RubyGems - fluent-plugin-jfrog-siem - Versions diffs - 0.1.4 → 0.1.5 - Mend

fluent-plugin-jfrog-siem 0.1.4 → 0.1.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

checksums.yaml +4 -4
data/fluent-plugin-jfrog-siem.gemspec +1 -1
data/lib/fluent/plugin/in_jfrog_siem.rb +52 -22
metadata +2 -2

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 7a6d55c86435d39f27aa0deaf46748366ac837ad4a2417f5a89bfe3711f62c3a
-  data.tar.gz: 8fc1d3286dab511cd5b6c2cb5358f4edc782dc694d0da052c191858de42057d6
+  metadata.gz: 6cfb13538b236dbfd917cf58038dab5e76d945fa0af419240fdd5508e976af1c
+  data.tar.gz: 9725242bcb3230a23f457b146bcf5e39cf562aad9abbcfbcc1ea390de2853093
 SHA512:
-  metadata.gz: 2fe48f82b2911228d5bf3073ed92d6d4991ee89a5e66c1d56516f6e63a8fe7b4037ec374cb4012b59630cb796435fb02db696582af472cb598ecdf304b670d4a
-  data.tar.gz: 0c8fa4396ccba483ac3d8931cecbfb6996d65c847a7fdfac749de7156be6d0f2dda4cc8a0e51a6672d210c57d683a5b2cb6d787eb1646ecd1c7efc006e2bc3bd
+  metadata.gz: e63137fd91a16f2ab65d3ecdc2e841d1c098e201a8a47b2d0687a80833e05bfa3fb0e4e6cf606245d58c884ef3740d7c4efa3fbbb9a4c095445e05ba3ee60b10
+  data.tar.gz: cc5dcb1ef463eb4d8c57bd246d4968b3a47639296f994913ebb75f01bb49496a44800197efe7bcc97e23bff0f84dc48570ba08d9157c0690715e00b9a0e5cfb5

data/fluent-plugin-jfrog-siem.gemspec CHANGED Viewed

@@ -3,7 +3,7 @@ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
 Gem::Specification.new do |spec|
   spec.name    = "fluent-plugin-jfrog-siem"
-  spec.version = "0.1.4"
+  spec.version = "0.1.5"
   spec.authors = ["John Peterson", "Mahitha Byreddy"]
   spec.email   = ["johnp@jfrog.com", "mahithab@jfrog.com"]

data/lib/fluent/plugin/in_jfrog_siem.rb CHANGED Viewed

@@ -99,6 +99,7 @@ module Fluent
         end
         offset_count=1
         left_violations=0
+        waiting_for_violations = false
         xray_json={"filters": { "created_from": last_created_date }, "pagination": {"order_by": "created","limit": @batch_size ,"offset": offset_count } }
         while true
@@ -120,8 +121,16 @@ module Fluent
             # Determine if we need to persist this record or not
             persistItem = true
-            if created_date <= last_created_date
-              persistItem = false
+            if waiting_for_violations
+              if created_date <= last_created_date
+                # "not persisting it - waiting for violations"
+                persistItem = false
+              end
+            else
+              if created_date < last_created_date
+                # "persisting everything"
+                persistItem = true
+              end
             end
             # Publish the record to fluentd
@@ -158,9 +167,11 @@ module Fluent
           # reduce left violations by jump size (not all batches have full item count??)
           left_violations = left_violations - @batch_size
           if left_violations <= 0
+            waiting_for_violations = true
             sleep(@wait_interval)
           else
             # Grab the next record to process for the violation details url
+            waiting_for_violations = false
             offset_count = offset_count + 1
             xray_json={"filters": { "created_from": last_created_date_string }, "pagination": {"order_by": "created","limit": @batch_size , "offset": offset_count } }
           end
@@ -226,33 +237,52 @@ module Fluent
       # normalizes Xray data according to common information models for all log-vendors
       def data_normalization(detailResp)
         detailResp_json = JSON.parse(detailResp)
-        properties = detailResp_json['properties']
         cve = []
         cvss_v2_list = []
         cvss_v3_list = []
-        for index in 0..properties.length-1 do
-          if properties[index].key?('cve')
-            cve.push(properties[index]['cve'])
-          end
-          if properties[index].key?('cvss_v2')
-            cvss_v2_list.push(properties[index]['cvss_v2'])
+        impacted_artifact_url_list = []
+        if detailResp_json.key?('properties')
+          properties = detailResp_json['properties']
+          for index in 0..properties.length-1 do
+            if properties[index].key?('cve')
+              cve.push(properties[index]['cve'])
+            end
+            if properties[index].key?('cvss_v2')
+              cvss_v2_list.push(properties[index]['cvss_v2'])
+            end
+            if properties[index].key?('cvss_v3')
+              cvss_v3_list.push(properties[index]['cvss_v3'])
+            end
           end
-          if properties[index].key?('cvss_v3')
-            cvss_v3_list.push(properties[index]['cvss_v3'])
+          detailResp_json["cve"] = cve.sort.reverse[0]
+          cvss_v2 = cvss_v2_list.sort.reverse[0]
+          cvss_v3 = cvss_v3_list.sort.reverse[0]
+          if !cvss_v3.nil?
+            cvss = cvss_v3
+          elsif !cvss_v2.nil?
+            cvss = cvss_v2
           end
+          cvss_score = cvss[0..2]
+          cvss_version = cvss.split(':')[1][0..2]
+          detailResp_json["cvss_score"] = cvss_score
+          detailResp_json["cvss_version"] = cvss_version
         end
-        detailResp_json["cve"] = cve.sort.reverse[0]
-        cvss_v2 = cvss_v2_list.sort.reverse[0]
-        cvss_v3 = cvss_v3_list.sort.reverse[0]
-        if cvss_v3.length() > 0
-          cvss = cvss_v3
-        elsif cvss_v2.length() > 0
-          cvss = cvss_v2
+        impacted_artifacts = detailResp_json['impacted_artifacts']
+        for impacted_artifact in impacted_artifacts do
+          if impacted_artifact.split('/', -1)[-1] == "manifest.json"
+            #docker formatting
+            repo_name = impacted_artifact.split('/', -1)[1]
+            image_name = impacted_artifact.split('/', -1)[2]
+            tag_name = impacted_artifact.split('/', -1)[3]
+            impacted_artifact_url = "/api/docker/" + repo_name + "/v2/" + image_name + "/manifests/" + tag_name
+          else
+            impacted_artifact_url = impacted_artifact.gsub("default", "")
+          end
+          impacted_artifact_url_list.append(impacted_artifact_url)
         end
-        cvss_score = cvss[0..2]
-        cvss_version = cvss.split(':')[1][0..2]
-        detailResp_json["cvss_score"] = cvss_score
-        detailResp_json["cvss_version"] = cvss_version
+        detailResp_json['impacted_artifacts_url'] = impacted_artifact_url_list
         return detailResp_json
       end

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: fluent-plugin-jfrog-siem
 version: !ruby/object:Gem::Version
-  version: 0.1.4
+  version: 0.1.5
 platform: ruby
 authors:
 - John Peterson
@@ -9,7 +9,7 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2021-02-02 00:00:00.000000000 Z
+date: 2021-03-29 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler