Optimize

jjxtra · jjxtra · commit 1a9409d8b15e · 2024-11-08T07:33:50.000-07:00
diff --git a/IPBanCore/Windows/IPBanWindowsEventViewer.cs b/IPBanCore/Windows/IPBanWindowsEventViewer.cs
@@ -103,35 +103,36 @@ public void Dispose()
         public IReadOnlyCollection<IPAddressLogEvent> ProcessEventViewerXml(string xml)
         {
             Logger.Trace("Processing event viewer xml: {0}", xml);
-            List<IPAddressLogEvent> events = [];
             XmlDocument doc = ParseXml(xml);
+            var extractedEvents = ExtractEventViewerXml(doc);
 
-            foreach (var evt in ExtractEventViewerXml(doc))
+            foreach (var extractedEvent in extractedEvents)
             {
-                if (evt is not null &&
-                    evt.IPAddress is not null &&
-                    (evt.Type == IPAddressEventType.FailedLogin ||
-                    evt.Type == IPAddressEventType.SuccessfulLogin))
+                if (extractedEvent is not null &&
+                    extractedEvent.IPAddress is not null &&
+                    (extractedEvent.Type == IPAddressEventType.FailedLogin ||
+                    extractedEvent.Type == IPAddressEventType.SuccessfulLogin))
                 {
-                    if (!FindSourceAndUserNameForInfo(evt, doc))
+                    if (!FindSourceAndUserNameForInfo(extractedEvent, doc))
                     {
                         // bad ip address
                         continue;
                     }
-                    else if (evt.Type == IPAddressEventType.SuccessfulLogin &&
-                        !string.IsNullOrWhiteSpace(evt.UserName) &&
-                        evt.UserName.Contains("anonymous", StringComparison.OrdinalIgnoreCase))
+                    else if (extractedEvent.Type == IPAddressEventType.SuccessfulLogin &&
+                        !string.IsNullOrWhiteSpace(extractedEvent.UserName) &&
+                        extractedEvent.UserName.Contains("anonymous", StringComparison.OrdinalIgnoreCase))
                     {
-                        Logger.Debug("Ignoring anonymous login from windows event viewer: {0}", evt.UserName);
-                        evt.Type = IPAddressEventType.None;
+                        Logger.Debug("Ignoring anonymous login from windows event viewer: {0}", extractedEvent.UserName);
+                        extractedEvent.Type = IPAddressEventType.None;
                     }
-                    service.AddIPAddressLogEvents(new IPAddressLogEvent[] { evt });
-                    Logger.Debug("Event viewer found: {0}, {1}, {2}, {3}", evt.IPAddress, evt.Source, evt.UserName, evt.Type);
+
+                    Logger.Debug("Event viewer found: {0}, {1}, {2}, {3}", extractedEvent.IPAddress, extractedEvent.Source, extractedEvent.UserName, extractedEvent.Type);
                 }
-                events.Add(evt);
             }
 
-            return events;
+            service.AddIPAddressLogEvents(extractedEvents);
+
+            return extractedEvents;
         }
 
         private static bool FindSourceAndUserNameForInfo(IPAddressLogEvent info, XmlDocument doc)
@@ -166,12 +167,13 @@ private static bool FindSourceAndUserNameForInfo(IPAddressLogEvent info, XmlDocu
             return true;
         }
 
-        private IEnumerable<IPAddressLogEvent> ExtractEventViewerXml(XmlDocument doc)
+        private List<IPAddressLogEvent> ExtractEventViewerXml(XmlDocument doc)
         {
+            List<IPAddressLogEvent> events = [];
             XmlNode keywordsNode = doc.SelectSingleNode("//Keywords");
             if (keywordsNode is null)
             {
-                yield break;
+                return [];
             }
 
             string keywordsText = keywordsNode.InnerText;
@@ -285,11 +287,13 @@ private IEnumerable<IPAddressLogEvent> ExtractEventViewerXml(XmlDocument doc)
                     failedLoginMinimumTimespan = group.MinimumTimeBetweenLoginAttemptsTimeSpan;
 
                     IPAddressEventType eventType = (successfulLogin ? IPAddressEventType.SuccessfulLogin : IPAddressEventType.FailedLogin);
-                    yield return new IPAddressLogEvent(ipAddress, userName, source, count, eventType,
+                    events.Add(new IPAddressLogEvent(ipAddress, userName, source, count, eventType,
                         timestamp is null ? default : timestamp.Value, false, string.Empty,
-                        failedLoginThreshold, logLevel, logData, notificationFlags, failedLoginMinimumTimespan);
+                        failedLoginThreshold, logLevel, logData, notificationFlags, failedLoginMinimumTimespan));
                 }
             }
+
+            return events;
         }
 
         private static XmlDocument ParseXml(string xml)

