fluent-plugin-jfrog-siem 2.0.5 → 2.0.7

Sign up to get free protection for your applications and to get access to all the features.
Files changed (7) hide show
  1. checksums.yaml +4 -4
  2. data/fluent-plugin-jfrog-siem.gemspec +2 -2
  3. data/lib/fluent/plugin/in_jfrog_siem.rb +2 -0
  4. data/lib/fluent/plugin/test_violations.rb +421 -0
  5. data/lib/fluent/plugin/xray.rb +25 -12
  6. data/test/plugin/test_in_jfrog_siem.rb +1 -1
  7. metadata +13 -6
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 602f632100f31aa06677f7f5ce98def8d1e51aa43d883cc18e6c8495f80b79dc
4
- data.tar.gz: 8d28142729182b919f69ce6893928477e605aa658ae09f816f0d3f6e5dedace6
3
+ metadata.gz: 1de86065fece9f251b49bc69e3ae44fce255f3ea1362cbc6f1397a8d4fd01581
4
+ data.tar.gz: dbeb11c0337e979bfdbb8ba8b7f5df89868f479f1aec9c57cbe4271ade6b7859
5
5
  SHA512:
6
- metadata.gz: 3b1e9b8c84c67e39bcc5eb935ff498bda659f1ee360caf2967b062e3b24a1874308beb831f9fcd57b985c0eb7dd865b286064eeba1ccc7f93b70f2864a87dc51
7
- data.tar.gz: 4955cc838617021f7c3c84268af0840cee892ce17fdeafbaa41e67127fd08685cb0d20961c57d47c9b96a76b3d6371ad6ddb9b7ec5de27439a402439c97ff5b1
6
+ metadata.gz: 55e58bbb623f54ed8099541b2fc0b28ff609e2693af9d2ae405ecfc55f7c41cbe42acaea3532294e69ef76391d745a159dc1bf0e4c174ca3f90efe215f60be83
7
+ data.tar.gz: b1b2a632f52a89156c46e362b065aea36dc53dc82aeb68e1283857071a779c7b743d962e5d448edf282041a5daba37fae6a4a80459e01929a3febb08d2824e3a
data/fluent-plugin-jfrog-siem.gemspec CHANGED
@@ -3,7 +3,7 @@ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
3
3
 
4
4
  Gem::Specification.new do |spec|
5
5
  spec.name = "fluent-plugin-jfrog-siem"
6
- spec.version = "2.0.5"
6
+ spec.version = "2.0.7"
7
7
  spec.authors = ["Mahitha Byreddy", "Sudhindra Rao","Giridharan Ramasamy"]
8
8
  spec.email = ["mahithab@jfrog.com", "sudhindrar@jfrog.com", "girir@jfrog.com"]
9
9
 
@@ -29,7 +29,7 @@ Gem::Specification.new do |spec|
29
29
  spec.add_development_dependency 'rspec', '~> 3.10.0'
30
30
 
31
31
  spec.add_runtime_dependency "rest-client", "~> 2.0"
32
- spec.add_runtime_dependency "concurrent-ruby", "~> 1.1.8"
32
+ spec.add_runtime_dependency "concurrent-ruby", "~> 1.1.8" , "< 1.1.10"
33
33
  spec.add_runtime_dependency "concurrent-ruby-edge", '>= 0'
34
34
  spec.add_runtime_dependency "fluentd", [">= 0.14.10", "< 2"]
35
35
  end
data/lib/fluent/plugin/in_jfrog_siem.rb CHANGED
@@ -118,9 +118,11 @@ module Fluent
118
118
  def get_last_item_create_date()
119
119
  recent_pos_file = get_recent_pos_file()
120
120
  if recent_pos_file != nil
121
+ puts "Position file already exists so pulling the latest create_date from it"
121
122
  last_created_date_string = IO.readlines(recent_pos_file).last
122
123
  return DateTime.parse(last_created_date_string).strftime("%Y-%m-%dT%H:%M:%SZ")
123
124
  else
125
+ puts "Position file doesn't exist so fetching current DateTime to form a new position file"
124
126
  return DateTime.now.strftime("%Y-%m-%dT%H:%M:%SZ")
125
127
  end
126
128
  end
data/lib/fluent/plugin/test_violations.rb ADDED
@@ -0,0 +1,421 @@
1
+
2
+ def get_violations_details_test()
3
+ response = '{
4
+ "violation_id": "1710136527020015616",
5
+ "description": "Root access could be granted to a stranger",
6
+ "summary": "Custom issue 1",
7
+ "severity": "High",
8
+ "type": "Security",
9
+ "provider": "MB",
10
+ "infected_components": [
11
+ "generic://sha256:242fe18ca64a362e4088096447c8f815fb2aa2c569c5f342de1c82318eb4973a/artifact_1.zip"
12
+ ],
13
+ "created": "2023-10-06T03:34:55Z",
14
+ "watch_name": "test_all-repositories_7005086_security",
15
+ "matched_policies": [
16
+ {
17
+ "policy": "test_security_policy_7005086",
18
+ "rule": "securityRule",
19
+ "is_blocking": false
20
+ }
21
+ ],
