Merge pull request #1266 from Yamato-Security/1255-add-back-h-help-op…

…tion-to-general-options added back `-h, --help` option to General Options
Yamato-Security · Feb 5, 2024 · 380376f · 380376f
2 parents bda68fb + d0dc893
commit 380376f
Show file tree

Hide file tree

Showing 20 changed files with 69 additions and 13 deletions.
diff --git a/CHANGELOG-Japanese.md b/CHANGELOG-Japanese.md
@@ -13,6 +13,7 @@
 - `json-timeline`コマンドの標準出力でJSONフォーマットを出力するように修正した。 (#1197) (@hitenkoku)
 - JSON入力でデータが配列内にある場合に解析できるようにした。 (#1248) (@hitenkoku)
 - 古いターミナルでも正しく表示されるように、また読みやすくするために、`‖`区切り文字を`·`区切り文字に変更した。(#1258) (@YamatoSecurity)
+- General Optionsに`-h --help`オプションを追加した。 (#1255) (@hitenkoku)
 - `json-timeline`コマンドの`Details`の出力で、要素がアルファベット順に並んでいたのをルールに記載されているオリジナルの順番に変更した。 (#1264) (@hitenkoku)
 -  ルールをロードする必要のないコマンドを実行した場合、検出ルールのロードをスキップするようにした。 (#1263) (@hitenkoku)
 

diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -13,6 +13,7 @@
 - The `json-timeline` command now outputs in JSON format when outputting to the terminal. (#1197) (@hitenkoku)
 - Added support for parsing JSON input when the data is inside an array. (#1248) (@hitenkoku)
 - Changed the `‖` separator into a `·` separator to make it easier to read and render properly on older terminals. (#1258) (@YamatoSecurity)
+- Added back `-h --help` option to General Options. (#1255) (@hitenkoku)
 - Changed the `Details` output in `json-timeline` command from alphabetical order to the original order. 
 - Skiped loading detection rules when running to command which is no need to load rule. (#1263) (@hitenkoku)
 

diff --git a/src/afterfact.rs b/src/afterfact.rs
@@ -1999,6 +1999,7 @@ mod tests {
                 common_options: CommonOptions {
                     no_color: false,
                     quiet: false,
+                    help: None,
                 },
                 detect_common_options: DetectCommonOption {
                     evtx_file_ext: None,
@@ -2089,6 +2090,7 @@ mod tests {
                 common_options: CommonOptions {
                     no_color: false,
                     quiet: false,
+                    help: None,
                 },
                 detect_common_options: DetectCommonOption {
                     evtx_file_ext: None,
@@ -2329,6 +2331,7 @@ mod tests {
                 common_options: CommonOptions {
                     no_color: false,
                     quiet: false,
+                    help: None,
                 },
                 detect_common_options: DetectCommonOption {
                     evtx_file_ext: None,
@@ -2421,6 +2424,7 @@ mod tests {
                 common_options: CommonOptions {
                     no_color: false,
                     quiet: false,
+                    help: None,
                 },
                 detect_common_options: DetectCommonOption {
                     evtx_file_ext: None,
@@ -2647,6 +2651,7 @@ mod tests {
                 common_options: CommonOptions {
                     no_color: false,
                     quiet: false,
+                    help: None,
                 },
                 detect_common_options: DetectCommonOption {
                     evtx_file_ext: None,
@@ -2737,6 +2742,7 @@ mod tests {
                 common_options: CommonOptions {
                     no_color: false,
                     quiet: false,
+                    help: None,
                 },
                 detect_common_options: DetectCommonOption {
                     evtx_file_ext: None,
@@ -2974,6 +2980,7 @@ mod tests {
                 common_options: CommonOptions {
                     no_color: false,
                     quiet: false,
+                    help: None,
                 },
                 detect_common_options: DetectCommonOption {
                     evtx_file_ext: None,
@@ -3064,6 +3071,7 @@ mod tests {
                 common_options: CommonOptions {
                     no_color: false,
                     quiet: false,
+                    help: None,
                 },
                 detect_common_options: DetectCommonOption {
                     evtx_file_ext: None,
@@ -3375,6 +3383,7 @@ mod tests {
                 common_options: CommonOptions {
                     no_color: false,
                     quiet: false,
+                    help: None,
                 },
                 detect_common_options: DetectCommonOption {
                     evtx_file_ext: None,
@@ -3466,6 +3475,7 @@ mod tests {
                 common_options: CommonOptions {
                     no_color: false,
                     quiet: false,
+                    help: None,
                 },
                 detect_common_options: DetectCommonOption {
                     evtx_file_ext: None,
@@ -3714,6 +3724,7 @@ mod tests {
             common_options: CommonOptions {
                 no_color: false,
                 quiet: false,
+                help: None,
             },
             detect_common_options: DetectCommonOption {
                 evtx_file_ext: None,
@@ -3883,6 +3894,7 @@ mod tests {
                 common_options: CommonOptions {
                     no_color: false,
                     quiet: false,
+                    help: None,
                 },
                 detect_common_options: DetectCommonOption {
                     evtx_file_ext: None,
@@ -3972,6 +3984,7 @@ mod tests {
                 common_options: CommonOptions {
                     no_color: false,
                     quiet: false,
+                    help: None,
                 },
                 detect_common_options: DetectCommonOption {
                     evtx_file_ext: None,
@@ -4150,6 +4163,7 @@ mod tests {
                 common_options: CommonOptions {
                     no_color: false,
                     quiet: false,
+                    help: None,
                 },
                 detect_common_options: DetectCommonOption {
                     evtx_file_ext: None,
@@ -4239,6 +4253,7 @@ mod tests {
                 common_options: CommonOptions {
                     no_color: false,
                     quiet: false,
+                    help: None,
                 },
                 detect_common_options: DetectCommonOption {
                     evtx_file_ext: None,

