// Output event field information in multiple rows for CSV output
     #[arg(help_heading = Some("Output"), short = 'M', long="multiline", display_order = 390)]
     pub multiline: bool,
 
@@ -1064,11 +1065,11 @@ pub struct SearchOption {
     pub clobber: bool,
 
     /// Save the search results in JSON format (ex: -J -o results.json)
-    #[arg(help_heading = Some("Output"), short = 'J', long = "JSON-output", conflicts_with = "jsonl_output", requires = "output", display_order = 100)]
+    #[arg(help_heading = Some("Output"), short = 'J', long = "JSON-output", conflicts_with_all = ["jsonl_output", "multiline"], requires = "output", display_order = 100)]
     pub json_output: bool,
 
     /// Save the search results in JSONL format (ex: -L -o results.jsonl)
-    #[arg(help_heading = Some("Output"), short = 'L', long = "JSONL-output", conflicts_with = "jsonl_output", requires = "output", display_order = 100)]
+    #[arg(help_heading = Some("Output"), short = 'L', long = "JSONL-output", conflicts_with_all = ["jsonl_output", "multiline"], requires = "output", display_order = 100)]
     pub jsonl_output: bool,
 
     /// Output timestamp in European time format (ex: 22-02-2022 22:00:00.123 +02:00)