Skip to content

Commit

Permalink
chore: handle deprecations and warnings
Browse files Browse the repository at this point in the history
  • Loading branch information
@alexkornitzer
alexkornitzer committed Oct 7, 2023
1 parent e5fef1f commit d636801
Show file tree
Hide file tree
Showing 7 changed files with 36 additions and 32 deletions.
4 changes: 2 additions & 2 deletions src/analyse/srum.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ use std::io::stderr;
use std::{fs, path::PathBuf};

use anyhow::{Context, Error};
use chrono::{DateTime, SecondsFormat, Utc};
use chrono::{DateTime, SecondsFormat, TimeZone, Utc};
use prettytable::{Cell, Row, Table};
use serde_json::json;
use serde_json::Value as Json;
Expand Down Expand Up @@ -364,7 +364,7 @@ impl SrumAnalyser {
let naive = win32_ts_to_datetime(integer as u64).with_context(
|| "Unable to convert Windows timestamp column value to DateTime",
)?;
let datetime = DateTime::<Utc>::from_utc(naive, Utc);
let datetime = Utc.from_utc_datetime(&naive);
let datetime_form =
datetime.to_rfc3339_opts(SecondsFormat::Secs, true);

Expand Down
10 changes: 5 additions & 5 deletions src/cli.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -236,7 +236,7 @@ pub fn print_log(
.expect("failed to localise timestamp")
.to_rfc3339()
} else {
DateTime::<Utc>::from_utc(hit.timestamp, Utc).to_rfc3339()
Utc.from_utc_datetime(&hit.timestamp).to_rfc3339()
};
columns.push(localised.to_string());

Expand Down Expand Up @@ -418,7 +418,7 @@ pub fn print_detections(
.expect("failed to localise timestamp")
.to_rfc3339()
} else {
DateTime::<Utc>::from_utc(*grouping.timestamp, Utc).to_rfc3339()
Utc.from_utc_datetime(grouping.timestamp).to_rfc3339()
};

localised = format_time(localised);
Expand Down Expand Up @@ -824,7 +824,7 @@ pub fn print_csv(
.expect("failed to localise timestamp")
.to_rfc3339()
} else {
DateTime::<Utc>::from_utc(*grouping.timestamp, Utc).to_rfc3339()
Utc.from_utc_datetime(grouping.timestamp).to_rfc3339()
};

let agg;
Expand Down Expand Up @@ -994,7 +994,7 @@ pub fn print_json(
.expect("failed to localise timestamp")
.to_rfc3339()
} else {
DateTime::<Utc>::from_utc(hit.timestamp, Utc).to_rfc3339()
Utc.from_utc_datetime(&hit.timestamp).to_rfc3339()
};
match rule {
Rule::Chainsaw(c) => detections.push(Detection {
Expand Down Expand Up @@ -1066,7 +1066,7 @@ pub fn print_jsonl(
.expect("failed to localise timestamp")
.to_rfc3339()
} else {
DateTime::<Utc>::from_utc(hit.timestamp, Utc).to_rfc3339()
Utc.from_utc_datetime(&hit.timestamp).to_rfc3339()
};
scratch.push((localised, hit, d));
}
Expand Down
2 changes: 1 addition & 1 deletion src/file/esedb/srum.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -50,7 +50,7 @@ impl super::Parser {

// Not a Windows SID
if sru_db_id_map_table_entry.id_type != 3
&& !sru_db_id_map_table_entry.id_blob.clone().is_none()
&& sru_db_id_map_table_entry.id_blob.clone().is_some()
{
// Convert the Vec<u8> to a string
let s = String::from_utf8(
Expand Down
10 changes: 5 additions & 5 deletions src/file/hve/amcache.rs
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
use chrono::{DateTime, NaiveDateTime, Utc};
use chrono::{DateTime, NaiveDateTime, TimeZone, Utc};
use notatin::cell_key_node::CellKeyNode;
use serde::Serialize;

