Skip to main content

rsigma_convert/
output.rs

1use crate::error::ConvertError;
2
3/// Output from converting a single Sigma rule.
4#[derive(Debug)]
5pub struct ConversionResult {
6    pub rule_title: String,
7    pub rule_id: Option<String>,
8    pub queries: Vec<String>,
9    /// Non-fatal diagnostics for this rule. Populated when a backend can only
10    /// approximate a requested feature (the Sigma "should warn, still convert"
11    /// case), as opposed to a hard [`ConvertError`] which fails the rule.
12    pub warnings: Vec<String>,
13}
14
15/// Aggregated output from converting a collection of rules.
16#[derive(Debug)]
17pub struct ConversionOutput {
18    pub queries: Vec<ConversionResult>,
19    pub errors: Vec<(String, ConvertError)>,
20}
21
22impl ConversionOutput {
23    /// Iterate over every non-fatal warning as `(rule_title, message)` pairs.
24    pub fn warnings(&self) -> impl Iterator<Item = (&str, &str)> {
25        self.queries.iter().flat_map(|r| {
26            r.warnings
27                .iter()
28                .map(move |w| (r.rule_title.as_str(), w.as_str()))
29        })
30    }
31
32    pub fn new() -> Self {
33        Self {
34            queries: Vec::new(),
35            errors: Vec::new(),
36        }
37    }
38}
39
40impl Default for ConversionOutput {
41    fn default() -> Self {
42        Self::new()
43    }
44}