22
+ "issue_id": "XRAYS1-artifact_1.zip7005086",
23
+ "properties": [
24
+ {
25
+ "cve": "CVE-2018-2000568",
26
+ "cvss_v2": "5.0/CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:P/A:N"
27
+ }
28
+ ],
29
+ "impacted_artifacts": [
30
+ "mw-maven-repository-manager/inhouse_snapshot/com/mathworks/team/recruiting/recruiting/2.41.3-SNAPSHOT/recruiting-2.41.3-20230920.193355-4.war"
31
+ ],
32
+ "applicability": null
33
+ }'
34
+ resp_obj = JSON.parse(response)
35
+ return resp_obj
36
+ end
37
+
38
+ def get_violations_test()
39
+ response = '{
40
+ "total_violations":54,
41
+ "violations":[
42
+ {
43
+ "description":"Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to bypass validation via a request with a org.apache.struts.taglib.html.Constants.CANCEL parameter, which causes the action to be canceled but would not be detected from applications that do not use the isCancelled check.",
44
+ "severity":"High",
45
+ "type":"Security",
46
+ "infected_components":[
47
+ "gav://struts:struts:1.1"
48
+ ],
49
+ "created":"2021-06-16T21:22:18Z",
50
+ "watch_name":"maven-watch1",
51
+ "issue_id":"XRAY-55418",
52
+ "violation_details_url":"http://localhost:8046/xray/api/v1/violations?watch_id=ff9cf61f42a095cd97ea0ec0&issue_id=XRAY-55418&comp_id=gav:%2F%2Fstruts:struts:1.1",
53
+ "impacted_artifacts":[
54
+ "mw-maven-repository-manager/inhouse_snapshot/com/mathworks/team/recruiting/recruiting/2.41.3-SNAPSHOT/recruiting-2.41.3-20230920.193355-4.war"
55
+ ]
56
+ },
57
+ {
58
+ "description":"The Apache Software License, Version 1.1",
59
+ "severity":"High",
60
+ "type":"License",
61
+ "infected_components":[
62
+ "gav://struts:struts:1.1"
63
+ ],
64
+ "created":"2021-06-16T21:22:18Z",
65
+ "watch_name":"license-watch",
66
+ "issue_id":"Apache-1.1",
67
+ "violation_details_url":"http://localhost:8046/xray/api/v1/violations?watch_id=b241c1986818d68993093e35&issue_id=Apache-1.1&comp_id=gav:%2F%2Fstruts:struts:1.1",
68
+ "impacted_artifacts":[
69
+ "default/maven-repo-1/struts/struts/1.1/struts-1.1.jar"
70
+ ]
71
+ },
72
+ {
73
+ "description":"The MultiPageValidator implementation in Apache Struts 1 1.1 through 1.3.10 allows remote attackers to bypass intended access restrictions via a modified page parameter.",
74
+ "severity":"High",
75
+ "type":"Security",
76
+ "infected_components":[
77
+ "gav://struts:struts:1.1"
78
+ ],
79
+ "created":"2021-06-16T21:22:18Z",
80
+ "watch_name":"maven-watch1",
81
+ "issue_id":"XRAY-55648",
82
+ "violation_details_url":"http://localhost:8046/xray/api/v1/violations?watch_id=ff9cf61f42a095cd97ea0ec0&issue_id=XRAY-55648&comp_id=gav:%2F%2Fstruts:struts:1.1",
83
+ "impacted_artifacts":[
84
+ "default/maven-repo-1/struts/struts/1.1/struts-1.1.jar"
85
+ ]
86
+ },
87
+ {
88
+ "description":"Cross-site scripting (XSS) vulnerability in Apache Struts before 1.2.9-162.31.1 on SUSE Linux Enterprise (SLE) 11, before 1.2.9-108.2 on SUSE openSUSE 10.3, before 1.2.9-198.2 on SUSE openSUSE 11.0, and before 1.2.9-162.163.2 on SUSE openSUSE 11.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to \"insufficient quoting of parameters.\"",
89
+ "severity":"Medium",
90
+ "type":"Security",
91
+ "infected_components":[
92
+ "gav://struts:struts:1.1"
93
+ ],
94
+ "created":"2021-06-16T21:22:18Z",
95
+ "watch_name":"maven-watch1",
96
+ "issue_id":"XRAY-55444",
97
+ "violation_details_url":"http://localhost:8046/xray/api/v1/violations?watch_id=ff9cf61f42a095cd97ea0ec0&issue_id=XRAY-55444&comp_id=gav:%2F%2Fstruts:struts:1.1",
98
+ "impacted_artifacts":[
99
+ "default/maven-repo-1/struts/struts/1.1/struts-1.1.jar"
100
+ ]
101
+ },
102
+ {
103