Expand Down Expand Up @@ -66,7 +66,7 @@ impl super::Parser {
/// A helper function for converting registry timestamp strings to DateTime
fn win_reg_str_ts_to_date_time(ts_str: &str) -> crate::Result<DateTime<Utc>> {
let naive = NaiveDateTime::parse_from_str(ts_str, "%m/%d/%Y %H:%M:%S")?;
Ok(DateTime::<Utc>::from_utc(naive, Utc))
Ok(Utc.from_utc_datetime(&naive))
}

// Get and parse data from InventoryApplication
Expand Down Expand Up @@ -170,15 +170,15 @@ impl super::Parser {
}
let naive = NaiveDateTime::from_timestamp_opt(num as i64, 0)
.expect("unix timestamp our of range");
Some(DateTime::<Utc>::from_utc(naive, Utc))
Some(Utc.from_utc_datetime(&naive))
}
notatin::cell_value::CellValue::U64(num) => {
if num == 0 {
return Ok(None);
}
let naive = NaiveDateTime::from_timestamp_opt(num as i64, 0)
.expect("unix timestamp our of range");
Some(DateTime::<Utc>::from_utc(naive, Utc))
Some(Utc.from_utc_datetime(&naive))
}
_ => bail!(
"Value \"{}\" in key \"{}\" was not of type U32 or U64!",
Expand Down Expand Up @@ -242,7 +242,7 @@ impl super::Parser {
value.get_content()
{
let naive = win32_ts_to_datetime(ts)?;
Some(DateTime::<Utc>::from_utc(naive, Utc))
Some(Utc.from_utc_datetime(&naive))
} else {
None
}
Expand Down
30 changes: 17 additions & 13 deletions src/file/hve/shimcache.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -296,11 +296,13 @@ fn utf16_to_string(bytes: &[u8]) -> crate::Result<String> {

mod windows_10_cache {
use super::{utf16_to_string, CPUArchitecture, EntryType, ShimcacheEntry};
use crate::file::win32_ts_to_datetime;
use chrono::{DateTime, Utc};

use chrono::{TimeZone, Utc};
use lazy_static::lazy_static;
use regex::Regex;

use crate::file::win32_ts_to_datetime;

pub fn parse(shimcache_bytes: &Vec<u8>, controlset: u32) -> crate::Result<Vec<ShimcacheEntry>> {
let mut shimcache_entries: Vec<ShimcacheEntry> = Vec::new();
let mut index = u32::from_le_bytes(
Expand Down Expand Up @@ -435,8 +437,7 @@ mod windows_10_cache {
};
let last_modified_ts = if last_modified_time_utc_win32 != 0 {
let last_modified_time_utc = win32_ts_to_datetime(last_modified_time_utc_win32)?;
let last_modified_date_time =
DateTime::<Utc>::from_utc(last_modified_time_utc, Utc);
let last_modified_date_time = Utc.from_utc_datetime(&last_modified_time_utc);
Some(last_modified_date_time)
} else {
None
Expand All @@ -463,8 +464,10 @@ mod windows_10_cache {

mod windows7x64_windows2008r2_cache {
use super::{utf16_to_string, EntryType, InsertFlag, ShimcacheEntry};

use chrono::{TimeZone, Utc};

use crate::file::win32_ts_to_datetime;
use chrono::{DateTime, Utc};

pub fn parse(shimcache_bytes: &Vec<u8>, controlset: u32) -> crate::Result<Vec<ShimcacheEntry>> {
let mut shimcache_entries: Vec<ShimcacheEntry> = Vec::new();
Expand Down Expand Up @@ -555,8 +558,7 @@ mod windows7x64_windows2008r2_cache {
);
let last_modified_ts = if last_modified_time_utc_win32 != 0 {
let last_modified_time_utc = win32_ts_to_datetime(last_modified_time_utc_win32)?;
let last_modified_date_time =
DateTime::<Utc>::from_utc(last_modified_time_utc, Utc);
let last_modified_date_time = Utc.from_utc_datetime(&last_modified_time_utc);
Some(last_modified_date_time)
} else {
None
Expand Down Expand Up @@ -589,8 +591,10 @@ mod windows7x64_windows2008r2_cache {

