fluent-plugin-jfrog-siem 2.0.5 → 2.0.7
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/fluent-plugin-jfrog-siem.gemspec +2 -2
- data/lib/fluent/plugin/in_jfrog_siem.rb +2 -0
- data/lib/fluent/plugin/test_violations.rb +421 -0
- data/lib/fluent/plugin/xray.rb +25 -12
- data/test/plugin/test_in_jfrog_siem.rb +1 -1
- metadata +13 -6
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 1de86065fece9f251b49bc69e3ae44fce255f3ea1362cbc6f1397a8d4fd01581
|
4
|
+
data.tar.gz: dbeb11c0337e979bfdbb8ba8b7f5df89868f479f1aec9c57cbe4271ade6b7859
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 55e58bbb623f54ed8099541b2fc0b28ff609e2693af9d2ae405ecfc55f7c41cbe42acaea3532294e69ef76391d745a159dc1bf0e4c174ca3f90efe215f60be83
|
7
|
+
data.tar.gz: b1b2a632f52a89156c46e362b065aea36dc53dc82aeb68e1283857071a779c7b743d962e5d448edf282041a5daba37fae6a4a80459e01929a3febb08d2824e3a
|
@@ -3,7 +3,7 @@ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
|
|
3
3
|
|
4
4
|
Gem::Specification.new do |spec|
|
5
5
|
spec.name = "fluent-plugin-jfrog-siem"
|
6
|
-
spec.version = "2.0.
|
6
|
+
spec.version = "2.0.7"
|
7
7
|
spec.authors = ["Mahitha Byreddy", "Sudhindra Rao","Giridharan Ramasamy"]
|
8
8
|
spec.email = ["mahithab@jfrog.com", "sudhindrar@jfrog.com", "girir@jfrog.com"]
|
9
9
|
|
@@ -29,7 +29,7 @@ Gem::Specification.new do |spec|
|
|
29
29
|
spec.add_development_dependency 'rspec', '~> 3.10.0'
|
30
30
|
|
31
31
|
spec.add_runtime_dependency "rest-client", "~> 2.0"
|
32
|
-
spec.add_runtime_dependency "concurrent-ruby", "~> 1.1.8"
|
32
|
+
spec.add_runtime_dependency "concurrent-ruby", "~> 1.1.8" , "< 1.1.10"
|
33
33
|
spec.add_runtime_dependency "concurrent-ruby-edge", '>= 0'
|
34
34
|
spec.add_runtime_dependency "fluentd", [">= 0.14.10", "< 2"]
|
35
35
|
end
|
@@ -118,9 +118,11 @@ module Fluent
|
|
118
118
|
def get_last_item_create_date()
|
119
119
|
recent_pos_file = get_recent_pos_file()
|
120
120
|
if recent_pos_file != nil
|
121
|
+
puts "Position file already exists so pulling the latest create_date from it"
|
121
122
|
last_created_date_string = IO.readlines(recent_pos_file).last
|
122
123
|
return DateTime.parse(last_created_date_string).strftime("%Y-%m-%dT%H:%M:%SZ")
|
123
124
|
else
|
125
|
+
puts "Position file doesn't exist so fetching current DateTime to form a new position file"
|
124
126
|
return DateTime.now.strftime("%Y-%m-%dT%H:%M:%SZ")
|
125
127
|
end
|
126
128
|
end
|
@@ -0,0 +1,421 @@
|
|
1
|
+
|
2
|
+
def get_violations_details_test()
|
3
|
+
response = '{
|
4
|
+
"violation_id": "1710136527020015616",
|
5
|
+
"description": "Root access could be granted to a stranger",
|
6
|
+
"summary": "Custom issue 1",
|
7
|
+
"severity": "High",
|
8
|
+
"type": "Security",
|
9
|
+
"provider": "MB",
|
10
|
+
"infected_components": [
|
11
|
+
"generic://sha256:242fe18ca64a362e4088096447c8f815fb2aa2c569c5f342de1c82318eb4973a/artifact_1.zip"
|
12
|
+
],
|
13
|
+
"created": "2023-10-06T03:34:55Z",
|
14
|
+
"watch_name": "test_all-repositories_7005086_security",
|
15
|
+
"matched_policies": [
|
16
|
+
{
|
17
|
+
"policy": "test_security_policy_7005086",
|
18
|
+
"rule": "securityRule",
|
19
|
+
"is_blocking": false
|
20
|
+
}
|
21
|
+
],
|
22
|
+
"issue_id": "XRAYS1-artifact_1.zip7005086",
|
23
|
+
"properties": [
|
24
|
+
{
|
25
|
+
"cve": "CVE-2018-2000568",
|
26
|
+
"cvss_v2": "5.0/CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:P/A:N"
|
27
|
+
}
|
28
|
+
],
|
29
|
+
"impacted_artifacts": [
|
30
|
+
"mw-maven-repository-manager/inhouse_snapshot/com/mathworks/team/recruiting/recruiting/2.41.3-SNAPSHOT/recruiting-2.41.3-20230920.193355-4.war"
|
31
|
+
],
|
32
|
+
"applicability": null
|
33
|
+
}'
|
34
|
+
resp_obj = JSON.parse(response)
|
35
|
+
return resp_obj
|
36
|
+
end
|
37
|
+
|
38
|
+
def get_violations_test()
|
39
|
+
response = '{
|
40
|
+
"total_violations":54,
