dd_sds/
rule_match.rs

1use crate::match_validation::match_status::MatchStatus;
2use crate::{StringMatch, encoding::Encoding, path::Path};
3use serde::{Deserialize, Serialize};
4use std::fmt::Debug;
5use std::fmt::{Display, Formatter};
6
7/// Metadata about a rule match.
8#[derive(Debug, PartialEq, PartialOrd, Ord, Eq, Serialize, Deserialize)]
9pub struct RuleMatch {
10    /// The index of the rule that matched. This preserves the order
11    /// of rules that were passed into the scanner.
12    pub rule_index: usize,
13
14    /// The path where the match occurred
15    pub path: Path<'static>,
16
17    /// The type of replacement that happened
18    pub replacement_type: ReplacementType,
19
20    /// The start of the match. This points to the replaced text, and not the original text.
21    /// The index is based off of the encoding for the event.
22    pub start_index: usize,
23
24    /// The end, exclusive of the match. This points to the replaced text, and not
25    /// the original text.
26    /// The index is based off of the encoding for the event.
27    pub end_index_exclusive: usize,
28
29    ///  the difference between the end (UTF8 byte index) of the match data in the
30    ///  **INPUT** string and the end (UTF8 byte index) of the match data applied to the new **OUTPUT** string after match actions
31    ///  performed.
32    pub shift_offset: isize,
33
34    // matched string copied from content. If scanner has the return_matches set to true
35    pub match_value: Option<String>,
36
37    // match status updated by the validate_matches scanner method
38    pub match_status: MatchStatus,
39}
40
41pub struct InternalRuleMatch<E: Encoding> {
42    /// index of the rule that matched
43    pub rule_index: usize,
44
45    /// The index of the start of the match from the **INPUT** string (byte index of a UTF8 string)
46    pub utf8_start: usize,
47
48    /// The index of the end of a match from the **INPUT** string, exclusive (byte index of a UTF8 string)
49    pub utf8_end: usize,
50
51    /// The start index of the match, converted to a different encoding
52    pub custom_start: <E as Encoding>::Index,
53
54    /// The end index of the match, converted to a different encoding
55    pub custom_end: <E as Encoding>::Index,
56}
57
58impl<E: Encoding> InternalRuleMatch<E> {
59    pub fn new(rule_index: usize, string_match: StringMatch) -> Self {
60        Self {
61            rule_index,
62            utf8_start: string_match.start,
63            utf8_end: string_match.end,
64            custom_start: E::zero_index(),
65            custom_end: E::zero_index(),
66        }
67    }
68
69    pub fn len(&self) -> usize {
70        self.utf8_end - self.utf8_start
71    }
72}
73
74#[derive(Debug, PartialEq, Eq, PartialOrd, Ord, Serialize, Deserialize)]
75pub enum ReplacementType {
76    None,
77    Placeholder,
78    Hash,
79    PartialStart,
80    PartialEnd,
81}
82
83impl Display for ReplacementType {
84    fn fmt(&self, f: &mut Formatter<'_>) -> std::fmt::Result {
85        match self {
86            ReplacementType::None => write!(f, "none"),
87            ReplacementType::Placeholder => write!(f, "placeholder"),
88            ReplacementType::Hash => write!(f, "hash"),
89            ReplacementType::PartialStart => write!(f, "partial_beginning"),
90            ReplacementType::PartialEnd => write!(f, "partial_end"),
91        }
92    }
93}