Replaced panic in most places with error message

common/common.go

@@ -1,6 +1,7 @@
 package common
 
 import (
+	"fmt"
 	"github.com/Velocidex/ordereddict"
 	"io/ioutil"
 	"os"
@@ -184,7 +185,7 @@ func HeadersAndRowListToOrderedDict(keys []string, values []string) *ordereddict
 	o := ordereddict.NewDict()
 
 	if len(keys) != len(values) {
-		panic("HeadersAndRowListToOrderedDict - lenght mismatch")
+		LogError(fmt.Sprintf("[HeadersAndRowListToOrderedDict critical error] %s", "HeadersAndRowListToOrderedDict - lenght mismatch"))
 	}
 
 	for i := 0; i < len(keys); i++ {

common/extractors.go

@@ -1,6 +1,9 @@
 package common
 
-import "strings"
+import (
+	"fmt"
+	"strings"
+)
 
 type ExtractedFunction struct {
 	Name    string
@@ -28,7 +31,8 @@ func FunctionExtractor(function string) ExtractedFunction {
 			opt_split := strings.Split(option, "=")
 
 			if len(opt_split) != 2 {
-				panic("FunctionExtractor - wrong nr of fields after = split")
+				LogError(fmt.Sprintf("[FunctionExtractor critical error] %s", "wrong nr of fields after = split"))
+				continue
 			}
 			ef.Options[opt_split[0]] = opt_split[1]
 		}
@@ -63,7 +67,8 @@ func LogicExtractor(logic string) ExtractedLogic {
 			opt_split := strings.Split(option, "=")
 
 			if len(opt_split) != 2 {
-				panic("ExtractedLogic - wrong nr of fields after = split")
+				LogError(fmt.Sprintf("[LogicExtractor critical error] %s", "wrong nr of fields after = split"))
+				continue
 			}
 			ef.Options[opt_split[0]] = opt_split[1]
 		}

common/logging.go

@@ -1,6 +1,7 @@
 package common
 
 import (
+	"fmt"
 	"github.com/mattn/go-colorable"
 	"github.com/rs/zerolog"
 	"github.com/rs/zerolog/log"
@@ -78,7 +79,7 @@ func LogDebugString(key string, val interface{}) {
 	case int:
 		log.Debug().Int(key, val.(int)).Msg("Variable")
 	default:
-		panic("LogDebugString - Unsupported type")
+		LogError(fmt.Sprintf("[LogDebugString critical error] %s", "Unsupported type"))
 	}
 
 }

common/socket_parser.go

@@ -4,6 +4,7 @@ import (
 	"bytes"
 	"encoding/binary"
 	"errors"
+	"fmt"
 	"net"
 	"strconv"
 )
@@ -21,7 +22,9 @@ func IPPortFormatter(version int, IP net.IP, Port uint16, ScopeId uint32) string
 		}
 		out += "]"
 	} else {
-		panic("IPPortFormatter - wrong version")
+		LogError(fmt.Sprintf("[IPPortFormatter critical error] %s", "wrong version"))
+		out += "Internal Error"
+
 	}
 
 	if Port != 0 {

engine/engine.go

@@ -1,6 +1,7 @@
 package engine
 
 import (
+	"fmt"
 	"github.com/Velocidex/ordereddict"
 	"github.com/yarox24/EvtxHussar/common"
 	"github.com/yarox24/EvtxHussar/eventmap"
@@ -422,7 +423,8 @@ func (e *Engine) SingleFieldExtractor(function string) common.SingleField {
 			opt_split := strings.Split(option, "=")
 
 			if len(opt_split) != 2 {
-				panic("SingleFieldExtractor - wrong nr of fields after = split")
+				common.LogError(fmt.Sprintf("[SingleFieldExtractor critical error] %s", "wrong nr of fields after = split"))
+				continue
 			}
 			sf.Options[opt_split[0]] = opt_split[1]
 		}

eventmap/attrib_extraction.go

@@ -1,6 +1,7 @@
 package eventmap
 
 import (
+	"fmt"
 	"github.com/Velocidex/ordereddict"
 	"github.com/yarox24/EvtxHussar/common"
 	"strconv"
@@ -57,7 +58,7 @@ func userdata_flatten_first_value(o *ordereddict.Dict, options map[string]string
 	keys := o.Keys()
 
 	if len(keys) != 1 {
-		panic("userdata_flatten_first_value - wrong number of keys")
+		common.LogError(fmt.Sprintf("[userdata_flatten_first_value critical error] %s", "wrong number of keys"))
 	}
 
 	if len(keys) > 0 {
@@ -67,7 +68,7 @@ func userdata_flatten_first_value(o *ordereddict.Dict, options map[string]string
 		case *ordereddict.Dict:
 			o.MergeFrom(v)
 		default:
-			panic("userdata_flatten_first_value - Wrong type")
+			common.LogError(fmt.Sprintf("[userdata_flatten_first_value critical error] %s", "Wrong type of value"))
 		}
 	}
 
