cef 0.9.0 → 1.0.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: a5c18c726620c28b573ae7eb85cc84052f4039a7
-  data.tar.gz: 23f318734a39e5f1e4638efaba8b6baa36d755cf
+  metadata.gz: cd476b861b26a67ccac0ca120cdb434259fb8d99
+  data.tar.gz: 416bac4bbf1bc6749155135ab3df0a0dd5db09c5
 SHA512:
-  metadata.gz: 0ff31a6a533775eba16570a6637154e3a584152bcb46ff67004f1b0d408faa26648351b8597b0dd47972f66c7b62e8787c745094f5fc037357db05d24305f7ec
-  data.tar.gz: b06eaa392dc7ed43dd9b2849ac7bd1de151665c225ba69e568f50e291709ffd41532eaa4203699918b43c73b165dcfd467efbf6bf6d2004fb016ed9a3e4bc509
+  metadata.gz: 1cd74a78d391ad6a5be928e716062caae969f141aea5f87067877aefbb6165436c55b4dcb5fc8e91d282646737a8775aefbb8db1175041a1ab7d1c3af7be2822
+  data.tar.gz: bf18931d0e2627a9992f730d47c75cd4e8c96617c4cd85dd75b2360ddba6288742d8c2a646e717ede857c1e77cbdb929a15f8e796166d404083cdf01cbe4a12e

data/.gitignore

@@ -1,4 +1,5 @@
 .env
+.idea
 *.gem
 *.rbc
 .bundle
@@ -16,3 +17,4 @@ spec/reports
 test/tmp
 test/version_tmp
 tmp
+cef.iml

data/README.rdoc

@@ -17,7 +17,7 @@ http://www.arcsight.com/collateral/CEFstandards.pdf
 
 
     # instantiate a sender object
-    sender=CEF::Sender.new(
+    sender=CEF::UDPSender.new(
         :receiver=>"loghost.mycompany.com",
         :eventDefaults=>{
             :deviceProduct => "MySnazzyLogger",

data/cef.gemspec

@@ -25,13 +25,11 @@ Gem::Specification.new do |spec|
 
   spec.require_paths    = ["lib"]
 
-  spec.add_dependency "chronic"
+  spec.add_development_dependency "rake"
   spec.add_development_dependency "rspec"
   spec.add_development_dependency "bundler"
   spec.add_development_dependency "simplecov"
   spec.add_development_dependency "pry"
-  spec.add_development_dependency "guard"
-  spec.add_development_dependency "guard-rspec"
-  spec.add_development_dependency "guard-bundler"
+
 end
 

data/lib/cef.rb

@@ -1,11 +1,10 @@
-require 'chronic'
+require 'date'
 require 'socket'
 require 'cef/version'
 require 'cef/constants'
-require 'cef/constants'
 require 'cef/event'
 require 'cef/sender'
-require 'cef/file_logger'
+
 
 module CEF
-end
+end

data/lib/cef/event.rb

@@ -36,7 +36,7 @@ module CEF
     def to_s
       log_time=event_time.strftime(CEF::LOG_TIME_FORMAT)
       
-      cef_message=sprintf(
+      sprintf(
         CEF::LOG_FORMAT,
         syslog_pri.to_s,
         log_time,
@@ -58,25 +58,25 @@ module CEF
       # make a guess as to how the time was set. parse strings and convert
       # them to epoch milliseconds, or leave it alone if it looks like a number
       # bigger than epoch milliseconds when i wrote this.
-      def time_convert(val)
-             
-        converted=case val
-          when String
-            if val.match(%r{\A[0-9]+\Z})
-              converted=val.to_i
-            else
-              res=Chronic.parse(val)
-              converted=Time.at(res).to_i * 1000
-            end
-          when Integer,Bignum
-            if val < 1232589621000 #Wed Jan 21 20:00:21 -0600 2009
-              val * 1000
-            else
-              val
-            end
-          end
-        
-      end
+      # def time_convert(val)
+      #
+      #   converted=case val
+      #     when String
+      #       if val.match(%r{\A[0-9]+\Z})
+      #         converted=val.to_i
+      #       else
+      #         res=Chronic.parse(val)
+      #         converted=Time.at(res).to_i * 1000
+      #       end
+      #     when Integer,Bignum
+      #       if val < 1232589621000 #Wed Jan 21 20:00:21 -0600 2009
+      #         val * 1000
+      #       else
+      #         val
+      #       end
+      #     end
+      #
+      # end
 
       # escape only pipes and backslashes in the prefix. you bet your sweet
       # ass there's a lot of backslashes in the substitution. you can thank
@@ -107,34 +107,32 @@ module CEF
 
       # returns a pipe-delimeted list of prefix attributes
       def format_prefix
-        values  = CEF::PREFIX_ATTRIBUTES.keys.map {|k| self.send(k) }
+        values = CEF::PREFIX_ATTRIBUTES.keys.map { |k| self.send(k) }
         escaped = values.map do |value|
           escape_prefix_value(value)
         end
         escaped.join('|')
-
       end
 