+ "description":"Cross-site scripting (XSS) vulnerability in (1) LookupDispatchAction and possibly (2) DispatchAction and (3) ActionDispatcher in Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to inject arbitrary web script or HTML via the parameter name, which is not filtered in the resulting error message.",
104
+ "severity":"Medium",
105
+ "type":"Security",
106
+ "infected_components":[
107
+ "gav://struts:struts:1.1"
108
+ ],
109
+ "created":"2021-06-16T21:22:18Z",
110
+ "watch_name":"maven-watch1",
111
+ "issue_id":"XRAY-55420",
112
+ "violation_details_url":"http://localhost:8046/xray/api/v1/violations?watch_id=ff9cf61f42a095cd97ea0ec0&issue_id=XRAY-55420&comp_id=gav:%2F%2Fstruts:struts:1.1",
113
+ "impacted_artifacts":[
114
+ "default/maven-repo-1/struts/struts/1.1/struts-1.1.jar"
115
+ ]
116
+ },
117
+ {
118
+ "description":"ActionForm in Apache Software Foundation (ASF) Struts before 1.2.9 with BeanUtils 1.7 allows remote attackers to cause a denial of service via a multipart/form-data encoded form with a parameter name that references the public getMultipartRequestHandler method, which provides further access to elements in the CommonsMultipartRequestHandler implementation and BeanUtils.",
119
+ "severity":"High",
120
+ "type":"Security",
121
+ "infected_components":[
122
+ "gav://struts:struts:1.1"
123
+ ],
124
+ "created":"2021-06-16T21:22:18Z",
125
+ "watch_name":"maven-watch1",
126
+ "issue_id":"XRAY-55419",
127
+ "violation_details_url":"http://localhost:8046/xray/api/v1/violations?watch_id=ff9cf61f42a095cd97ea0ec0&issue_id=XRAY-55419&comp_id=gav:%2F%2Fstruts:struts:1.1",
128
+ "impacted_artifacts":[
129
+ "default/maven-repo-1/struts/struts/1.1/struts-1.1.jar"
130
+ ]
131
+ },
132
+ {
133
+ "description":"The MultiPageValidator implementation in Apache Struts 1 1.1 through 1.3.10 allows remote attackers to bypass intended access restrictions via a modified page parameter.",
134
+ "severity":"High",
135
+ "type":"Security",
136
+ "infected_components":[
137
+ "gav://struts:struts:1.2.4"
138
+ ],
139
+ "created":"2021-06-16T21:22:27Z",
140
+ "watch_name":"maven-watch-2",
141
+ "issue_id":"XRAY-55648",
142
+ "violation_details_url":"http://localhost:8046/xray/api/v1/violations?watch_id=2a3ee020bf1a86b84d122c0c&issue_id=XRAY-55648&comp_id=gav:%2F%2Fstruts:struts:1.2.4",
143
+ "impacted_artifacts":[
144
+ "default/maven-repo-2/struts/struts/1.2.4/struts-1.2.4.jar"
145
+ ]
146
+ },
147
+ {
148
+ "description":"ActionForm in Apache Software Foundation (ASF) Struts before 1.2.9 with BeanUtils 1.7 allows remote attackers to cause a denial of service via a multipart/form-data encoded form with a parameter name that references the public getMultipartRequestHandler method, which provides further access to elements in the CommonsMultipartRequestHandler implementation and BeanUtils.",
149
+ "severity":"High",
150
+ "type":"Security",
151
+ "infected_components":[
152
+ "gav://struts:struts:1.2.4"
153
+ ],
154
+ "created":"2021-06-16T21:22:27Z",
155
+ "watch_name":"maven-watch-2",
156
+ "issue_id":"XRAY-55419",
157
+ "violation_details_url":"http://localhost:8046/xray/api/v1/violations?watch_id=2a3ee020bf1a86b84d122c0c&issue_id=XRAY-55419&comp_id=gav:%2F%2Fstruts:struts:1.2.4",
158
+ "impacted_artifacts":[
159
+ "default/maven-repo-2/struts/struts/1.2.4/struts-1.2.4.jar"
160
+ ]
161
+ },
162
+ {
163
+ "description":"Cross-site scripting (XSS) vulnerability in (1) LookupDispatchAction and possibly (2) DispatchAction and (3) ActionDispatcher in Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to inject arbitrary web script or HTML via the parameter name, which is not filtered in the resulting error message.",
164
+ "severity":"Medium",
165
+ "type":"Security",
166
+ "infected_components":[
167
+ "gav://struts:struts:1.2.4"