@@ -122,7 +123,8 @@ func append_to_field(o *ordereddict.Dict, opt map[string]string) *ordereddict.Di
 	new_val, ok := o.GetString(opt["input_field"])
 
 	if !ok {
-		panic("append_to_field - input_field not exists")
+		common.LogError(fmt.Sprintf("[append_to_field critical error] %s", "input_field not exists"))
+		return o
 	}
 
 	// Check for: add_space_at_end

eventmap/event_map.go

@@ -121,6 +121,14 @@ func GetSecurityUserID(ev_map *ordereddict.Dict) string {
 	return temp
 }
 
+func LogSingleEventDetailedError(ev_map *ordereddict.Dict, error_message string) {
+	common.LogError(fmt.Sprintf("[Event critical error] %s | Computer: %s | Channel: %s | Event ID: %s | Event record ID: %s",
+		error_message, GetCurrentComputer(ev_map), GetChannel(ev_map), GetEID(ev_map), GetEventRecordID(ev_map),
+	),
+	)
+
+}
+
 func ExtractAttribs(ev_map *ordereddict.Dict, attrib_extraction []common.ExtractedFunction, l1mode bool) *ordereddict.Dict {
 	// Initial output dictionary
 	var o = ordereddict.NewDict()
@@ -134,7 +142,8 @@ func ExtractAttribs(ev_map *ordereddict.Dict, attrib_extraction []common.Extract
 	}
 
 	if len(content_names) != 2 {
-		panic("Interesting case")
+		LogSingleEventDetailedError(ev_map, "[System, EventData] structure problem")
+		return o
 	}
 
 	selected_content_name := ""
@@ -145,7 +154,8 @@ func ExtractAttribs(ev_map *ordereddict.Dict, attrib_extraction []common.Extract
 	}
 
 	if selected_content_name == "" {
-		panic("Cannot auto-determine")
+		LogSingleEventDetailedError(ev_map, "Cannot auto-determine System entry")
+		return o
 	}
 
 	content, ok_content := ordereddict.GetMap(ev_map, selected_content_name)
@@ -194,8 +204,8 @@ func ExtractAttribs(ev_map *ordereddict.Dict, attrib_extraction []common.Extract
 			o = remove_key(o, ef.Options)
 
 		default:
-			//fmt.Println("Fake panic")
-			panic("Unsupported attrib_extraction function")
+			LogSingleEventDetailedError(ev_map, "Unsupported attrib_extraction function")
+			return o
 		}
 
 	}
@@ -321,17 +331,16 @@ func ExtraFixField(Ordered_fields_enhanced map[string]common.SingleField, key st
 							nr := int(runes[0])
 							return strconv.Itoa(nr)
 						} else {
-							//fmt.Println("Fake panic")
-							panic("Runes invalid length")
+							common.LogError(fmt.Sprintf("[ExtraFixField critical error] %s", "Runes invalid length"))
 						}
 					}
 				default:
-					panic("Unknown option!")
+					common.LogError(fmt.Sprintf("[ExtraFixField critical error] %s", "Unknown option!"))
 				}
 			}
 		}
 	default:
-		panic("Unknown option!")
+		common.LogError(fmt.Sprintf("[ExtraFixField critical error] %s", "Unknown default option!"))
 	}
 
 	return value_to_fix
@@ -398,7 +407,7 @@ func GetOriginalDisplayValueForMapperNumberToString(current_params common.Params
 		case "none":
 			return ""
 		default:
-			panic("Wrong display_original type")
+			common.LogError(fmt.Sprintf("[GetOriginalDisplayValueForMapperNumberToString critical error] %s", "Wrong display_original type"))
 		}
 	}
 