mod windows7x86_cache {
use super::{utf16_to_string, EntryType, InsertFlag, ShimcacheEntry};

use chrono::{TimeZone, Utc};

use crate::file::win32_ts_to_datetime;
use chrono::{DateTime, Utc};

pub fn parse(shimcache_bytes: &Vec<u8>, controlset: u32) -> crate::Result<Vec<ShimcacheEntry>> {
let mut shimcache_entries: Vec<ShimcacheEntry> = Vec::new();
Expand Down Expand Up @@ -679,8 +683,7 @@ mod windows7x86_cache {
);
let last_modified_ts = if last_modified_time_utc_win32 != 0 {
let last_modified_time_utc = win32_ts_to_datetime(last_modified_time_utc_win32)?;
let last_modified_date_time =
DateTime::<Utc>::from_utc(last_modified_time_utc, Utc);
let last_modified_date_time = Utc.from_utc_datetime(&last_modified_time_utc);
Some(last_modified_date_time)
} else {
None
Expand Down Expand Up @@ -713,8 +716,10 @@ mod windows7x86_cache {

mod windows8_cache {
use super::{utf16_to_string, EntryType, InsertFlag, ShimcacheEntry};

use chrono::{TimeZone, Utc};

use crate::file::win32_ts_to_datetime;
use chrono::{DateTime, Utc};

pub fn parse(shimcache_bytes: &Vec<u8>, controlset: u32) -> crate::Result<Vec<ShimcacheEntry>> {
let mut shimcache_entries: Vec<ShimcacheEntry> = Vec::new();
Expand Down Expand Up @@ -805,8 +810,7 @@ mod windows8_cache {
Some(insert_flags & InsertFlag::Executed as u32 == InsertFlag::Executed as u32);
let last_modified_ts = if last_modified_time_utc_win32 != 0 {
let last_modified_time_utc = win32_ts_to_datetime(last_modified_time_utc_win32)?;
let last_modified_date_time =
DateTime::<Utc>::from_utc(last_modified_time_utc, Utc);
let last_modified_date_time = Utc.from_utc_datetime(&last_modified_time_utc);
Some(last_modified_date_time)
} else {
None
Expand Down
6 changes: 3 additions & 3 deletions src/hunt.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -444,13 +444,13 @@ impl HunterBuilder {
fields,
rules,

from: self.from.map(|d| DateTime::from_utc(d, Utc)),
from: self.from.map(|d| Utc.from_utc_datetime(&d)),
load_unknown,
local,
preprocess,
skip_errors,
timezone: self.timezone,
to: self.to.map(|d| DateTime::from_utc(d, Utc)),
to: self.to.map(|d| Utc.from_utc_datetime(&d)),
},
})
}
Expand Down Expand Up @@ -1067,7 +1067,7 @@ impl Hunter {
}
}
} else {
DateTime::<Utc>::from_utc(timestamp, Utc)
Utc.from_utc_datetime(&timestamp)
};
// Check if event is older than start date marker
if let Some(sd) = self.inner.from {
Expand Down
6 changes: 3 additions & 3 deletions src/search.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -119,7 +119,7 @@ impl<'a> Iterator for Iter<'a> {
}
}
} else {
DateTime::<Utc>::from_utc(timestamp, Utc)
Utc.from_utc_datetime(&timestamp)
};
// Check if event is older than start date marker
if let Some(sd) = self.searcher.from {
Expand Down Expand Up @@ -226,14 +226,14 @@ impl SearcherBuilder {
inner: SearcherInner {
regex,

from: self.from.map(|d| DateTime::from_utc(d, Utc)),
from: self.from.map(|d| Utc.from_utc_datetime(&d)),
load_unknown,
local,
skip_errors,
tau,
timestamp: self.timestamp,
timezone: self.timezone,
to: self.to.map(|d| DateTime::from_utc(d, Utc)),
to: self.to.map(|d| Utc.from_utc_datetime(&d)),
},
})
}
Expand Down

0 comments on commit d636801

Please sign in to comment.