168
+ ],
169
+ "created":"2021-06-16T21:22:27Z",
170
+ "watch_name":"maven-watch-2",
171
+ "issue_id":"XRAY-55420",
172
+ "violation_details_url":"http://localhost:8046/xray/api/v1/violations?watch_id=2a3ee020bf1a86b84d122c0c&issue_id=XRAY-55420&comp_id=gav:%2F%2Fstruts:struts:1.2.4",
173
+ "impacted_artifacts":[
174
+ "default/maven-repo-2/struts/struts/1.2.4/struts-1.2.4.jar"
175
+ ]
176
+ },
177
+ {
178
+ "description":"The Apache Software License, Version 2.0",
179
+ "severity":"High",
180
+ "type":"License",
181
+ "infected_components":[
182
+ "gav://struts:struts:1.2.4"
183
+ ],
184
+ "created":"2021-06-16T21:22:27Z",
185
+ "watch_name":"license-watch",
186
+ "issue_id":"Apache-2.0",
187
+ "violation_details_url":"http://localhost:8046/xray/api/v1/violations?watch_id=b241c1986818d68993093e35&issue_id=Apache-2.0&comp_id=gav:%2F%2Fstruts:struts:1.2.4",
188
+ "impacted_artifacts":[
189
+ "default/maven-repo-2/struts/struts/1.2.4/struts-1.2.4.jar"
190
+ ]
191
+ },
192
+ {
193
+ "description":"Cross-site scripting (XSS) vulnerability in Apache Struts before 1.2.9-162.31.1 on SUSE Linux Enterprise (SLE) 11, before 1.2.9-108.2 on SUSE openSUSE 10.3, before 1.2.9-198.2 on SUSE openSUSE 11.0, and before 1.2.9-162.163.2 on SUSE openSUSE 11.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to \"insufficient quoting of parameters.\"",
194
+ "severity":"Medium",
195
+ "type":"Security",
196
+ "infected_components":[
197
+ "gav://struts:struts:1.2.4"
198
+ ],
199
+ "created":"2021-06-16T21:22:27Z",
200
+ "watch_name":"maven-watch-2",
201
+ "issue_id":"XRAY-55444",
202
+ "violation_details_url":"http://localhost:8046/xray/api/v1/violations?watch_id=2a3ee020bf1a86b84d122c0c&issue_id=XRAY-55444&comp_id=gav:%2F%2Fstruts:struts:1.2.4",
203
+ "impacted_artifacts":[
204
+ "default/maven-repo-2/struts/struts/1.2.4/struts-1.2.4.jar"
205
+ ]
206
+ },
207
+ {
208
+ "description":"Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to bypass validation via a request with a org.apache.struts.taglib.html.Constants.CANCEL parameter, which causes the action to be canceled but would not be detected from applications that do not use the isCancelled check.",
209
+ "severity":"High",
210
+ "type":"Security",
211
+ "infected_components":[
212
+ "gav://struts:struts:1.2.4"
213
+ ],
214
+ "created":"2021-06-16T21:22:27Z",
215
+ "watch_name":"maven-watch-2",
216
+ "issue_id":"XRAY-55418",
217
+ "violation_details_url":"http://localhost:8046/xray/api/v1/violations?watch_id=2a3ee020bf1a86b84d122c0c&issue_id=XRAY-55418&comp_id=gav:%2F%2Fstruts:struts:1.2.4",
218
+ "impacted_artifacts":[
219
+ "default/maven-repo-2/struts/struts/1.2.4/struts-1.2.4.jar"
220
+ ]
221
+ },
222
+ {
223
+ "description":"Unicode Terms of Use",
224
+ "severity":"High",
225
+ "type":"License",
226
+ "infected_components":[
227
+ "gav://org.apache.struts:struts2-core:2.0.9"
228
+ ],
229
+ "created":"2021-06-16T21:22:37Z",
230
+ "watch_name":"license-watch",
231
+ "issue_id":"Unicode-TOU",
232
+ "violation_details_url":"http://localhost:8046/xray/api/v1/violations?watch_id=b241c1986818d68993093e35&issue_id=Unicode-TOU&comp_id=gav:%2F%2Forg.apache.struts:struts2-core:2.0.9",
233
+ "impacted_artifacts":[
234
+ "default/maven-repo-3/org/apache/struts/struts2-core/2.0.9/struts2-core-2.0.9.jar"
235
+ ]
236
+ },
237
+ {
238
+ "description":"BSD 3-Clause \"New\" or \"Revised\" License",
239
+ "severity":"High",
240
+ "type":"License",
241
+ "infected_components":[
242
+ "gav://org.apache.struts:struts2-core:2.0.9"
243
+ ],
244
+ "created":"2021-06-16T21:22:37Z",
245
+ "watch_name":"license-watch",
246
+ "issue_id":"BSD-3-Clause",
247
