Skip to content

Commit

Permalink
Merge pull request #988 from Yamato-Security/improve_speed_by_removed…
Browse files Browse the repository at this point in the history 
…_unnecessary_trim

perf: replaced trim method in afterfact with process in detection
  • Loading branch information
@YamatoSecurity
YamatoSecurity authored Apr 6, 2023
2 parents 4e58d78 + 9c99950 commit 1e7e7e2
Show file tree
Hide file tree
Showing 4 changed files with 20 additions and 16 deletions.
2 changes: 1 addition & 1 deletion src/afterfact.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -397,7 +397,7 @@ fn emit_csv<W: std::io::Write>(
wtr.write_record(detect_info.ext_field.iter().map(|x| {
output_remover.replace_all(
&output_replacer.replace_all(
x.1.to_value().trim(),
&x.1.to_value(),
&output_replaced_maps.values().collect_vec(),
),
&removed_replaced_maps.values().collect_vec(),
Expand Down
30 changes: 17 additions & 13 deletions src/detections/detection.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -277,7 +277,8 @@ impl Detection {
key.as_str(),
Computer(
record_info.record["Event"]["System"]["Computer"]
.to_string()
.as_str()
.unwrap_or_default()
.replace('\"', "")
.into(),
),
Expand All @@ -303,11 +304,13 @@ impl Detection {
}
Level(_) => {
let str_level = level.as_str();
let prof_level = LEVEL_ABBR_MAP
.get(str_level)
.unwrap_or(&str_level)
.to_string();
profile_converter.insert(key.as_str(), Level(prof_level.into()));
let abbr_level = LEVEL_ABBR_MAP.get(str_level).unwrap_or(&str_level);
let prof_level = if stored_static.output_path.is_none() {
abbr_level
} else {
abbr_level.trim()
};
profile_converter.insert(key.as_str(), Level(prof_level.to_string().into()));
}
EventID(_) => {
profile_converter.insert(key.as_str(), EventID(eid.to_string().into()));
Expand Down Expand Up @@ -350,7 +353,7 @@ impl Detection {
}
MitreTactics(_) => {
let tactics = CompactString::from(
&tag_info
tag_info
.iter()
.filter(|x| tags_config_values.contains(&&CompactString::from(*x)))
.join(" ¦ "),
Expand Down Expand Up @@ -695,12 +698,13 @@ impl Detection {
}
Level(_) => {
let str_level = level.as_str();
let prof_level = LEVEL_ABBR_MAP
.get(str_level)
.unwrap_or(&str_level)
.to_string();

profile_converter.insert(key.as_str(), Level(prof_level.into()));
let abbr_level = LEVEL_ABBR_MAP.get(str_level).unwrap_or(&str_level);
let prof_level = if stored_static.output_path.is_none() {
abbr_level
} else {
abbr_level.trim()
};
profile_converter.insert(key.as_str(), Level(prof_level.to_string().into()));
}
EventID(_) => {
profile_converter.insert(key.as_str(), EventID("-".into()));
Expand Down
2 changes: 1 addition & 1 deletion src/detections/message.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -164,7 +164,7 @@ pub fn insert(
))
}
_ => {
if let Some(p) = profile_converter.get(key.to_string().as_str()) {
if let Some(p) = profile_converter.get(key.as_str()) {
replaced_profiles.push((
key.to_owned(),
profile.convert(&parse_message(
Expand Down
2 changes: 1 addition & 1 deletion src/detections/utils.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -437,7 +437,7 @@ fn _collect_recordinfo<'a>(
* 最初の文字を大文字にする関数
*/
pub fn make_ascii_titlecase(s: &str) -> CompactString {
let mut c = s.chars();
let mut c = s.trim().chars();
match c.next() {
None => CompactString::default(),
Some(f) => {
Expand Down

0 comments on commit 1e7e7e2

Please sign in to comment.