perf: sort each file

Yamato-Security · Jan 10, 2025 · 6e373e5 · 6e373e5
1 parent ee6ce99
commit 6e373e5
Show file tree

Hide file tree

Showing 4 changed files with 46 additions and 37 deletions.
diff --git a/src/afterfact.rs b/src/afterfact.rs
@@ -258,7 +258,7 @@ fn output_afterfact_inner(
     }
 
     // sort and filter detect infos
-    sort_detect_info(detect_infos);
+    detect_infos.sort();
     let duplicate_idxes = if stored_static
         .output_option
         .as_ref()
@@ -934,40 +934,7 @@ pub fn output_additional_afterfact(
     }
 }
 
-pub fn sort_detect_info(detect_infos: &mut [DetectInfo]) {
-    detect_infos.sort_unstable_by(|a, b| {
-        let cmp_time = a.detected_time.cmp(&b.detected_time);
-        if cmp_time != Ordering::Equal {
-            return cmp_time;
-        }
-
-        let a_level = get_level_suffix(a.level.as_str());
-        let b_level = get_level_suffix(b.level.as_str());
-        let level_cmp = a_level.cmp(&b_level);
-        if level_cmp != Ordering::Equal {
-            return level_cmp;
-        }
-
-        let event_id_cmp = a.eventid.cmp(&b.eventid);
-        if event_id_cmp != Ordering::Equal {
-            return event_id_cmp;
-        }
-
-        let rulepath_cmp = a.rulepath.cmp(&b.rulepath);
-        if rulepath_cmp != Ordering::Equal {
-            return rulepath_cmp;
-        }
-
-        let computer_cmp = a.computername.cmp(&b.computername);
-        if computer_cmp != Ordering::Equal {
-            return computer_cmp;
-        }
-
-        a.rec_id.cmp(&b.rec_id)
-    });
-}
-
-fn get_level_suffix(level_str: &str) -> usize {
+pub fn get_level_suffix(level_str: &str) -> usize {
     *LEVEL_MAP
         .get(
             LEVEL_FULL

diff --git a/src/detections/message.rs b/src/detections/message.rs
@@ -1,6 +1,8 @@
 extern crate lazy_static;
+
 use super::configs::EventKeyAliasConfig;
 use super::utils::{get_writable_color, remove_sp_char};
+use crate::afterfact::get_level_suffix;
 use crate::detections::configs::CURRENT_EXE_PATH;
 use crate::detections::field_data_map::{convert_field_data, FieldDataMap, FieldDataMapKey};
 use crate::detections::rule::AggResult;
@@ -20,13 +22,13 @@ use nested::Nested;
 use regex::Regex;
 use rust_embed::Embed;
 use serde_json::Value;
+use std::cmp::Ordering;
 use std::env;
 use std::fs::{create_dir, File};
 use std::io::{self, BufWriter, Write};
 use std::path::Path;
 use std::sync::Mutex;
 use termcolor::{BufferWriter, Color, ColorChoice};
-
 /*
  * This struct express log record
 */
@@ -47,6 +49,45 @@ pub struct DetectInfo {
     pub details_convert_map: HashMap<CompactString, Vec<CompactString>>,
 }
 
+impl Ord for DetectInfo {
+    fn cmp(&self, other: &Self) -> Ordering {
+        let cmp_time = self.detected_time.cmp(&other.detected_time);
+        if cmp_time != Ordering::Equal {
+            return cmp_time;
+        }
+
+        let a_level = get_level_suffix(self.level.as_str());
+        let b_level = get_level_suffix(other.level.as_str());
+        let level_cmp = a_level.cmp(&b_level);
+        if level_cmp != Ordering::Equal {
+            return level_cmp;
+        }
+
+        let event_id_cmp = self.eventid.cmp(&other.eventid);
+        if event_id_cmp != Ordering::Equal {
+            return event_id_cmp;
+        }
+
+        let rulepath_cmp = self.rulepath.cmp(&other.rulepath);
+        if rulepath_cmp != Ordering::Equal {
+            return rulepath_cmp;
+        }
+
+        let computer_cmp = self.computername.cmp(&other.computername);
+        if computer_cmp != Ordering::Equal {
+            return computer_cmp;
+        }
+
+        self.rec_id.cmp(&other.rec_id)
+    }
+}
+
+impl PartialOrd for DetectInfo {
+    fn partial_cmp(&self, other: &Self) -> Option<Ordering> {
+        Some(self.cmp(other))
+    }
+}
+
 pub struct AlertMessage {}
 
 #[derive(Embed)]

diff --git a/src/main.rs b/src/main.rs
@@ -1899,6 +1899,7 @@ impl App {
             afterfact_info.record_cnt += cnt_tmp as u128;
             afterfact_info.recover_record_cnt += recover_cnt_tmp as u128;
             all_detect_infos.append(&mut detect_infos);
+            all_detect_infos.sort();
             if is_show_progress {
                 pb.inc(1);
             }

diff --git a/src/yaml_expand.rs b/src/yaml_expand.rs
@@ -97,7 +97,7 @@ pub fn read_expand_files<P: AsRef<Path>>(dir: P) -> io::Result<HashMap<String, V
     if let Ok(entries) = fs::read_dir(dir) {
         for entry in entries.flatten() {
             let path = entry.path();
-            if path.is_file() && path.extension().map_or(false, |ext| ext == "txt") {
+            if path.is_file() && path.extension().is_some_and(|ext| ext == "txt") {
                 if let Some(key) = path.file_stem().and_then(|s| s.to_str()) {
                     let file = fs::File::open(&path)?;
                     let reader = io::BufReader::new(file);