admin/ghost
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix all clippy lints and pass CI checks

Browse Source 
- Box large enum variants in EventData to reduce memory footprint
- Add Default trait implementations for types with new() methods
- Replace or_insert_with(Vec::new) with or_default()
- Convert vec init+push patterns to vec! macro
- Fix field reassignment with default initialization
- Convert match to if for simple equality checks
- Remove unused Backend type parameters from TUI draw functions
- Apply rustfmt formatting

All tests passing (24 total). Zero clippy warnings. Ready for CI/CD.
This commit is contained in:
pandaadir05
2025-11-20 15:13:16 +02:00
parent 27dffbd108
commit 655585d9ef
7 changed files with 187 additions and 166 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
ghost-core/src/streaming.rs
View File

@@ -75,11 +75,11 @@ pub enum EventSeverity {
#[derive(Debug, Clone, Serialize, Deserialize)]
pub enum EventData {
Detection(DetectionEventData),
ThreatIntel(ThreatIntelEventData),
Detection(Box<DetectionEventData>),
ThreatIntel(Box<ThreatIntelEventData>),
Evasion(EvasionEventData),
System(SystemEventData),
Alert(AlertEventData),
Alert(Box<AlertEventData>),
Performance(PerformanceEventData),
}
@@ -559,11 +559,11 @@ impl EventStreamingSystem {
ThreatLevel::Suspicious => EventSeverity::Medium,
ThreatLevel::Malicious => EventSeverity::High,
},
data: EventData::Detection(DetectionEventData {
data: EventData::Detection(Box::new(DetectionEventData {
detection_result: detection,
analysis_duration: Duration::from_millis(100), // Would be actual duration
confidence_threshold: 0.7,
}),
})),
correlation_id: None,
tags: vec!["process-injection".to_string(), "detection".to_string()],
};