+ "violation_details_url":"http://localhost:8046/xray/api/v1/violations?watch_id=b241c1986818d68993093e35&issue_id=BSD-3-Clause&comp_id=gav:%2F%2Forg.apache.struts:struts2-core:2.0.9",
248
+ "impacted_artifacts":[
249
+ "default/maven-repo-3/org/apache/struts/struts2-core/2.0.9/struts2-core-2.0.9.jar"
250
+ ]
251
+ },
252
+ {
253
+ "description":"The Apache Software License, Version 2.0",
254
+ "severity":"High",
255
+ "type":"License",
256
+ "infected_components":[
257
+ "gav://org.apache.struts:struts2-core:2.0.9"
258
+ ],
259
+ "created":"2021-06-16T21:22:37Z",
260
+ "watch_name":"license-watch",
261
+ "issue_id":"Apache-2.0",
262
+ "violation_details_url":"http://localhost:8046/xray/api/v1/violations?watch_id=b241c1986818d68993093e35&issue_id=Apache-2.0&comp_id=gav:%2F%2Forg.apache.struts:struts2-core:2.0.9",
263
+ "impacted_artifacts":[
264
+ "default/maven-repo-3/org/apache/struts/struts2-core/2.0.9/struts2-core-2.0.9.jar"
265
+ ]
266
+ },
267
+ {
268
+ "description":"The OGNL extensive expression evaluation capability in XWork in Struts 2.0.0 through 2.1.8.1, as used in Atlassian Fisheye, Crucible, and possibly other products, uses a permissive whitelist, which allows remote attackers to modify server-side context objects and bypass the \"#\" protection mechanism in ParameterInterceptors via the (1) #context, (2) #_memberAccess, (3) #root, (4) #this, (5) #_typeResolver, (6) #_classResolver, (7) #_traceEvaluations, (8) #_lastEvaluation, (9) #_keepLastEvaluation, and possibly other OGNL context variables, a different vulnerability than CVE-2008-6504.",
269
+ "severity":"Medium",
270
+ "type":"Security",
271
+ "infected_components":[
272
+ "gav://org.apache.struts:struts2-core:2.0.9"
273
+ ],
274
+ "created":"2021-06-16T21:22:37Z",
275
+ "watch_name":"maven-watch-3",
276
+ "issue_id":"XRAY-55471",
277
+ "violation_details_url":"http://localhost:8046/xray/api/v1/violations?watch_id=2c5ecab8172f24086f4b3bf4&issue_id=XRAY-55471&comp_id=gav:%2F%2Forg.apache.struts:struts2-core:2.0.9",
278
+ "impacted_artifacts":[
279
+ "default/maven-repo-3/org/apache/struts/struts2-core/2.0.9/struts2-core-2.0.9.jar"
280
+ ]
281
+ },
282
+ {
283
+ "description":"Academic Free License v2.1",
284
+ "severity":"High",
285
+ "type":"License",
286
+ "infected_components":[
287
+ "gav://org.apache.struts:struts2-core:2.0.9"
288
+ ],
289
+ "created":"2021-06-16T21:22:37Z",
290
+ "watch_name":"license-watch",
291
+ "issue_id":"AFL-2.1",
292
+ "violation_details_url":"http://localhost:8046/xray/api/v1/violations?watch_id=b241c1986818d68993093e35&issue_id=AFL-2.1&comp_id=gav:%2F%2Forg.apache.struts:struts2-core:2.0.9",
293
+ "impacted_artifacts":[
294
+ "default/maven-repo-3/org/apache/struts/struts2-core/2.0.9/struts2-core-2.0.9.jar"
295
+ ]
296
+ },
297
+ {
298
+ "description":"ParametersInterceptor in OpenSymphony XWork 2.0.x before 2.0.6 and 2.1.x before 2.1.2, as used in Apache Struts and other products, does not properly restrict # (pound sign) references to context objects, which allows remote attackers to execute Object-Graph Navigation Language (OGNL) statements and modify server-side context objects, as demonstrated by use of a \\u0023 representation for the # character.",
299
+ "severity":"Medium",
300
+ "type":"Security",
301
+ "infected_components":[
302
+ "gav://org.apache.struts:struts2-core:2.0.9"
303
+ ],
304
+ "created":"2021-06-16T21:22:38Z",
305
+ "watch_name":"maven-watch-3",
306
+ "issue_id":"XRAY-55446",
307
+ "violation_details_url":"http://localhost:8046/xray/api/v1/violations?watch_id=2c5ecab8172f24086f4b3bf4&issue_id=XRAY-55446&comp_id=gav:%2F%2Forg.apache.struts:struts2-core:2.0.9",
308
+ "impacted_artifacts":[
309
+ "default/maven-repo-3/org/apache/struts/struts2-core/2.0.9/struts2-core-2.0.9.jar"
310
+ ]
