Added XML filtering

microsoft · Feb 5, 2024 · 81d5942 · 81d5942
1 parent a8ec17f
commit 81d5942
Show file tree

Hide file tree

Showing 4 changed files with 85 additions and 79 deletions.
diff --git a/src/EventLogExpert.Eventing/Models/DisplayEventModel.cs b/src/EventLogExpert.Eventing/Models/DisplayEventModel.cs
@@ -6,8 +6,8 @@
 
 namespace EventLogExpert.Eventing.Models;
 
-public record DisplayEventModel(
-    long? RecordId,
+public sealed record DisplayEventModel(
+    long? RecordId,
     Guid? ActivityId,
     DateTime TimeCreated,
     int Id,
@@ -19,8 +19,8 @@ public record DisplayEventModel(
     IList<EventProperty> Properties,
     int? Qualifiers,
     long? Keywords,
-    IEnumerable<string> KeywordsDisplayNames,
-    int? ProcessId,
+    IEnumerable<string> KeywordsDisplayNames,
+    int? ProcessId,
     int? ThreadId,
     string LogName, // This is the log name from the event reader
     string? Template,
@@ -30,94 +30,95 @@ public string Xml
     {
         get
         {
-            var sb = new StringBuilder(
-            "<Event xmlns=\"http://schemas.microsoft.com/win/2004/08/events/event\">\r\n" +
-            $"  <System>\r\n" +
-            $"    <Provider Name=\"{Source}\" />\r\n" +
-            $"    <EventID{(Qualifiers.HasValue ? $" Qualifiers=\"{Qualifiers.Value}\"" : "")}>{Id}</EventID>\r\n" +
-            $"    <Level>{Level}</Level>\r\n" +
-            $"    <Task>{TaskCategory}</Task>\r\n" +
-            $"    <Keywords>{(Keywords.HasValue ? "0x" + Keywords.Value.ToString("X") : "0x0")}</Keywords>\r\n" +
-            $"    <TimeCreated SystemTime=\"{TimeCreated.ToUniversalTime():o}\" />\r\n" +
-            $"    <EventRecordID>{RecordId}</EventRecordID>\r\n");
-
-            if (ActivityId is not null)
-            {
-                sb.Append($"    <ActivityID>{ActivityId}</ActivityID>\r\n");
-            }
-
-            sb.Append(
-            $"    <Channel>{LogName}</Channel>\r\n" +
-            $"    <Computer>{ComputerName}</Computer>\r\n" +
-            $"    <ProcessID>{ProcessId}</ProcessID>\r\n" +
-            $"    <ThreadID>{ThreadId}</ThreadID>\r\n" +
-            $"  </System>\r\n" +
-            $"  <EventData>\r\n");
-
-            var templateSuccessfullyParsed = false;
-
-            if (!string.IsNullOrEmpty(Template))
-            {
-                try
-                {
-                    var templateBuilder = new StringBuilder();
+            StringBuilder sb = new();
 
-                    var propertyNames = new List<string>();
-                    var index = -1;
-                    while (-1 < (index = Template.IndexOf("name=", index + 1)))
-                    {
-                        var nameStart = index + 6;
-                        var nameEnd = Template.IndexOf('"', nameStart);
-                        var name = Template.Substring(nameStart, nameEnd - nameStart);
-                        propertyNames.Add(name);
-                    }
+            sb.AppendLine($"""
+            <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
+                <System>
+                    <Provider Name="{Source}" />
+                    <EventID{(Qualifiers.HasValue ? $" Qualifiers=\"{Qualifiers.Value}\"" : "")}>{Id}</EventID>
+                    <Level>{Level}</Level>
+                    <Task>{TaskCategory}</Task>
+                    <Keywords>{(Keywords.HasValue ? "0x" + Keywords.Value.ToString("X") : "0x0")}</Keywords>
+                    <TimeCreated SystemTime="{TimeCreated.ToUniversalTime():o}" />
+                    <EventRecordID>{RecordId}</EventRecordID>
+            """);
 
-                    for (var i = 0; i < Properties.Count; i++)
-                    {
-                        if (i >= propertyNames.Count)
-                        {
-                            break;
-                        }
-
-                        if (Properties[i].Value is byte[] val)
-                        {
-                            templateBuilder.Append($"    <Data Name=\"{propertyNames[i]}\">{Convert.ToHexString(val)}</Data>\r\n");
-                        }
-                        else
-                        {
-                            templateBuilder.Append($"    <Data Name=\"{propertyNames[i]}\">{Properties[i].Value}</Data>\r\n");
-                        }
-                    }
+            if (ActivityId is not null) { sb.AppendLine($"        <ActivityID>{ActivityId}</ActivityID>"); }
 