diff --git a/src/detections/configs.rs b/src/detections/configs.rs
@@ -7,7 +7,7 @@ use crate::options::pivot::PIVOT_KEYWORD;
 use crate::options::profile::{load_profile, Profile};
 use aho_corasick::{AhoCorasick, AhoCorasickBuilder, MatchKind};
 use chrono::{DateTime, Days, Duration, Local, Months, Utc};
-use clap::{ArgGroup, Args, ColorChoice, Command, CommandFactory, Parser, Subcommand};
+use clap::{ArgAction, ArgGroup, Args, ColorChoice, Command, CommandFactory, Parser, Subcommand};
 use compact_str::CompactString;
 use hashbrown::{HashMap, HashSet};
 use itertools::Itertools;
@@ -122,6 +122,7 @@ impl StoredStatic {
             None => CommonOptions {
                 no_color: false,
                 quiet: false,
+                help: None,
             },
         };
         let binding = Path::new("./rules/config").to_path_buf();
@@ -743,7 +744,6 @@ pub enum Action {
         author = "Yamato Security (https://github.com/Yamato-Security/hayabusa - @SecurityYamato)",
         help_template = "\nHayabusa v2.13.0 - Dev Build\n{author-with-newline}\n{usage-heading}\n  hayabusa.exe csv-timeline <INPUT> [OPTIONS]\n\n{all-args}",
         term_width = 400,
-        disable_help_flag = true,
         display_order = 290
     )]
     /// Save the timeline in CSV format.
@@ -753,7 +753,6 @@ pub enum Action {
         author = "Yamato Security (https://github.com/Yamato-Security/hayabusa - @SecurityYamato)",
         help_template = "\nHayabusa v2.13.0 - Dev Build\n{author-with-newline}\n{usage-heading}\n  hayabusa.exe json-timeline <INPUT> [OPTIONS]\n\n{all-args}",
         term_width = 400,
-        disable_help_flag = true,
         display_order = 360
     )]
     /// Save the timeline in JSON/JSONL format.
@@ -763,7 +762,6 @@ pub enum Action {
         author = "Yamato Security (https://github.com/Yamato-Security/hayabusa - @SecurityYamato)",
         help_template = "\nHayabusa v2.13.0 - Dev Build\n{author-with-newline}\n{usage-heading}\n  hayabusa.exe logon-summary <INPUT> [OPTIONS]\n\n{all-args}",
         term_width = 400,
-        disable_help_flag = true,
         display_order = 383
     )]
     /// Print a summary of successful and failed logons
@@ -773,7 +771,6 @@ pub enum Action {
         author = "Yamato Security (https://github.com/Yamato-Security/hayabusa - @SecurityYamato)",
         help_template = "\nHayabusa v2.13.0 - Dev Build\n{author-with-newline}\n{usage-heading}\n  hayabusa.exe eid-metrics <INPUT> [OPTIONS]\n\n{all-args}",
         term_width = 400,
-        disable_help_flag = true,
         display_order = 310
     )]
     /// Print event ID metrics
@@ -783,7 +780,6 @@ pub enum Action {
         author = "Yamato Security (https://github.com/Yamato-Security/hayabusa - @SecurityYamato)",
         help_template = "\nHayabusa v2.13.0 - Dev Build\n{author-with-newline}\n{usage-heading}\n  hayabusa.exe pivot-keywords-list <INPUT> [OPTIONS]\n\n{all-args}",
         term_width = 400,
-        disable_help_flag = true,
         display_order = 420
     )]
     /// Create a list of pivot keywords
@@ -793,7 +789,6 @@ pub enum Action {
         author = "Yamato Security (https://github.com/Yamato-Security/hayabusa - @SecurityYamato)",
         help_template = "\nHayabusa v2.13.0 - Dev Build\n{author-with-newline}\n{usage-heading}\n  hayabusa.exe search <INPUT> <--keywords \"<KEYWORDS>\" OR --regex \"<REGEX>\"> [OPTIONS]\n\n{all-args}",
         term_width = 400,
-        disable_help_flag = true,
         display_order = 450
     )]
     /// Search all events by keyword(s) or regular expression
@@ -803,7 +798,6 @@ pub enum Action {
         author = "Yamato Security (https://github.com/Yamato-Security/hayabusa - @SecurityYamato)",
         help_template = "\nHayabusa v2.13.0 - Dev Build\n{author-with-newline}\n{usage-heading}\n  {usage}\n\n{all-args}",
         term_width = 400,
-        disable_help_flag = true,
         display_order = 470
     )]
     /// Update to the latest rules in the hayabusa-rules github repository
@@ -813,7 +807,6 @@ pub enum Action {
         author = "Yamato Security (https://github.com/Yamato-Security/hayabusa - @SecurityYamato)",
         help_template = "\nHayabusa v2.13.0 - Dev Build\n{author-with-newline}\n{usage-heading}\n  {usage}\n\n{all-args}",
         term_width = 400,
-        disable_help_flag = true,
         display_order = 380
     )]
     /// Tune alert levels (default: ./rules/config/level_tuning.txt)
@@ -823,7 +816,6 @@ pub enum Action {
         author = "Yamato Security (https://github.com/Yamato-Security/hayabusa - @SecurityYamato)",
         help_template = "\nHayabusa v2.13.0 - Dev Build\n{author-with-newline}\n{usage-heading}\n  {usage}\n\n{all-args}",
         term_width = 400,
-        disable_help_flag = true,
         display_order = 451
     )]
     /// Set default output profile
@@ -841,7 +833,6 @@ pub enum Action {
         author = "Yamato Security (https://github.com/Yamato-Security/hayabusa - @SecurityYamato)",
         help_template = "\nHayabusa v2.13.0 - Dev Build\n{author-with-newline}\n{usage-heading}\n  {usage}\n\n{all-args}",
         term_width = 400,
-        disable_help_flag = true,
         display_order = 290
     )]
     /// Print computer name metrics
@@ -1528,6 +1519,10 @@ pub struct CommonOptions {
     /// Quiet mode: do not display the launch banner
     #[arg(help_heading = Some("Display Settings"), short, long, global = true, display_order = 430)]
     pub quiet: bool,
+
+    /// Show the help menu
+    #[clap(help_heading = Some("General Options"), short = 'h', long = "help", action = ArgAction::Help, display_order = 340, required = false)]
+    pub help: Option<bool>,
 }
 