       # returns a space-delimeted list of attribute=value pairs for all optionals
       def format_extension
-        
-        extensions=CEF::EXTENSION_ATTRIBUTES.keys.map do |meth|
-          value=self.send(meth)
+        extensions = CEF::EXTENSION_ATTRIBUTES.keys.map do |meth|
+          value = self.send(meth)
           next if value.nil?
-          shortname=CEF::EXTENSION_ATTRIBUTES[meth]
-          [shortname,value].join("=")
+          shortname = CEF::EXTENSION_ATTRIBUTES[meth]
+          [shortname, escape_extension_value(value)].join("=")
         end
 
         # make sure time comes out as milliseconds since epoch
-        times=CEF::TIME_ATTRIBUTES.keys.map do |meth|
-          value=self.send(meth)
+        times = CEF::TIME_ATTRIBUTES.keys.map do |meth|
+          value = self.send(meth)
           next if value.nil?
           shortname = CEF::TIME_ATTRIBUTES[meth]
-          [shortname,value].join("=")
+          [shortname, escape_extension_value(value)].join("=")
         end
         (extensions + times).compact.join(" ")
       end
-    end
+  end
 end
 
         # vendor=  self.deviceVendor       || "Breed"

data/lib/cef/sender.rb

@@ -13,6 +13,10 @@ module CEF
   #TODO: Implement relp/tcp senders
 
   class UDPSender < Sender
+    def initialize(receiver='127.0.0.1', port=514)
+      @receiver = receiver
+      @port = port
+    end
 
     #fire the message off
     def emit(event)
@@ -24,15 +28,12 @@ module CEF
           event.send("%s=" % k,v)
         end
       end
-      self.sock.send event.format_cef, 0
+      self.sock.send event.to_s, 0
     end
 
-
     def socksetup
       @sock=UDPSocket.new
-      receiver= self.receiver || "127.0.0.1"
-      port= self.receiverPort || 514
-      @sock.connect(receiver,port)
+      @sock.connect(@receiver, @port)
     end
   end
-end
+end

data/lib/cef/version.rb

@@ -1,3 +1,3 @@
 module CEF
-  VERSION = "0.9.0"
+  VERSION = "1.0.0"
 end

data/spec/lib/cef/event_spec.rb

@@ -1,13 +1,14 @@
-#event_spec.rb
 require 'spec_helper'
+
 describe CEF::Event do
   let(:formatted_time) { "Apr 25 1975 12:00:00" }
-  let(:time)  { Chronic.parse(formatted_time) }
+  let(:time)  { DateTime.strptime(formatted_time , '%b %d %Y %H:%M:%S')}
   
   context "formatting the syslog message" do
     let(:formatted) { "<131>Apr 25 1975 12:00:00 cefspec CEF:0|breed.org|CEF|#{CEF::VERSION}|0:event|unnamed event|1|" }
     let(:escaped)   { "<131>Apr 25 1975 12:00:00 cefspec CEF:0|bre\\|ed|CEF|#{CEF::VERSION}|0:event|unnamed event|1|" }
   end
+
   context "formatting the CEF prefix" do
     let(:formatted) {"breed.org|CEF|#{CEF::VERSION}|0:event|unnamed event|1"}
     let(:escaped)   {"bre\\|ed|CEF|#{CEF::VERSION}|0:event|unnamed event|1"}
@@ -29,4 +30,15 @@ describe CEF::Event do
       end
     end
   end
-end
+
+  context 'formatting the CEF extension' do
+    let(:escaped) { "suser=User\\=Name" }
+
+    it 'escapes equal signs' do
+      event = CEF::Event.new(
+          sourceUserName: 'User=Name'
+      )
+      expect(event.format_extension).to eq(escaped)
+    end
+  end
+end

data/spec/lib/cef/sender_spec.rb

@@ -0,0 +1,24 @@
+require 'spec_helper'
+
+describe CEF::UDPSender do
+  it 'defaults receiver to localhost on port 514' do
+    sock_double = double
+    expect(UDPSocket).to receive(:new).and_return(sock_double)
+    expect(sock_double).to receive(:connect).with('127.0.0.1', 514)
+
+    sender = CEF::UDPSender.new
+    sender.socksetup
+  end
+
+  it 'receives an escaped message when emit is called' do
+    event = CEF::Event.new
+
+    sock_double = double
+    expect(UDPSocket).to receive(:new).and_return(sock_double)
+    expect(sock_double).to receive(:connect).with('myDomain.org', 4321)
+    expect(sock_double).to receive(:send).with(event.to_s, 0)
+
+    sender = CEF::UDPSender.new('myDomain.org', 4321)
+    sender.emit(event)
+  end
+end

data/spec/lib/cef_spec.rb

@@ -4,11 +4,6 @@ describe "CEF Event Formatter" do
   describe "Cef Extension" do
     it "should output an extension"
     it "should escape newlines"
-    it "should escape equal signs"
     it "should format time attributes"
   end
 end
-
-describe "UDPSender" do
-  
-end

data/spec/spec_helper.rb

@@ -1,7 +1,6 @@
 require 'cef'
 