311
+ },
312
+ {
313
+ "description":"Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.x before 2.0.11.1 and 2.1.x before 2.1.1 allow remote attackers to inject arbitrary web script or HTML via vectors associated with improper handling of (1) \" (double quote) characters in the href attribute of an s:a tag and (2) parameters in the action attribute of an s:url tag.",
314
+ "severity":"Medium",
315
+ "type":"Security",
316
+ "infected_components":[
317
+ "gav://org.apache.struts:struts2-core:2.0.9"
318
+ ],
319
+ "created":"2021-06-16T21:22:38Z",
320
+ "watch_name":"maven-watch-3",
321
+ "issue_id":"XRAY-55448",
322
+ "violation_details_url":"http://localhost:8046/xray/api/v1/violations?watch_id=2c5ecab8172f24086f4b3bf4&issue_id=XRAY-55448&comp_id=gav:%2F%2Forg.apache.struts:struts2-core:2.0.9",
323
+ "impacted_artifacts":[
324
+ "default/maven-repo-3/org/apache/struts/struts2-core/2.0.9/struts2-core-2.0.9.jar"
325
+ ]
326
+ },
327
+ {
328
+ "description":"Forced OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution. Affected software : Apache Struts 2.0.0 - Struts 2.5.25.",
329
+ "severity":"Critical",
330
+ "type":"Security",
331
+ "infected_components":[
332
+ "gav://org.apache.struts:struts2-core:2.0.9"
333
+ ],
334
+ "created":"2021-06-16T21:22:38Z",
335
+ "watch_name":"maven-watch-3",
336
+ "issue_id":"XRAY-129844",
337
+ "violation_details_url":"http://localhost:8046/xray/api/v1/violations?watch_id=2c5ecab8172f24086f4b3bf4&issue_id=XRAY-129844&comp_id=gav:%2F%2Forg.apache.struts:struts2-core:2.0.9",
338
+ "impacted_artifacts":[
339
+ "default/maven-repo-3/org/apache/struts/struts2-core/2.0.9/struts2-core-2.0.9.jar"
340
+ ]
341
+ },
342
+ {
343
+ "description":"The ExceptionDelegator component in Apache Struts before 2.2.3.1 interprets parameter values as OGNL expressions during certain exception handling for mismatched data types of properties, which allows remote attackers to execute arbitrary Java code via a crafted parameter.",
344
+ "severity":"High",
345
+ "type":"Security",
346
+ "infected_components":[
347
+ "gav://org.apache.struts:struts2-core:2.0.9"
348
+ ],
349
+ "created":"2021-06-16T21:22:38Z",
350
+ "watch_name":"maven-watch-3",
351
+ "issue_id":"XRAY-55522",
352
+ "violation_details_url":"http://localhost:8046/xray/api/v1/violations?watch_id=2c5ecab8172f24086f4b3bf4&issue_id=XRAY-55522&comp_id=gav:%2F%2Forg.apache.struts:struts2-core:2.0.9",
353
+ "impacted_artifacts":[
354
+ "default/maven-repo-3/org/apache/struts/struts2-core/2.0.9/struts2-core-2.0.9.jar"
355
+ ]
356
+ },
357
+ {
358
+ "description":"Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted value that contains both \"${}\" and \"%{}\" sequences, which causes the OGNL code to be evaluated twice.",
359
+ "severity":"High",
360
+ "type":"Security",
361
+ "infected_components":[
362
+ "gav://org.apache.struts:struts2-core:2.0.9"
363
+ ],
364
+ "created":"2021-06-16T21:22:38Z",
365
+ "watch_name":"maven-watch-3",
366
+ "issue_id":"XRAY-55575",
367
+ "violation_details_url":"http://localhost:8046/xray/api/v1/violations?watch_id=2c5ecab8172f24086f4b3bf4&issue_id=XRAY-55575&comp_id=gav:%2F%2Forg.apache.struts:struts2-core:2.0.9",
368
+ "impacted_artifacts":[
369
+ "default/maven-repo-3/org/apache/struts/struts2-core/2.0.9/struts2-core-2.0.9.jar"
370
+ ]
371
+ },
372
+ {
373
+ "description":"Apache Struts JSP Page Handling Unspecified XSS",
374
+ "severity":"Medium",
375
+ "type":"Security",
376
+ "infected_components":[
377
+ "gav://org.apache.struts:struts2-core:2.0.9"
378
+ ],
379
+ "created":"2021-06-16T21:22:38Z",
380
+ "watch_name":"maven-watch-3",
381
+ "issue_id":"XRAY-81164",
382
