Merge pull request #814 from Yamato-Security/807-fix-mitretag-value

fix: change TAGS_CONFIG.values iterator to vec

CHANGELOG-Japanese.md

@@ -14,6 +14,7 @@
 **バグ修正:**
 
 - `Data`フィールドを使ったルールが検知できていない問題を修正した。 (#775) (@hitenkoku)
+- プロファイルの出力で`%MitreTags%` と`%MitreTactics%` の出力が抜け落ちてしまう問題を修正した。 (#780) (@fukusuket)
 
 ## 1.8.0 [2022/11/07]
 

CHANGELOG.md

@@ -14,6 +14,7 @@
 **Bug Fixes:**
 
 - Fixed a problem where rules using the `Data` field were not being detected. (#775) (@hitenkoku)
+- Fixed `%MitreTags%` and `%MitreTactics%` profile output randomly miss values. (#807) (@fukusuket)
 
 ## 1.8.0 [2022/11/07]
 

src/detections/detection.rs

@@ -260,7 +260,7 @@ impl Detection {
         let level = rule.yaml["level"].as_str().unwrap_or("-").to_string();
 
         let mut profile_converter: HashMap<String, Profile> = HashMap::new();
-        let mut tags_config_values = TAGS_CONFIG.values();
+        let tags_config_values: Vec<&String> = TAGS_CONFIG.values().collect();
         for (key, profile) in PROFILES.as_ref().unwrap().iter() {
             match profile {
                 Timestamp(_) => {
@@ -344,7 +344,7 @@ impl Detection {
                     let tactics = CompactString::from(
                         &tag_info
                             .iter()
-                            .filter(|x| tags_config_values.contains(&x.to_string()))
+                            .filter(|x| tags_config_values.contains(&&x.to_string()))
                             .join(" ¦ "),
                     );
 
@@ -355,7 +355,7 @@ impl Detection {
                         &tag_info
                             .iter()
                             .filter(|x| {
-                                !tags_config_values.contains(&x.to_string())
+                                !tags_config_values.contains(&&x.to_string())
                                     && (x.starts_with("attack.t")
                                         || x.starts_with("attack.g")
                                         || x.starts_with("attack.s"))
@@ -471,7 +471,7 @@ impl Detection {
 
         let mut profile_converter: HashMap<String, Profile> = HashMap::new();
         let level = rule.yaml["level"].as_str().unwrap_or("-").to_string();
-        let mut tags_config_values = TAGS_CONFIG.values();
+        let tags_config_values: Vec<&String> = TAGS_CONFIG.values().collect();
 
         for (key, profile) in PROFILES.as_ref().unwrap().iter() {
             match profile {
@@ -538,7 +538,7 @@ impl Detection {
                     let tactics = CompactString::from(
                         &tag_info
                             .iter()
-                            .filter(|x| tags_config_values.contains(&x.to_string()))
+                            .filter(|x| tags_config_values.contains(&&x.to_string()))
                             .join(" ¦ "),
                     );
                     profile_converter.insert(key.to_string(), MitreTactics(tactics));
@@ -548,7 +548,7 @@ impl Detection {
                         &tag_info
                             .iter()
                             .filter(|x| {
-                                !tags_config_values.contains(&x.to_string())
+                                !tags_config_values.contains(&&x.to_string())
                                     && (x.starts_with("attack.t")
                                         || x.starts_with("attack.g")
                                         || x.starts_with("attack.s"))
@@ -566,7 +566,7 @@ impl Detection {
                         &tag_info
                             .iter()
                             .filter(|x| {
-                                !(tags_config_values.contains(&x.to_string())
+                                !(tags_config_values.contains(&&x.to_string())
                                     || x.starts_with("attack.t")
                                     || x.starts_with("attack.g")
                                     || x.starts_with("attack.s"))