Original file line number	Diff line number	Diff line change
`@@ -103,35 +103,36 @@ public void Dispose()`
`103`	`103`	`public IReadOnlyCollection<IPAddressLogEvent> ProcessEventViewerXml(string xml)`
`104`	`104`	`{`
`105`	`105`	`Logger.Trace("Processing event viewer xml: {0}", xml);`
`106`		`- List<IPAddressLogEvent> events = [];`
`107`	`106`	`XmlDocument doc = ParseXml(xml);`
	`107`	`+ var extractedEvents = ExtractEventViewerXml(doc);`
`108`	`108`
`109`		`- foreach (var evt in ExtractEventViewerXml(doc))`
	`109`	`+ foreach (var extractedEvent in extractedEvents)`
`110`	`110`	`{`
`111`		`- if (evt is not null &&`
`112`		`- evt.IPAddress is not null &&`
`113`		`- (evt.Type == IPAddressEventType.FailedLogin \|\|`
`114`		`- evt.Type == IPAddressEventType.SuccessfulLogin))`
	`111`	`+ if (extractedEvent is not null &&`
	`112`	`+ extractedEvent.IPAddress is not null &&`
	`113`	`+ (extractedEvent.Type == IPAddressEventType.FailedLogin \|\|`
	`114`	`+ extractedEvent.Type == IPAddressEventType.SuccessfulLogin))`
`115`	`115`	`{`
`116`		`- if (!FindSourceAndUserNameForInfo(evt, doc))`
	`116`	`+ if (!FindSourceAndUserNameForInfo(extractedEvent, doc))`
`117`	`117`	`{`
`118`	`118`	`// bad ip address`
`119`	`119`	`continue;`
`120`	`120`	`}`
`121`		`- else if (evt.Type == IPAddressEventType.SuccessfulLogin &&`
`122`		`- !string.IsNullOrWhiteSpace(evt.UserName) &&`
`123`		`- evt.UserName.Contains("anonymous", StringComparison.OrdinalIgnoreCase))`
	`121`	`+ else if (extractedEvent.Type == IPAddressEventType.SuccessfulLogin &&`
	`122`	`+ !string.IsNullOrWhiteSpace(extractedEvent.UserName) &&`
	`123`	`+ extractedEvent.UserName.Contains("anonymous", StringComparison.OrdinalIgnoreCase))`
`124`	`124`	`{`
`125`		`- Logger.Debug("Ignoring anonymous login from windows event viewer: {0}", evt.UserName);`
`126`		`- evt.Type = IPAddressEventType.None;`
	`125`	`+ Logger.Debug("Ignoring anonymous login from windows event viewer: {0}", extractedEvent.UserName);`
	`126`	`+ extractedEvent.Type = IPAddressEventType.None;`
`127`	`127`	`}`
`128`		`- service.AddIPAddressLogEvents(new IPAddressLogEvent[] { evt });`
`129`		`- Logger.Debug("Event viewer found: {0}, {1}, {2}, {3}", evt.IPAddress, evt.Source, evt.UserName, evt.Type);`
	`128`	`+`
	`129`	`+ Logger.Debug("Event viewer found: {0}, {1}, {2}, {3}", extractedEvent.IPAddress, extractedEvent.Source, extractedEvent.UserName, extractedEvent.Type);`
`130`	`130`	`}`
`131`		`- events.Add(evt);`
`132`	`131`	`}`
`133`	`132`
`134`		`- return events;`
	`133`	`+ service.AddIPAddressLogEvents(extractedEvents);`
	`134`	`+`
	`135`	`+ return extractedEvents;`
`135`	`136`	`}`
`136`	`137`
`137`	`138`	`private static bool FindSourceAndUserNameForInfo(IPAddressLogEvent info, XmlDocument doc)`
`@@ -166,12 +167,13 @@ private static bool FindSourceAndUserNameForInfo(IPAddressLogEvent info, XmlDocu`
`166`	`167`	`return true;`
`167`	`168`	`}`
`168`	`169`
`169`		`- private IEnumerable<IPAddressLogEvent> ExtractEventViewerXml(XmlDocument doc)`
	`170`	`+ private List<IPAddressLogEvent> ExtractEventViewerXml(XmlDocument doc)`
`170`	`171`	`{`
	`172`	`+ List<IPAddressLogEvent> events = [];`
`171`	`173`	`XmlNode keywordsNode = doc.SelectSingleNode("//Keywords");`
`172`	`174`	`if (keywordsNode is null)`
`173`	`175`	`{`
`174`		`- yield break;`
	`176`	`+ return [];`
`175`	`177`	`}`
`176`	`178`
`177`	`179`	`string keywordsText = keywordsNode.InnerText;`
`@@ -285,11 +287,13 @@ private IEnumerable<IPAddressLogEvent> ExtractEventViewerXml(XmlDocument doc)`
`285`	`287`	`failedLoginMinimumTimespan = group.MinimumTimeBetweenLoginAttemptsTimeSpan;`
`286`	`288`
`287`	`289`	`IPAddressEventType eventType = (successfulLogin ? IPAddressEventType.SuccessfulLogin : IPAddressEventType.FailedLogin);`
`288`		`- yield return new IPAddressLogEvent(ipAddress, userName, source, count, eventType,`
	`290`	`+ events.Add(new IPAddressLogEvent(ipAddress, userName, source, count, eventType,`
`289`	`291`	`timestamp is null ? default : timestamp.Value, false, string.Empty,`
`290`		`- failedLoginThreshold, logLevel, logData, notificationFlags, failedLoginMinimumTimespan);`
	`292`	`+ failedLoginThreshold, logLevel, logData, notificationFlags, failedLoginMinimumTimespan));`
`291`	`293`	`}`
`292`	`294`	`}`
	`295`	`+`
	`296`	`+ return events;`
`293`	`297`	`}`
`294`	`298`
`295`	`299`	`private static XmlDocument ParseXml(string xml)`