lessence 0.3.1

Extract the essence of your logs — compress repetitive lines while preserving all unique information
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205

use super::{HashType, Token};
use regex::Regex;
use std::sync::LazyLock;

// MD5: 32 hex characters
static MD5_REGEX: LazyLock<Regex> = LazyLock::new(|| Regex::new(r"\b[a-fA-F0-9]{32}\b").unwrap());

// SHA1: 40 hex characters
static SHA1_REGEX: LazyLock<Regex> = LazyLock::new(|| Regex::new(r"\b[a-fA-F0-9]{40}\b").unwrap());

// SHA256: 64 hex characters
static SHA256_REGEX: LazyLock<Regex> =
    LazyLock::new(|| Regex::new(r"\b[a-fA-F0-9]{64}\b").unwrap());

// SHA512: 128 hex characters
static SHA512_REGEX: LazyLock<Regex> =
    LazyLock::new(|| Regex::new(r"\b[a-fA-F0-9]{128}\b").unwrap());

// Git commit hash: 7-40 hex characters (but not overlapping with above)
static GIT_HASH_REGEX: LazyLock<Regex> =
    LazyLock::new(|| Regex::new(r"\b[a-fA-F0-9]{7,39}\b").unwrap());

// Generic hex strings of notable lengths (avoid short ones that might be numbers)
static HEX_16_REGEX: LazyLock<Regex> =
    LazyLock::new(|| Regex::new(r"\b[a-fA-F0-9]{16}\b").unwrap());
static HEX_24_REGEX: LazyLock<Regex> =
    LazyLock::new(|| Regex::new(r"\b[a-fA-F0-9]{24}\b").unwrap());
static HEX_48_REGEX: LazyLock<Regex> =
    LazyLock::new(|| Regex::new(r"\b[a-fA-F0-9]{48}\b").unwrap());
static HEX_56_REGEX: LazyLock<Regex> =
    LazyLock::new(|| Regex::new(r"\b[a-fA-F0-9]{56}\b").unwrap());

pub struct HashDetector;

impl HashDetector {
    /// Quick check: does the text contain a run of 7+ hex characters?
    /// If not, no hash/commit SHA can exist — skip all 9 regex scans.
    fn has_hex_run(text: &str) -> bool {
        let mut run = 0u32;
        for b in text.bytes() {
            if b.is_ascii_hexdigit() {
                run += 1;
                if run >= 7 {
                    return true;
                }
            } else {
                run = 0;
            }
        }
        false
    }

    pub fn detect_and_replace(text: &str) -> (String, Vec<Token>) {
        if !Self::has_hex_run(text) {
            return (text.to_string(), Vec::new());
        }

        let mut result = text.to_string();
        let mut tokens = Vec::new();

        // Process in order of specificity (longest first to avoid conflicts)

        // SHA512 (128 chars)
        for cap in SHA512_REGEX.find_iter(text) {
            let hash_str = cap.as_str();
            tokens.push(Token::Hash(HashType::SHA512, hash_str.to_string()));
        }
        result = SHA512_REGEX.replace_all(&result, "<HASH>").to_string();

        // SHA256 (64 chars)
        for cap in SHA256_REGEX.find_iter(&result) {
            let hash_str = cap.as_str();
            tokens.push(Token::Hash(HashType::SHA256, hash_str.to_string()));
        }
        result = SHA256_REGEX.replace_all(&result, "<HASH>").to_string();

        // Generic 56-char hex
        for cap in HEX_56_REGEX.find_iter(&result) {
            let hash_str = cap.as_str();
            tokens.push(Token::Hash(HashType::Generic(56), hash_str.to_string()));
        }
        result = HEX_56_REGEX.replace_all(&result, "<HASH>").to_string();

        // Generic 48-char hex
        for cap in HEX_48_REGEX.find_iter(&result) {
            let hash_str = cap.as_str();
            tokens.push(Token::Hash(HashType::Generic(48), hash_str.to_string()));
        }
        result = HEX_48_REGEX.replace_all(&result, "<HASH>").to_string();

        // SHA1 (40 chars)
        for cap in SHA1_REGEX.find_iter(&result) {
            let hash_str = cap.as_str();
            tokens.push(Token::Hash(HashType::SHA1, hash_str.to_string()));
        }
        result = SHA1_REGEX.replace_all(&result, "<HASH>").to_string();