-                    sb.Append(templateBuilder.ToString());
-                    templateSuccessfullyParsed = true;
-                }
-                catch
+            sb.AppendLine($"""
+                    <Channel>{LogName}</Channel>
+                    <Computer>{ComputerName}</Computer>
+                    <ProcessID>{ProcessId}</ProcessID>
+                    <ThreadID>{ThreadId}</ThreadID>
+                </System>
+                <EventData>
+            """);
+
+            sb.Append(GetEventData());
+
+            sb.Append("""
+                </EventData>
+            </Event>
+            """);
+
+            return sb.ToString();
+        }
+    }
+
+    private string GetEventData()
+    {
+        StringBuilder sb = new();
+
+        if (!string.IsNullOrEmpty(Template))
+        {
+            try
+            {
+                List<string> propertyNames = [];
+                int index = -1;
+
+                while (-1 < (index = Template.IndexOf("name=", index + 1, StringComparison.Ordinal)))
                 {
-                    // No tracer available here
+                    var nameStart = index + 6;
+                    var nameEnd = Template.IndexOf('"', nameStart);
+                    var name = Template[nameStart..nameEnd];
+                    propertyNames.Add(name);
                 }
-            }
 
-            if (!templateSuccessfullyParsed)
-            {
-                foreach (var p in Properties)
+                for (var i = 0; i < Properties.Count; i++)
                 {
-                    if (p.Value is byte[] bytes)
+                    if (i >= propertyNames.Count) { break; }
+
+                    if (Properties[i].Value is byte[] val)
                     {
-                        sb.Append($"    <Data>{Convert.ToHexString(bytes)}</Data>\r\n");
+                        sb.AppendLine($"           <Data Name=\"{propertyNames[i]}\">{Convert.ToHexString(val)}</Data>");
                     }
                     else
                     {
-                        sb.Append($"    <Data>{p.Value}</Data>\r\n");
+                        sb.AppendLine($"           <Data Name=\"{propertyNames[i]}\">{Properties[i].Value}</Data>");
                     }
                 }
-            }
 
-            sb.Append(
-                "  </EventData>\r\n" +
-                "</Event>");
+                return sb.ToString();
+            }
+            catch
+            {
+                // No tracer available here
+            }
+        }
 
-            return sb.ToString();
+        foreach (var p in Properties)
+        {
+            if (p.Value is byte[] bytes)
+            {
+                sb.AppendLine($"            <Data>{Convert.ToHexString(bytes)}</Data>");
+            }
+            else
+            {
+                sb.AppendLine($"            <Data>{p.Value}</Data>");
+            }
         }
+
+        return sb.ToString();
     }
 }
diff --git a/src/EventLogExpert.UI/Enums.cs b/src/EventLogExpert.UI/Enums.cs
@@ -58,7 +58,8 @@ public enum FilterType
     [EnumMember(Value = "Keywords")] KeywordsDisplayNames,
     Source,
     [EnumMember(Value = "Task Category")] TaskCategory,
-    Description
+    Description,
+    Xml
 }
 
 public enum LogType

diff --git a/src/EventLogExpert.UI/FilterMethods.cs b/src/EventLogExpert.UI/FilterMethods.cs
@@ -191,7 +191,7 @@ public static bool TryParse(FilterModel filterModel, out string comparison)
             stringBuilder.Append(GetComparisonString(filterModel.Data.Type, filterModel.Data.Evaluator));
         }
 
-        if (filterModel.SubFilters?.Count > 0)
+        if (filterModel.SubFilters.Count > 0)
         {
             foreach (var subFilter in filterModel.SubFilters)
             {

diff --git a/src/EventLogExpert/Shared/Components/ContextMenu.razor b/src/EventLogExpert/Shared/Components/ContextMenu.razor
@@ -12,6 +12,8 @@
         <ul>
             @foreach (FilterType item in Enum.GetValues(typeof(FilterType)))
             {
+                @if (item is FilterType.Description or FilterType.Xml) { continue; }
+
                 <li @onclick="() => FilterEvent(item, FilterEvaluator.Equals)">@item.ToFullString()</li>
             }
         </ul>
@@ -22,6 +24,8 @@
         <ul>
             @foreach (FilterType item in Enum.GetValues(typeof(FilterType)))
             {
+                @if (item is FilterType.Description or FilterType.Xml) { continue; }
+
                 <li @onclick="() => FilterEvent(item, FilterEvaluator.NotEqual)">@item.ToFullString()</li>
             }
         </ul>