+ "violation_details_url":"http://localhost:8046/xray/api/v1/violations?watch_id=2c5ecab8172f24086f4b3bf4&issue_id=XRAY-81164&comp_id=gav:%2F%2Forg.apache.struts:struts2-core:2.0.9",
383
+ "impacted_artifacts":[
384
+ "default/maven-repo-3/org/apache/struts/struts2-core/2.0.9/struts2-core-2.0.9.jar"
385
+ ]
386
+ },
387
+ {
388
+ "description":"Apache Struts <s:textfield> Tag <s:include> Handling XSS",
389
+ "severity":"Medium",
390
+ "type":"Security",
391
+ "infected_components":[
392
+ "gav://org.apache.struts:struts2-core:2.0.9"
393
+ ],
394
+ "created":"2021-06-16T21:22:38Z",
395
+ "watch_name":"maven-watch-3",
396
+ "issue_id":"XRAY-81187",
397
+ "violation_details_url":"http://localhost:8046/xray/api/v1/violations?watch_id=2c5ecab8172f24086f4b3bf4&issue_id=XRAY-81187&comp_id=gav:%2F%2Forg.apache.struts:struts2-core:2.0.9",
398
+ "impacted_artifacts":[
399
+ "default/maven-repo-3/org/apache/struts/struts2-core/2.0.9/struts2-core-2.0.9.jar"
400
+ ]
401
+ },
402
+ {
403
+ "description":"Apache Struts EL / OGNL Interpretation Unspecified Remote Code Execution",
404
+ "severity":"High",
405
+ "type":"Security",
406
+ "infected_components":[
407
+ "gav://org.apache.struts:struts2-core:2.0.9"
408
+ ],
409
+ "created":"2021-06-16T21:22:38Z",
410
+ "watch_name":"maven-watch-3",
411
+ "issue_id":"XRAY-87424",
412
+ "violation_details_url":"http://localhost:8046/xray/api/v1/violations?watch_id=2c5ecab8172f24086f4b3bf4&issue_id=XRAY-87424&comp_id=gav:%2F%2Forg.apache.struts:struts2-core:2.0.9",
413
+ "impacted_artifacts":[
414
+ "default/maven-repo-3/org/apache/struts/struts2-core/2.0.9/struts2-core-2.0.9.jar"
415
+ ]
416
+ }
417
+ ]
418
+ }'
419
+ resp_obj = JSON.parse(response)
420
+ return resp_obj
421
+ end
data/lib/fluent/plugin/xray.rb CHANGED
@@ -21,6 +21,7 @@ class Xray
21
21
  page_number = 1
22
22
  timer_task = Concurrent::TimerTask.new(execution_interval: @wait_interval, timeout_interval: 30) do
23
23
  xray_json = {"filters": { "created_from": date_since }, "pagination": {"order_by": "created","limit": @batch_size ,"offset": page_number } }
24
+ puts "Fetching Xray Violations with #{xray_json} parameters"
24
25
  resp = get_violations(xray_json)
25
26
  page_violation_count = resp['violations'].length
26
27
  puts "Total violations count is #{resp['total_violations']}"
@@ -38,22 +39,23 @@ class Xray
38
39
  def violation_details(violations_channel)
39
40
  violations_channel.each do |v|
40
41
  Concurrent::Promises.future(v) do |v|
41
- pull_violation_details(v['violation_details_url'])
42
+ process_violation_details(v['violation_details_url'])
42
43
  pos_file = PositionFile.new(@pos_file_path)
44
+ puts "Adding issue #{v['issue_id']} to position file at #{@pos_file_path}"
43
45
  pos_file.write(v)
44
46
  end
45
47
  end
46
48
  end
47
49
 
48
- def pull_violation_details(xray_violation_detail_url)
50
+ def process_violation_details(xray_violation_detail_url)
49
51
  begin
50
52
  detailResp_json = data_normalization(get_violations_detail(xray_violation_detail_url))
51
53
  time = Fluent::Engine.now
52
- puts detailResp_json
54
+ puts "Emitting normalized Xray Violation #{detailResp_json['issue_id']}"
53
55
  @router.emit(@tag, time, detailResp_json)
54
56
  rescue => e
55
- puts "error: #{e}"
56
- raise Fluent::ConfigError, "Error pulling violation details url #{xray_violation_detail_url}: #{e}"
57
+ puts "Process Violation details error: #{e}"
58
+ raise Fluent::ConfigError, "Process Violation details error: #{e}"
57
59
  end
58
60
  end
59
61
 
@@ -78,8 +80,8 @@ class Xray
78
80
  when 200
79
81
  return JSON.parse(response.to_s)
80
82
  else
81
- puts "error: #{response.to_json}"
82
- raise Fluent::ConfigError, "Cannot reach Artifactory URL to pull Xray SIEM violations details."
