dd_sds/
rule_match.rs

1use crate::match_validation::match_status::MatchStatus;
2use crate::{StringMatch, encoding::Encoding, path::Path};
3use serde::{Deserialize, Serialize};
4use std::fmt::Debug;
5use std::fmt::{Display, Formatter};
6
7/// Metadata about a rule match.
8#[derive(Debug, PartialEq, PartialOrd, Ord, Eq, Serialize, Deserialize)]
9pub struct RuleMatch {
10    /// The index of the rule that matched. This preserves the order
11    /// of rules that were passed into the scanner.
12    pub rule_index: usize,
13
14    /// The path where the match occurred
15    pub path: Path<'static>,
16
17    /// The type of replacement that happened
18    pub replacement_type: ReplacementType,
19
20    /// The start of the match. This points to the replaced text, and not the original text.
21    /// The index is based off of the encoding for the event.
22    pub start_index: usize,
23
24    /// The end, exclusive of the match. This points to the replaced text, and not
25    /// the original text.
26    /// The index is based off of the encoding for the event.
27    pub end_index_exclusive: usize,
28
29    ///  the difference between the end (UTF8 byte index) of the match data in the
30    ///  **INPUT** string and the end (UTF8 byte index) of the match data applied to the new **OUTPUT** string after match actions
31    ///  performed.
32    pub shift_offset: isize,
33
34    // matched string copied from content. If scanner has the return_matches set to true
35    pub match_value: Option<String>,
36
37    // match status updated by the validate_matches scanner method
38    pub match_status: MatchStatus,
39
40    /// The keyword that was found for this match. Only some rules might set this value.
41    pub keyword: Option<String>,
42}
43
44pub struct InternalRuleMatch<E: Encoding> {
45    /// index of the rule that matched
46    pub rule_index: usize,
47
48    /// The index of the start of the match from the **INPUT** string (byte index of a UTF8 string)
49    pub utf8_start: usize,
50
51    /// The index of the end of a match from the **INPUT** string, exclusive (byte index of a UTF8 string)
52    pub utf8_end: usize,
53
54    /// The start index of the match, converted to a different encoding
55    pub custom_start: <E as Encoding>::Index,
56
57    /// The end index of the match, converted to a different encoding
58    pub custom_end: <E as Encoding>::Index,
59
60    /// The keyword that was found for this match. Only some rules might set this value.
61    pub keyword: Option<String>,
62}
63
64impl<E: Encoding> InternalRuleMatch<E> {
65    pub fn new(rule_index: usize, string_match: StringMatch) -> Self {
66        Self {
67            rule_index,
68            utf8_start: string_match.start,
69            utf8_end: string_match.end,
70            custom_start: E::zero_index(),
71            custom_end: E::zero_index(),
72            keyword: string_match.keyword,
73        }
74    }
75
76    pub fn len(&self) -> usize {
77        self.utf8_end - self.utf8_start
78    }
79}
80
81#[derive(Debug, PartialEq, Eq, PartialOrd, Ord, Serialize, Deserialize)]
82pub enum ReplacementType {
83    None,
84    Placeholder,
85    Hash,
86    PartialStart,
87    PartialEnd,
88}
89
90impl Display for ReplacementType {
91    fn fmt(&self, f: &mut Formatter<'_>) -> std::fmt::Result {
92        match self {
93            ReplacementType::None => write!(f, "none"),
94            ReplacementType::Placeholder => write!(f, "placeholder"),
95            ReplacementType::Hash => write!(f, "hash"),
96            ReplacementType::PartialStart => write!(f, "partial_beginning"),
97            ReplacementType::PartialEnd => write!(f, "partial_end"),
98        }
99    }
100}