feat: add -i flag in boreal-cli

vthib · Dec 31, 2023 · 25a35f8 · 25a35f8
1 parent ce64391
commit 25a35f8
Show file tree

Hide file tree

Showing 2 changed files with 56 additions and 0 deletions.
diff --git a/boreal-cli/src/main.rs b/boreal-cli/src/main.rs
@@ -143,6 +143,14 @@ fn build_command() -> Command {
                 .action(ArgAction::SetTrue)
                 .help("Print rule tags"),
         )
+        .arg(
+            Arg::new("identifier")
+                .short('i')
+                .long("identifier")
+                .value_name("IDENTIFIER")
+                .value_parser(value_parser!(String))
+                .help("Print only rules with the given name"),
+        )
         .arg(
             Arg::new("tag")
                 .short('t')
@@ -366,6 +374,7 @@ struct ScanOptions {
     print_string_length: bool,
     print_tags: bool,
     no_mmap: bool,
+    identifier: Option<String>,
     tag: Option<String>,
 }
 
@@ -381,6 +390,7 @@ impl ScanOptions {
             } else {
                 false
             },
+            identifier: args.get_one("identifier").cloned(),
             tag: args.get_one("tag").cloned(),
         }
     }
@@ -443,6 +453,11 @@ fn display_scan_results(res: ScanResult, what: &str, options: &ScanOptions) {
 
     // Then, print matching rules.
     for rule in res.matched_rules {
+        if let Some(id) = options.identifier.as_ref() {
+            if rule.name != id {
+                continue;
+            }
+        }
         if let Some(tag) = options.tag.as_ref() {
             if rule.tags.iter().all(|t| t != tag) {
                 continue;
@@ -683,6 +698,7 @@ mod tests {
             print_string_length: false,
             print_tags: false,
             no_mmap: false,
+            identifier: None,
             tag: None,
         });
         test_non_clonable(Input::Process(32));

diff --git a/boreal-cli/tests/cli.rs b/boreal-cli/tests/cli.rs
@@ -862,6 +862,46 @@ rule tag3: first second third {
         .success();
 }
 
+#[test]
+fn test_identifier() {
+    let rule_file = test_file(
+        br#"
+rule first { condition: true }
+rule second { condition: true }
+"#,
+    );
+
+    let input = test_file(b"");
+    let path = input.path().display();
+
+    // Test filter by identifier
+    cmd()
+        .arg("-i")
+        .arg("first")
+        .arg(rule_file.path())
+        .arg(input.path())
+        .assert()
+        .stdout(format!("first {path}\n"))
+        .stderr("")
+        .success();
+    cmd()
+        .arg("--identifier=second")
+        .arg(rule_file.path())
+        .arg(input.path())
+        .assert()
+        .stdout(format!("second {path}\n"))
+        .stderr("")
+        .success();
+    cmd()
+        .arg("--identifier=third")
+        .arg(rule_file.path())
+        .arg(input.path())
+        .assert()
+        .stdout("")
+        .stderr("")
+        .success();
+}
+
 #[test]
 fn test_print_string_matches() {
     let rule_file = test_file(