 #[derive(Args, Clone, Debug)]
@@ -1662,8 +1657,7 @@ pub struct ComputerMetricsOption {
 #[clap(
     author = "Yamato Security (https://github.com/Yamato-Security/hayabusa - @SecurityYamato)",
     help_template = "\nHayabusa v2.13.0 - Dev Build\n{author-with-newline}\n{usage-heading}\n  hayabusa.exe <COMMAND> [OPTIONS]\n  hayabusa.exe help <COMMAND>\n\n{all-args}{options}",
-    term_width = 400,
-    disable_help_flag = true
+    term_width = 400
 )]
 pub struct Config {
     #[command(subcommand)]
@@ -2693,6 +2687,7 @@ mod tests {
                     common_options: CommonOptions {
                         no_color: false,
                         quiet: false,
+                        help: None,
                     },
                     detect_common_options: DetectCommonOption {
                         evtx_file_ext: None,
@@ -2766,6 +2761,7 @@ mod tests {
                     common_options: CommonOptions {
                         no_color: false,
                         quiet: false,
+                        help: None,
                     },
                     detect_common_options: DetectCommonOption {
                         evtx_file_ext: None,
@@ -2812,6 +2808,7 @@ mod tests {
                 common_options: CommonOptions {
                     no_color: false,
                     quiet: false,
+                    help: None,
                 },
                 input_args: InputOption {
                     directory: None,
@@ -2858,6 +2855,7 @@ mod tests {
                 common_options: CommonOptions {
                     no_color: false,
                     quiet: false,
+                    help: None,
                 },
                 input_args: InputOption {
                     directory: None,
@@ -2901,6 +2899,7 @@ mod tests {
                 common_options: CommonOptions {
                     no_color: false,
                     quiet: false,
+                    help: None,
                 },
                 input_args: InputOption {
                     directory: None,
@@ -2947,6 +2946,7 @@ mod tests {
                 common_options: CommonOptions {
                     no_color: false,
                     quiet: false,
+                    help: None,
                 },
                 input_args: InputOption {
                     directory: None,