@@ -415,7 +424,8 @@ func GetOriginalDisplayValueForMapperBitwiseToString(current_params common.Param
 	case "none":
 		return ""
 	default:
-		panic("Wrong display_original type")
+		common.LogError(fmt.Sprintf("[GetOriginalDisplayValueForMapperBitwiseToString critical error] %s", "Wrong display_original type"))
+
 	}
 
 	return ""
@@ -427,7 +437,7 @@ func ResolveForMapperNumberToString(VariousMappers map[string]common.Params, map
 	current_params, found_map := VariousMappers[map_name]
 
 	if !found_map {
-		panic("Yaml map error")
+		common.LogError(fmt.Sprintf("[ResolveForMapperNumberToString critical error] %s", "Yaml map error"))
 	}
 
 	// Convert string to int
@@ -452,7 +462,7 @@ func ResolveForMapperStringToString(VariousMappers map[string]common.Params, map
 	current_params, found_map := VariousMappers[map_name]
 
 	if !found_map {
-		panic("Yaml map error")
+		common.LogError(fmt.Sprintf("[ResolveForMapperStringToString critical error] %s", "Yaml map error"))
 	}
 
 	if nice_name, nice_name_found := current_params.Params[value]; nice_name_found {
@@ -470,7 +480,7 @@ func ResolveForMapperBitwiseToString(VariousMappers map[string]common.Params, ma
 	current_params, found_map := VariousMappers[map_name]
 
 	if !found_map {
-		panic("Yaml map error")
+		common.LogError(fmt.Sprintf("[ResolveForMapperBitwiseToString critical error] %s", "Yaml map error"))
 	}
 
 	var int64_value int64
@@ -601,7 +611,7 @@ func ResolveDoubleQuotesInPlace(double_quotes map[string]string, SIDList map[str
 			}
 		}
 	default:
-		panic("Wrong resolve parameter")
+		common.LogError(fmt.Sprintf("[ResolveDoubleQuotesInPlace critical error] %s", "Wrong resolve parameter"))
 	}
 
 	return current_val

special_transformations/av_symantec.go

@@ -1,6 +1,7 @@
 package special_transformations
 
 import (
+	"fmt"
 	"github.com/Velocidex/ordereddict"
 	"github.com/yarox24/EvtxHussar/common"
 	"regexp"
@@ -12,19 +13,22 @@ func AVSymantecExtract(ord_map *ordereddict.Dict, options map[string]string) {
 	Scope := options["scope"]
 
 	if !common.KeyExistsInOrderedDict(ord_map, Input_field) {
-		panic("Wrong Yaml - field_extra_transformations - input_field")
+		common.LogError(fmt.Sprintf("[AVSymantecExtract critical error] %s", "field_extra_transformations - input_field"))
+		return
 	}
 
 	if !common.KeyExistsInOrderedDict(ord_map, Output_field) {
-		panic("Wrong Yaml - field_extra_transformations - output_field")
+		common.LogError(fmt.Sprintf("[AVSymantecExtract critical error] %s", "field_extra_transformations - output_field"))
+		return
 	}
 
 	input_val, _ := ord_map.GetString(Input_field)
 	if len(input_val) > 0 {
 		if Scope == "description_path" {
 			ord_map.Update(Output_field, description_path_parser(input_val))
 		} else {
-			panic("Wrong Yaml - field_extra_transformations - scope")
+			common.LogError(fmt.Sprintf("[AVSymantecExtract critical error] %s", "field_extra_transformations - scope"))
+			return
 		}
 	}
 }

special_transformations/powershell.go

@@ -2,6 +2,7 @@ package special_transformations
 
 import (
 	"encoding/base64"
+	"fmt"
 	"github.com/Velocidex/ordereddict"
 	"github.com/yarox24/EvtxHussar/common"
 	"golang.org/x/text/encoding/unicode"
@@ -14,11 +15,13 @@ func Base64powershellhunter(ord_map *ordereddict.Dict, options map[string]string
 	Output_field := options["output_field"]
 
 	if !common.KeyExistsInOrderedDict(ord_map, Input_field) {
-		panic("Wrong Yaml - field_extra_transformations - input_field")
+		common.LogError(fmt.Sprintf("[Base64powershellhunter critical error] %s", "Wrong Yaml - field_extra_transformations - input_field"))
+		return
 	}
 
 	if !common.KeyExistsInOrderedDict(ord_map, Output_field) {
-		panic("Wrong Yaml - field_extra_transformations - output_field")
+		common.LogError(fmt.Sprintf("[Base64powershellhunter critical error] %s", "Wrong Yaml - field_extra_transformations - output_field"))
+		return
 	}
 
 	input_val, _ := ord_map.GetString(Input_field)