83
+ puts "Validation failed error (cannot reach Artifactory to pull Xray Violation details): #{response.to_json}"
84
+ raise Fluent::ConfigError, "Validation failed error (cannot reach Artifactory to pull Xray Violation details): #{response.to_json}"
83
85
  end
84
86
  end
85
87
  end
@@ -135,8 +137,12 @@ class Xray
135
137
 
136
138
  detailResp_json['impacted_artifacts'].each do |impacted_artifact|
137
139
  matchdata = impacted_artifact.match /default\/(?<repo_name>[^\/]*)\/(?<path>.*)/
138
- impacted_artifact_url = matchdata['repo_name'] + ":" + matchdata['path'] + " "
139
- impacted_artifact_url_list.append(impacted_artifact_url)
140
+ if matchdata
141
+ impacted_artifact_url = matchdata['repo_name'] + ":" + matchdata['path'] + " "
142
+ impacted_artifact_url_list.append(impacted_artifact_url)
143
+ else
144
+ impacted_artifact_url_list.append(impacted_artifact)
145
+ end
140
146
  end
141
147
  detailResp_json['impacted_artifacts_url'] = impacted_artifact_url_list
142
148
  return detailResp_json
@@ -144,13 +150,19 @@ class Xray
144
150
 
145
151
  def process(violation, violations_channel)
146
152
  pos_file = PositionFile.new(@pos_file_path)
147
- violations_channel << violation unless pos_file.processed?(violation)
153
+ unless pos_file.processed?(violation)
154
+ violations_channel << violation
155
+ else
156
+ puts "Violation #{violation['issue_id']} is already processed"
157
+ end
158
+ #violations_channel << violation unless pos_file.processed?(violation)
148
159
  violations_channel
149
160
  end
150
161
 
151
162
  private
152
163
  def get_violations(xray_json)
153
164
  if !@token.nil? && @token != ''
165
+ puts "Validating JPD access token and fetching violations"
154
166
  response = RestClient::Request.new(
155
167
  :method => :post,
156
168
  :url => @jpd_url + "/xray/api/v1/violations",
@@ -158,6 +170,7 @@ class Xray
158
170
  :headers => { :accept => :json, :content_type => :json, Authorization:'Bearer ' + @token }
159
171
  )
160
172
  elsif !@api_key.nil? && @api_key != ''
173
+ puts "Validating JPD API Key and fetching violations"
161
174
  response = RestClient::Request.new(
162
175
  :method => :post,
163
176
  :url => @jpd_url + "/xray/api/v1/violations",
@@ -172,8 +185,8 @@ class Xray
172
185
  when 200
173
186
  return JSON.parse(response.to_str)
174
187
  else
175
- puts "error: #{response.to_json}"
176
- raise Fluent::ConfigError, "Cannot reach Artifactory URL to pull Xray SIEM violations. #{response.to_json}"
188
+ puts "Validation failed error (cannot reach Artifactory to pull Xray Violations): #{response.to_json}"
189
+ raise Fluent::ConfigError, "Validation failed error (cannot reach Artifactory to pull Xray Violations): #{response.to_json}"
177
190
  end
178
191
  end
179
192
  end
data/test/plugin/test_in_jfrog_siem.rb CHANGED
@@ -38,4 +38,4 @@ class JfrogSiemInputTest < Test::Unit::TestCase
38
38
  end
39
39
  end
40
40
  end
41
- end
41
+ end
metadata CHANGED
@@ -1,16 +1,16 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: fluent-plugin-jfrog-siem
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.0.5
4
+ version: 2.0.7
5
5
  platform: ruby
6
6
  authors:
7
7
  - Mahitha Byreddy
8
8
  - Sudhindra Rao
9
9
  - Giridharan Ramasamy
10
- autorequire:
10
+ autorequire:
11
11
  bindir: bin
12
12
  cert_chain: []
13
- date: 2022-12-06 00:00:00.000000000 Z
13
+ date: 2023-10-23 00:00:00.000000000 Z
14
14
  dependencies:
15
15
  - !ruby/object:Gem::Dependency
16
16
  name: bundler
@@ -137,6 +137,9 @@ dependencies:
137
137
  - - "~>"
138
138
  - !ruby/object:Gem::Version
139
139
  version: 1.1.8
140
+ - - "<"
141
+ - !ruby/object:Gem::Version
142
+ version: 1.1.10
140
143
  type: :runtime
141
144
  prerelease: false
142
145
  version_requirements: !ruby/object:Gem::Requirement
@@ -144,6 +147,9 @@ dependencies:
144
147
  - - "~>"
145
148
  - !ruby/object:Gem::Version
146
149
  version: 1.1.8
150
+ - - "<"
151
+ - !ruby/object:Gem::Version
152
+ version: 1.1.10
147
153
  - !ruby/object:Gem::Dependency
148
154
  name: concurrent-ruby-edge
149
155
  requirement: !ruby/object:Gem::Requirement
@@ -197,6 +203,7 @@ files:
197
203
  - fluent-plugin-jfrog-siem.gemspec
198
204
  - lib/fluent/plugin/in_jfrog_siem.rb
199
205
  - lib/fluent/plugin/position_file.rb
206
+ - lib/fluent/plugin/test_violations.rb
200
207
  - lib/fluent/plugin/violations.json
201
208
  - lib/fluent/plugin/xray.rb
202
209
  - spec/position_file_spec.rb
@@ -208,7 +215,7 @@ homepage: https://github.com/jfrog/fluent-plugin-jfrog-siem
208
215
  licenses:
209
216
  - Apache-2.0
210
217
  metadata: {}
211
- post_install_message:
218
+ post_install_message:
212
219
  rdoc_options: []
213
220
  require_paths:
214
221
  - lib
@@ -223,8 +230,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
223
230
  - !ruby/object:Gem::Version
224
231
  version: '0'
225
232
  requirements: []
226
- rubygems_version: 3.0.3.1
227
- signing_key:
233
+ rubygems_version: 3.1.6
234
+ signing_key:
228
235
  specification_version: 4
229
236
  summary: JFrog SIEM fluent input plugin will send the SIEM events from JFrog Xray
230
237
  to Fluentd