230
ghost-core/src/testing.rs
View File

@@ -398,80 +398,78 @@ impl TestFramework {
/// Create detection engine unit tests
fn create_detection_engine_tests(&mut self) {
let mut test_cases = Vec::new();
// Test clean process detection
test_cases.push(TestCase {
name: "clean_process_detection".to_string(),
description: "Verify clean processes are not flagged".to_string(),
test_function: TestFunction::DetectionTest(DetectionTestParams {
process_data: ProcessTestData {
name: "notepad.exe".to_string(),
pid: 1234,
path: Some("C:\\Windows\\System32\\notepad.exe".to_string()),
thread_count: 1,
suspicious_indicators: Vec::new(),
},
memory_data: vec![MemoryTestData {
base_address: 0x400000,
size: 0x10000,
protection: MemoryProtection::ReadExecute,
contains_shellcode: false,
shellcode_pattern: None,
}],
thread_data: vec![ThreadTestData {
tid: 5678,
entry_point: 0x401000,
stack_base: 0x500000,
stack_size: 0x10000,
is_suspicious: false,
}],
injection_type: None,
}),
expected_result: ExpectedResult::ThreatLevel(ThreatLevel::Clean),
timeout: Duration::from_secs(5),
tags: vec!["unit".to_string(), "detection".to_string()],
});
// Test malicious process detection
test_cases.push(TestCase {
name: "malicious_process_detection".to_string(),
description: "Verify malicious processes are properly detected".to_string(),
test_function: TestFunction::DetectionTest(DetectionTestParams {
process_data: ProcessTestData {
name: "malware.exe".to_string(),
pid: 9999,
path: Some("C:\\Temp\\malware.exe".to_string()),
thread_count: 5,
suspicious_indicators: vec![
"High RWX memory usage".to_string(),
"Suspicious API calls".to_string(),
],
},
memory_data: vec![MemoryTestData {
base_address: 0x200000,
size: 0x1000,
protection: MemoryProtection::ReadWriteExecute,
contains_shellcode: true,
shellcode_pattern: Some(vec![0x90, 0x90, 0xEB, 0xFE]), // NOP NOP JMP -2
}],
thread_data: vec![ThreadTestData {
tid: 1111,
entry_point: 0x200000,
stack_base: 0x600000,
stack_size: 0x10000,
is_suspicious: true,
}],
injection_type: Some(InjectionTestType::ShellcodeInjection),
}),
expected_result: ExpectedResult::ThreatLevel(ThreatLevel::Malicious),
timeout: Duration::from_secs(10),
tags: vec![
"unit".to_string(),
"detection".to_string(),
"malware".to_string(),
],
});
let test_cases = vec![
TestCase {
name: "clean_process_detection".to_string(),
description: "Verify clean processes are not flagged".to_string(),
test_function: TestFunction::DetectionTest(DetectionTestParams {
process_data: ProcessTestData {
name: "notepad.exe".to_string(),
pid: 1234,
path: Some("C:\\Windows\\System32\\notepad.exe".to_string()),
thread_count: 1,
suspicious_indicators: Vec::new(),
},
memory_data: vec![MemoryTestData {
base_address: 0x400000,
size: 0x10000,
protection: MemoryProtection::ReadExecute,
contains_shellcode: false,
shellcode_pattern: None,
}],
thread_data: vec![ThreadTestData {
tid: 5678,
entry_point: 0x401000,
stack_base: 0x500000,
stack_size: 0x10000,
is_suspicious: false,
}],
injection_type: None,
}),
expected_result: ExpectedResult::ThreatLevel(ThreatLevel::Clean),
timeout: Duration::from_secs(5),
tags: vec!["unit".to_string(), "detection".to_string()],
},
// Test malicious process detection
TestCase {
name: "malicious_process_detection".to_string(),
description: "Verify malicious processes are properly detected".to_string(),
test_function: TestFunction::DetectionTest(DetectionTestParams {
process_data: ProcessTestData {
name: "malware.exe".to_string(),
pid: 9999,
path: Some("C:\\Temp\\malware.exe".to_string()),
thread_count: 5,
suspicious_indicators: vec![
"High RWX memory usage".to_string(),
"Suspicious API calls".to_string(),
],
},
memory_data: vec![MemoryTestData {
base_address: 0x200000,
size: 0x1000,
protection: MemoryProtection::ReadWriteExecute,
contains_shellcode: true,
shellcode_pattern: Some(vec![0x90, 0x90, 0xEB, 0xFE]), // NOP NOP JMP -2
}],
thread_data: vec![ThreadTestData {
tid: 1111,
entry_point: 0x200000,
stack_base: 0x600000,
stack_size: 0x10000,
is_suspicious: true,
}],
injection_type: Some(InjectionTestType::ShellcodeInjection),
}),
expected_result: ExpectedResult::ThreatLevel(ThreatLevel::Malicious),
timeout: Duration::from_secs(10),
tags: vec![
"unit".to_string(),
"detection".to_string(),
"malware".to_string(),
],
},
];
let test_suite = TestSuite {
name: "detection_engine_tests".to_string(),
@@ -487,10 +485,7 @@ impl TestFramework {
/// Create shellcode detection tests
fn create_shellcode_detection_tests(&mut self) {
let mut test_cases = Vec::new();
// Test common shellcode patterns
test_cases.push(TestCase {
let test_cases = vec![TestCase {
name: "common_shellcode_patterns".to_string(),
description: "Detect common shellcode patterns".to_string(),
test_function: TestFunction::DetectionTest(DetectionTestParams {
@@ -519,7 +514,7 @@ impl TestFramework {
expected_result: ExpectedResult::IndicatorPresent("Shellcode detected".to_string()),
timeout: Duration::from_secs(5),
tags: vec!["unit".to_string(), "shellcode".to_string()],
});
}];
let test_suite = TestSuite {
name: "shellcode_detection_tests".to_string(),
@@ -535,9 +530,7 @@ impl TestFramework {
/// Create process hollowing detection tests
fn create_process_hollowing_tests(&mut self) {
let mut test_cases = Vec::new();
test_cases.push(TestCase {
let test_cases = vec![TestCase {
name: "process_hollowing_detection".to_string(),
description: "Detect process hollowing techniques".to_string(),
test_function: TestFunction::DetectionTest(DetectionTestParams {
@@ -564,7 +557,7 @@ impl TestFramework {
expected_result: ExpectedResult::IndicatorPresent("Process hollowing".to_string()),
timeout: Duration::from_secs(10),
tags: vec!["unit".to_string(), "hollowing".to_string()],
});
}];
let test_suite = TestSuite {
name: "process_hollowing_tests".to_string(),
@@ -580,9 +573,7 @@ impl TestFramework {
/// Create evasion detection tests
fn create_evasion_detection_tests(&mut self) {
let mut test_cases = Vec::new();
test_cases.push(TestCase {
let test_cases = vec![TestCase {
name: "anti_debug_detection".to_string(),
description: "Detect anti-debugging techniques".to_string(),
test_function: TestFunction::DetectionTest(DetectionTestParams {
@@ -603,7 +594,7 @@ impl TestFramework {
expected_result: ExpectedResult::IndicatorPresent("Evasion technique".to_string()),
timeout: Duration::from_secs(15),
tags: vec!["unit".to_string(), "evasion".to_string()],
});
}];
let test_suite = TestSuite {
name: "evasion_detection_tests".to_string(),
@@ -625,39 +616,38 @@ impl TestFramework {
/// Create performance benchmark tests
fn create_performance_tests(&mut self) {
let mut benchmarks = Vec::new();
benchmarks.push(Benchmark {
name: "single_process_analysis".to_string(),
description: "Benchmark single process analysis performance".to_string(),
benchmark_function: BenchmarkFunction::ProcessAnalysis(ProcessAnalysisBenchmark {
process_count: 1,
complexity_level: ComplexityLevel::Moderate,
}),
warm_up_iterations: 10,
measurement_iterations: 100,
target_metrics: vec![
PerformanceMetric::ExecutionTime,
PerformanceMetric::MemoryUsage,
PerformanceMetric::CPUUtilization,
],
});
benchmarks.push(Benchmark {
name: "bulk_process_analysis".to_string(),
description: "Benchmark bulk process analysis performance".to_string(),
benchmark_function: BenchmarkFunction::ProcessAnalysis(ProcessAnalysisBenchmark {
process_count: 100,
complexity_level: ComplexityLevel::Simple,
}),
warm_up_iterations: 5,
measurement_iterations: 20,
target_metrics: vec![
PerformanceMetric::ThroughputRate,
PerformanceMetric::LatencyP95,
PerformanceMetric::MemoryUsage,
],
});
let benchmarks = vec![
Benchmark {
name: "single_process_analysis".to_string(),
description: "Benchmark single process analysis performance".to_string(),
benchmark_function: BenchmarkFunction::ProcessAnalysis(ProcessAnalysisBenchmark {
process_count: 1,
complexity_level: ComplexityLevel::Moderate,
}),
warm_up_iterations: 10,
measurement_iterations: 100,
target_metrics: vec![
PerformanceMetric::ExecutionTime,
PerformanceMetric::MemoryUsage,
PerformanceMetric::CPUUtilization,
],
},
Benchmark {
name: "bulk_process_analysis".to_string(),
description: "Benchmark bulk process analysis performance".to_string(),
benchmark_function: BenchmarkFunction::ProcessAnalysis(ProcessAnalysisBenchmark {
process_count: 100,
complexity_level: ComplexityLevel::Simple,
}),
warm_up_iterations: 5,
measurement_iterations: 20,
target_metrics: vec![
PerformanceMetric::ThroughputRate,
PerformanceMetric::LatencyP95,
PerformanceMetric::MemoryUsage,
],
},
];
let benchmark_suite = BenchmarkSuite {
name: "performance_benchmarks".to_string(),

34
ghost-core/src/threat_intel.rs
View File

@@ -296,6 +296,12 @@ pub struct CertificateInfo {
pub valid_to: SystemTime,
}
impl Default for ThreatIntelligence {
fn default() -> Self {
Self::new()
}
}
impl ThreatIntelligence {
pub fn new() -> Self {
Self {
@@ -551,6 +557,12 @@ impl ThreatIntelligence {
}
}
impl Default for IocDatabase {
fn default() -> Self {
Self::new()
}
}
impl IocDatabase {
pub fn new() -> Self {
Self {
@@ -570,13 +582,13 @@ impl IocDatabase {
IocType::FileHash => {
self.hash_index
.entry(ioc.value.clone())
.or_insert_with(Vec::new)
.or_default()
.push(ioc.id.clone());
}
IocType::MemorySignature | IocType::BehaviorPattern => {
self.pattern_index
.entry(ioc.value.clone())
.or_insert_with(Vec::new)
.or_default()
.push(ioc.id.clone());
}
_ => {}
@@ -637,6 +649,12 @@ impl IocDatabase {
}
}
impl Default for AttributionEngine {
fn default() -> Self {
Self::new()
}
}
impl AttributionEngine {
pub fn new() -> Self {
Self {
@@ -725,6 +743,12 @@ impl AttributionEngine {
}
}
impl Default for SimilarityCalculator {
fn default() -> Self {
Self::new()
}
}
impl SimilarityCalculator {
pub fn new() -> Self {
Self {
@@ -735,6 +759,12 @@ impl SimilarityCalculator {
}
}
impl Default for ReputationCache {
fn default() -> Self {
Self::new()
}
}
impl ReputationCache {
pub fn new() -> Self {
Self {

12
ghost-core/tests/detection_tests.rs
View File

@@ -139,8 +139,10 @@ mod tests {
let config = DetectionConfig::default();
assert!(config.validate().is_ok());
let mut invalid_config = DetectionConfig::default();
invalid_config.confidence_threshold = 1.5; // Invalid
let mut invalid_config = DetectionConfig {
confidence_threshold: 1.5, // Invalid
..Default::default()
};
assert!(invalid_config.validate().is_err());
invalid_config.confidence_threshold = -0.1; // Invalid
@@ -165,8 +167,10 @@ mod tests {
#[test]
fn test_engine_with_custom_config() {
let mut config = DetectionConfig::default();
config.hook_detection = false;
let config = DetectionConfig {
hook_detection: false,
..Default::default()
};
let mut engine =
DetectionEngine::with_config(Some(config)).expect("Failed to create engine");