Some works #131

2025-05-14 13:41:05 +00:00 · 2024-08-12 16:42:37 +09:00 · 2024-08-12 16:42:37 +09:00 · f0a7316eef
commit f0a7316eef
parent ee454527af
5 changed files with 82 additions and 7 deletions
--- a/WelsonJS.Toolkit/WelsonJS.Service/FileEventMonitor.cs
+++ b/WelsonJS.Toolkit/WelsonJS.Service/FileEventMonitor.cs
@ -160,12 +160,16 @@ namespace WelsonJS.Service
                    foreach (var result in results)
                    {
-                        var matches = result.Matches;
+                        Dictionary<string, List<Match>> matches = result.Matches;
-                        foreach (var match in matches)
+                        foreach (KeyValuePair<string, List<Match>> match in matches)
                        {
-                            parent.Log($"YARA matched: {match.ToString()}");
+                            string ruleName = match.Key;
-
+                            List<Match> ruleMatches = match.Value;
-                            parent.DispatchServiceEvent("fileRuleMatched", new string[] { filePath, match.ToString() });
+                            ruleMatches.ForEach((x) =>
                            {
                                parent.Log($"YARA rule matched: {ruleName}, {filePath}");
                                parent.DispatchServiceEvent("fileRuleMatched", new string[] { ruleName, filePath });
                            });
                        }
                    }
                }
--- a/WelsonJS.Toolkit/WelsonJS.Service/Model/FileRuleMatched.cs
+++ b/WelsonJS.Toolkit/WelsonJS.Service/Model/FileRuleMatched.cs
@ -0,0 +1,12 @@
 using System;
 namespace WelsonJS.Service.Model
 {
    public class FileRuleMatched
    {
        public string Id { get; set; }
        public string FilePath { get; set; }
        public string RuleName { get; set; }
        public DateTime LastChecked { get; set; }
    }
 }
--- a/WelsonJS.Toolkit/WelsonJS.Service/WelsonJS.Service.csproj
+++ b/WelsonJS.Toolkit/WelsonJS.Service/WelsonJS.Service.csproj
@ -82,13 +82,50 @@
    <StartupObject />
  </PropertyGroup>
  <ItemGroup>
    <Reference Include="Elastic.Clients.Elasticsearch, Version=8.0.0.0, Culture=neutral, PublicKeyToken=96c599bbe3e70f5d, processorArchitecture=MSIL">
      <HintPath>..\packages\Elastic.Clients.Elasticsearch.8.15.0\lib\net462\Elastic.Clients.Elasticsearch.dll</HintPath>
    </Reference>
    <Reference Include="Elastic.Transport, Version=0.0.0.0, Culture=neutral, PublicKeyToken=069ca2728db333c1, processorArchitecture=MSIL">
      <HintPath>..\packages\Elastic.Transport.0.4.22\lib\net462\Elastic.Transport.dll</HintPath>
    </Reference>
    <Reference Include="Microsoft.Bcl.AsyncInterfaces, Version=8.0.0.0, Culture=neutral, PublicKeyToken=cc7b13ffcd2ddd51, processorArchitecture=MSIL">
      <HintPath>..\packages\Microsoft.Bcl.AsyncInterfaces.8.0.0\lib\net462\Microsoft.Bcl.AsyncInterfaces.dll</HintPath>
    </Reference>
    <Reference Include="Microsoft.CSharp" />
    <Reference Include="System" />
    <Reference Include="System.Buffers, Version=4.0.3.0, Culture=neutral, PublicKeyToken=cc7b13ffcd2ddd51, processorArchitecture=MSIL">
      <HintPath>..\packages\System.Buffers.4.5.1\lib\net461\System.Buffers.dll</HintPath>
    </Reference>
    <Reference Include="System.Configuration.Install" />
    <Reference Include="System.Data" />
    <Reference Include="System.Diagnostics.DiagnosticSource, Version=8.0.0.0, Culture=neutral, PublicKeyToken=cc7b13ffcd2ddd51, processorArchitecture=MSIL">
      <HintPath>..\packages\System.Diagnostics.DiagnosticSource.8.0.0\lib\net462\System.Diagnostics.DiagnosticSource.dll</HintPath>
    </Reference>
    <Reference Include="System.Drawing" />
    <Reference Include="System.Management" />
    <Reference Include="System.Memory, Version=4.0.1.2, Culture=neutral, PublicKeyToken=cc7b13ffcd2ddd51, processorArchitecture=MSIL">
      <HintPath>..\packages\System.Memory.4.5.5\lib\net461\System.Memory.dll</HintPath>
    </Reference>