 RSpec.configure do |config|
-  config.treat_symbols_as_metadata_keys_with_true_values = true
   config.run_all_when_everything_filtered = true
   config.filter_run :focus
   config.order = 'random'

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: cef
 version: !ruby/object:Gem::Version
-  version: 0.9.0
+  version: 1.0.0
 platform: ruby
 authors:
 - Ryan Breed
@@ -11,13 +11,13 @@ cert_chain: []
 date: 2011-03-30 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
-  name: chronic
+  name: rake
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - '>='
       - !ruby/object:Gem::Version
         version: '0'
-  type: :runtime
+  type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
@@ -80,48 +80,6 @@ dependencies:
     - - '>='
       - !ruby/object:Gem::Version
         version: '0'
-- !ruby/object:Gem::Dependency
-  name: guard
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - '>='
-      - !ruby/object:Gem::Version
-        version: '0'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - '>='
-      - !ruby/object:Gem::Version
-        version: '0'
-- !ruby/object:Gem::Dependency
-  name: guard-rspec
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - '>='
-      - !ruby/object:Gem::Version
-        version: '0'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - '>='
-      - !ruby/object:Gem::Version
-        version: '0'
-- !ruby/object:Gem::Dependency
-  name: guard-bundler
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - '>='
-      - !ruby/object:Gem::Version
-        version: '0'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - '>='
-      - !ruby/object:Gem::Version
-        version: '0'
 description: ' format/send CEF logs via API+syslog or client program '
 email: ' opensource@breed.org '
 executables:
@@ -135,7 +93,6 @@ files:
 - .gitignore
 - .rspec
 - Gemfile
-- Guardfile
 - LICENSE.txt
 - README.rdoc
 - Rakefile
@@ -145,11 +102,10 @@ files:
 - lib/cef.rb
 - lib/cef/constants.rb
 - lib/cef/event.rb
-- lib/cef/file_logger.rb
-- lib/cef/parser.rb
 - lib/cef/sender.rb
 - lib/cef/version.rb
 - spec/lib/cef/event_spec.rb
+- spec/lib/cef/sender_spec.rb
 - spec/lib/cef_spec.rb
 - spec/spec_helper.rb
 homepage: http://github.com/ryanbreed/cef
@@ -178,5 +134,7 @@ specification_version: 4
 summary: CEF Generation Library and Client
 test_files:
 - spec/lib/cef/event_spec.rb
+- spec/lib/cef/sender_spec.rb
 - spec/lib/cef_spec.rb
 - spec/spec_helper.rb
+has_rdoc: 

data/Guardfile

@@ -1,15 +0,0 @@
-# A sample Guardfile
-# More info at https://github.com/guard/guard#readme
-
-guard :bundler do
-  watch('Gemfile')
-  # Uncomment next line if your Gemfile contains the `gemspec' command.
-  watch(/^.+\.gemspec/)
-end
-
-guard :rspec do
-  watch(%r{^spec/.+_spec\.rb$})
-  watch(%r{^lib/(.+)\.rb$})     { |m| "spec/lib/#{m[1]}_spec.rb" }
-  watch('spec/spec_helper.rb')  { "spec" }
-end
-

data/lib/cef/file_logger.rb

@@ -1,8 +0,0 @@
-
-module CEF
-  class FileLogger
-    def initialize(*args)
-      Hash[*args].each { |argname, argval| self.send(("%s="%argname), argval) }
-    end
-  end
-end

data/lib/cef/parser.rb

@@ -1,56 +0,0 @@
-# COPYRIGHT: Ryan Breed
-# DATE:      3/27/11
-module CEF
-  class Parser
-    # TODO: deal with escaping delimeters
-    
-    attr_accessor :file_name
-
-    def initialize(*args)
-      # Parser.new(:foo=>"bar)
-      Hash[*args].each { |argname, argval| self.send(("%s="%argname), argval) }
-      
-      yield self if block_given?
-    end
-
-    def parse_file
-      events=[]
-      File.open(file_name) do |f|
-        f.each_line do |line|
-          line.chomp!
-          prefix=line.split(/\|/)
-          e=Event.new
-          extension_string=prefix[7..-1].join("|")
-          extension_av_pairs=extension_string.split(/ ([\w\.]+)=/)
-          extension_av_pairs.shift
-
-          begin
-            extension=Hash[ *extension_av_pairs.map {|i| i.strip} ]
-            extension.each do |k,v|
-              next if k.match(/^ad\./)
-              methname=CEF::ATTRIBUTES.invert[k].to_s
-              #puts "METHNAME: #{k} -> #{methname}"
-              e.send("%s=" % methname, v)
-            end
-
-          rescue Exception => except
-            puts except.message
-            pp   extension_av_pairs
-            puts line
-            next
-          end
-
-          %w{ deviceVendor deviceProduct deviceVersion
-              deviceEventClassId name deviceSeverity }.each_with_index {|att,i| e.send("%s="%att,prefix[i+1]) }
-
-          if block_given?
-            yield e
-          else
-            events.push e
-          end
-        end
-      end
-      events
-    end
-  end
-end