diff --git a/src/detections/detection.rs b/src/detections/detection.rs
@@ -1237,6 +1237,7 @@ mod tests {
                     common_options: CommonOptions {
                         no_color: false,
                         quiet: false,
+                        help: None,
                     },
                     detect_common_options: DetectCommonOption {
                         evtx_file_ext: None,
@@ -1499,6 +1500,7 @@ mod tests {
                 common_options: CommonOptions {
                     no_color: false,
                     quiet: false,
+                    help: None,
                 },
                 detect_common_options: DetectCommonOption {
                     evtx_file_ext: None,
@@ -1635,6 +1637,7 @@ mod tests {
                 common_options: CommonOptions {
                     no_color: false,
                     quiet: false,
+                    help: None,
                 },
                 detect_common_options: DetectCommonOption {
                     evtx_file_ext: None,
@@ -1767,6 +1770,7 @@ mod tests {
                 common_options: CommonOptions {
                     no_color: false,
                     quiet: false,
+                    help: None,
                 },
                 detect_common_options: DetectCommonOption {
                     evtx_file_ext: None,
@@ -1912,6 +1916,7 @@ mod tests {
                 common_options: CommonOptions {
                     no_color: false,
                     quiet: false,
+                    help: None,
                 },
                 detect_common_options: DetectCommonOption {
                     evtx_file_ext: None,

diff --git a/src/detections/rule/condition_parser.rs b/src/detections/rule/condition_parser.rs
@@ -481,6 +481,7 @@ mod tests {
                     common_options: CommonOptions {
                         no_color: false,
                         quiet: false,
+                        help: None,
                     },
                     detect_common_options: DetectCommonOption {
                         evtx_file_ext: None,

diff --git a/src/detections/rule/count.rs b/src/detections/rule/count.rs
@@ -609,6 +609,7 @@ mod tests {
                     common_options: CommonOptions {
                         no_color: false,
                         quiet: false,
+                        help: None,
                     },
                     detect_common_options: DetectCommonOption {
                         evtx_file_ext: None,

diff --git a/src/detections/rule/matchers.rs b/src/detections/rule/matchers.rs
@@ -844,6 +844,7 @@ mod tests {
                     common_options: CommonOptions {
                         no_color: false,
                         quiet: false,
+                        help: None,
                     },
                     detect_common_options: DetectCommonOption {
                         evtx_file_ext: None,

diff --git a/src/detections/rule/mod.rs b/src/detections/rule/mod.rs
@@ -429,6 +429,7 @@ mod tests {
                     common_options: CommonOptions {
                         no_color: false,
                         quiet: false,
+                        help: None,
                     },
                     detect_common_options: DetectCommonOption {
                         evtx_file_ext: None,

diff --git a/src/detections/rule/selectionnodes.rs b/src/detections/rule/selectionnodes.rs
@@ -552,6 +552,7 @@ mod tests {
                     common_options: CommonOptions {
                         no_color: false,
                         quiet: false,
+                        help: None,
                     },
                     detect_common_options: DetectCommonOption {
                         evtx_file_ext: None,

diff --git a/src/detections/utils.rs b/src/detections/utils.rs
@@ -1050,6 +1050,7 @@ mod tests {
                     common_options: CommonOptions {
                         no_color: false,
                         quiet: false,
+                        help: None,
                     },
                     detect_common_options: DetectCommonOption {
                         evtx_file_ext: None,