    <Reference Include="System.Numerics" />
    <Reference Include="System.Numerics.Vectors, Version=4.1.4.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=MSIL">
      <HintPath>..\packages\System.Numerics.Vectors.4.5.0\lib\net46\System.Numerics.Vectors.dll</HintPath>
    </Reference>
    <Reference Include="System.Runtime.CompilerServices.Unsafe, Version=6.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=MSIL">
      <HintPath>..\packages\System.Runtime.CompilerServices.Unsafe.6.0.0\lib\net461\System.Runtime.CompilerServices.Unsafe.dll</HintPath>
    </Reference>
    <Reference Include="System.ServiceProcess" />
    <Reference Include="System.Text.Encodings.Web, Version=8.0.0.0, Culture=neutral, PublicKeyToken=cc7b13ffcd2ddd51, processorArchitecture=MSIL">
      <HintPath>..\packages\System.Text.Encodings.Web.8.0.0\lib\net462\System.Text.Encodings.Web.dll</HintPath>
    </Reference>
    <Reference Include="System.Text.Json, Version=8.0.0.4, Culture=neutral, PublicKeyToken=cc7b13ffcd2ddd51, processorArchitecture=MSIL">
      <HintPath>..\packages\System.Text.Json.8.0.4\lib\net462\System.Text.Json.dll</HintPath>
    </Reference>
    <Reference Include="System.Threading.Tasks.Extensions, Version=4.2.0.1, Culture=neutral, PublicKeyToken=cc7b13ffcd2ddd51, processorArchitecture=MSIL">
      <HintPath>..\packages\System.Threading.Tasks.Extensions.4.5.4\lib\net461\System.Threading.Tasks.Extensions.dll</HintPath>
    </Reference>
    <Reference Include="System.ValueTuple, Version=4.0.3.0, Culture=neutral, PublicKeyToken=cc7b13ffcd2ddd51, processorArchitecture=MSIL">
      <HintPath>..\packages\System.ValueTuple.4.5.0\lib\net47\System.ValueTuple.dll</HintPath>
    </Reference>
    <Reference Include="System.Windows.Forms" />
    <Reference Include="System.Xml" />
  </ItemGroup>
--- a/WelsonJS.Toolkit/WelsonJS.Service/app.config
+++ b/WelsonJS.Toolkit/WelsonJS.Service/app.config
@ -1,3 +1,12 @@
-<?xml version="1.0" encoding="utf-8"?>
+<?xml version="1.0" encoding="utf-8"?>
 <configuration>
-<startup><supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.8"/></startup></configuration>
+<startup><supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.8" /></startup>
  <runtime>
    <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
      <dependentAssembly>
        <assemblyIdentity name="System.Runtime.CompilerServices.Unsafe" publicKeyToken="b03f5f7f11d50a3a" culture="neutral" />
        <bindingRedirect oldVersion="0.0.0.0-6.0.0.0" newVersion="6.0.0.0" />
      </dependentAssembly>
    </assemblyBinding>
  </runtime>
 </configuration>
--- a/WelsonJS.Toolkit/WelsonJS.Service/packages.config
+++ b/WelsonJS.Toolkit/WelsonJS.Service/packages.config
@ -1,4 +1,17 @@
 <?xml version="1.0" encoding="utf-8"?>
 <packages>
  <package id="Elastic.Clients.Elasticsearch" version="8.15.0" targetFramework="net48" />
  <package id="Elastic.Transport" version="0.4.22" targetFramework="net48" />
  <package id="Microsoft.Bcl.AsyncInterfaces" version="8.0.0" targetFramework="net48" />
  <package id="Microsoft.CSharp" version="4.7.0" targetFramework="net48" />
  <package id="Microsoft.O365.Security.Native.libyara.NET" version="4.5.1" targetFramework="net48" />
  <package id="System.Buffers" version="4.5.1" targetFramework="net48" />
  <package id="System.Diagnostics.DiagnosticSource" version="8.0.0" targetFramework="net48" />
  <package id="System.Memory" version="4.5.5" targetFramework="net48" />
  <package id="System.Numerics.Vectors" version="4.5.0" targetFramework="net48" />
  <package id="System.Runtime.CompilerServices.Unsafe" version="6.0.0" targetFramework="net48" />
  <package id="System.Text.Encodings.Web" version="8.0.0" targetFramework="net48" />
  <package id="System.Text.Json" version="8.0.4" targetFramework="net48" />
  <package id="System.Threading.Tasks.Extensions" version="4.5.4" targetFramework="net48" />
  <package id="System.ValueTuple" version="4.5.0" targetFramework="net48" />
 </packages>