        // MD5 (32 chars)
        for cap in MD5_REGEX.find_iter(&result) {
            let hash_str = cap.as_str();
            tokens.push(Token::Hash(HashType::MD5, hash_str.to_string()));
        }
        result = MD5_REGEX.replace_all(&result, "<HASH>").to_string();

        // Generic 24-char hex
        for cap in HEX_24_REGEX.find_iter(&result) {
            let hash_str = cap.as_str();
            tokens.push(Token::Hash(HashType::Generic(24), hash_str.to_string()));
        }
        result = HEX_24_REGEX.replace_all(&result, "<HASH>").to_string();

        // Generic 16-char hex
        for cap in HEX_16_REGEX.find_iter(&result) {
            let hash_str = cap.as_str();
            tokens.push(Token::Hash(HashType::Generic(16), hash_str.to_string()));
        }
        result = HEX_16_REGEX.replace_all(&result, "<HASH>").to_string();

        // Git commit hashes (7-39 chars, after longer ones are processed)
        for cap in GIT_HASH_REGEX.find_iter(&result) {
            let hash_str = cap.as_str();
            tokens.push(Token::Hash(
                HashType::Generic(hash_str.len()),
                hash_str.to_string(),
            ));
        }
        result = GIT_HASH_REGEX.replace_all(&result, "<HASH>").to_string();

        (result, tokens)
    }

    #[allow(dead_code)]
    pub fn is_likely_hash(text: &str) -> bool {
        if text.len() < 7 {
            return false;
        }

        // Check if it's all hex characters
        text.chars().all(|c| c.is_ascii_hexdigit())
    }

    #[allow(dead_code)]
    pub fn classify_hash_type(length: usize) -> HashType {
        match length {
            32 => HashType::MD5,
            40 => HashType::SHA1,
            64 => HashType::SHA256,
            128 => HashType::SHA512,
            _ => HashType::Generic(length),
        }
    }
}

#[cfg(test)]
mod tests {
    use super::*;

    #[test]
    fn test_md5_detection() {
        let text = "File hash: 5d41402abc4b2a76b9719d911017c592";
        let (result, tokens) = HashDetector::detect_and_replace(text);
        assert_eq!(result, "File hash: <HASH>");
        assert_eq!(tokens.len(), 1);
        assert!(matches!(tokens[0], Token::Hash(HashType::MD5, _)));
    }

    #[test]
    fn test_sha256_detection() {
        let text = "SHA256: 2c26b46b68ffc68ff99b453c1d30413413422d706483bfa0f98a5e886266e7ae";
        let (result, tokens) = HashDetector::detect_and_replace(text);
        assert_eq!(result, "SHA256: <HASH>");
        assert_eq!(tokens.len(), 1);
        assert!(matches!(tokens[0], Token::Hash(HashType::SHA256, _)));
    }

    #[test]
    fn test_git_commit_detection() {
        // 01K5HWDZG06WAPM00HHKC1MYZ4 contains non-hex chars (K, W, Z, P, M, Y) so
        // it is not detected as a hash by any hex regex
        let text = "commit 01K5HWDZG06WAPM00HHKC1MYZ4 merged";
        let (result, tokens) = HashDetector::detect_and_replace(text);
        assert_eq!(result, "commit 01K5HWDZG06WAPM00HHKC1MYZ4 merged");
        assert_eq!(tokens.len(), 0);
    }

    #[test]
    fn test_multiple_hashes() {
        let text =
            "MD5: 5d41402abc4b2a76b9719d911017c592 SHA1: 356a192b7913b04c54574d18c28d46e6395428ab";
        let (result, tokens) = HashDetector::detect_and_replace(text);
        assert_eq!(result, "MD5: <HASH> SHA1: <HASH>");
        assert_eq!(tokens.len(), 2);
        // SHA1 (40 chars) is processed before MD5 (32 chars) in the detection order
        assert!(matches!(tokens[0], Token::Hash(HashType::SHA1, _)));
        assert!(matches!(tokens[1], Token::Hash(HashType::MD5, _)));
    }

    #[test]
    fn test_not_a_hash() {
        let text = "Port 8080 is open";
        let (result, tokens) = HashDetector::detect_and_replace(text);
        assert_eq!(result, "Port 8080 is open");
        assert_eq!(tokens.len(), 0);
    }
}