|
41
|
+
"violations":[
|
42
|
+
{
|
43
|
+
"description":"Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to bypass validation via a request with a org.apache.struts.taglib.html.Constants.CANCEL parameter, which causes the action to be canceled but would not be detected from applications that do not use the isCancelled check.",
|
44
|
+
"severity":"High",
|
45
|
+
"type":"Security",
|
46
|
+
"infected_components":[
|
47
|
+
"gav://struts:struts:1.1"
|
48
|
+
],
|
49
|
+
"created":"2021-06-16T21:22:18Z",
|
50
|
+
"watch_name":"maven-watch1",
|
51
|
+
"issue_id":"XRAY-55418",
|
52
|
+
"violation_details_url":"http://localhost:8046/xray/api/v1/violations?watch_id=ff9cf61f42a095cd97ea0ec0&issue_id=XRAY-55418&comp_id=gav:%2F%2Fstruts:struts:1.1",
|
53
|
+
"impacted_artifacts":[
|
54
|
+
"mw-maven-repository-manager/inhouse_snapshot/com/mathworks/team/recruiting/recruiting/2.41.3-SNAPSHOT/recruiting-2.41.3-20230920.193355-4.war"
|
55
|
+
]
|
56
|
+
},
|
57
|
+
{
|
58
|
+
"description":"The Apache Software License, Version 1.1",
|
59
|
+
"severity":"High",
|
60
|
+
"type":"License",
|
61
|
+
"infected_components":[
|
62
|
+
"gav://struts:struts:1.1"
|
63
|
+
],
|
64
|
+
"created":"2021-06-16T21:22:18Z",
|
65
|
+
"watch_name":"license-watch",
|
66
|
+
"issue_id":"Apache-1.1",
|
67
|
+
"violation_details_url":"http://localhost:8046/xray/api/v1/violations?watch_id=b241c1986818d68993093e35&issue_id=Apache-1.1&comp_id=gav:%2F%2Fstruts:struts:1.1",
|
68
|
+
"impacted_artifacts":[
|
69
|
+
"default/maven-repo-1/struts/struts/1.1/struts-1.1.jar"
|
70
|
+
]
|
71
|
+
},
|
72
|
+
{
|
73
|
+
"description":"The MultiPageValidator implementation in Apache Struts 1 1.1 through 1.3.10 allows remote attackers to bypass intended access restrictions via a modified page parameter.",
|
74
|
+
"severity":"High",
|
75
|
+
"type":"Security",
|
76
|
+
"infected_components":[
|
77
|
+
"gav://struts:struts:1.1"
|
78
|
+
],
|
79
|
+
"created":"2021-06-16T21:22:18Z",
|
80
|
+
"watch_name":"maven-watch1",
|
81
|
+
"issue_id":"XRAY-55648",
|
82
|
+
"violation_details_url":"http://localhost:8046/xray/api/v1/violations?watch_id=ff9cf61f42a095cd97ea0ec0&issue_id=XRAY-55648&comp_id=gav:%2F%2Fstruts:struts:1.1",
|
83
|
+
"impacted_artifacts":[
|
84
|
+
"default/maven-repo-1/struts/struts/1.1/struts-1.1.jar"
|
85
|
+
]
|
86
|
+
},
|
87
|
+
{
|
88
|
+
"description":"Cross-site scripting (XSS) vulnerability in Apache Struts before 1.2.9-162.31.1 on SUSE Linux Enterprise (SLE) 11, before 1.2.9-108.2 on SUSE openSUSE 10.3, before 1.2.9-198.2 on SUSE openSUSE 11.0, and before 1.2.9-162.163.2 on SUSE openSUSE 11.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to \"insufficient quoting of parameters.\"",
|
89
|
+
"severity":"Medium",
|
90
|
+
"type":"Security",
|
91
|
+
"infected_components":[
|
92
|
+
"gav://struts:struts:1.1"
|
93
|
+
],
|
94
|
+
"created":"2021-06-16T21:22:18Z",
|
95
|
+
"watch_name":"maven-watch1",
|
96
|
+
"issue_id":"XRAY-55444",
|
97
|
+
"violation_details_url":"http://localhost:8046/xray/api/v1/violations?watch_id=ff9cf61f42a095cd97ea0ec0&issue_id=XRAY-55444&comp_id=gav:%2F%2Fstruts:struts:1.1",
|
98
|
+
"impacted_artifacts":[
|
99
|
+
"default/maven-repo-1/struts/struts/1.1/struts-1.1.jar"
|
100
|
+
]
|
101
|
+
},
|
102
|
+
{
|
103
|
+
"description":"Cross-site scripting (XSS) vulnerability in (1) LookupDispatchAction and possibly (2) DispatchAction and (3) ActionDispatcher in Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to inject arbitrary web script or HTML via the parameter name, which is not filtered in the resulting error message.",
|
104
|
+
"severity":"Medium",
|
105
|
+
"type":"Security",
|
106
|
+
"infected_components":[
|
107
|
+
"gav://struts:struts:1.1"
|
108
|
+
],
|
109
|
+
"created":"2021-06-16T21:22:18Z",
|
110
|
+
"watch_name":"maven-watch1",
|
111
|
+
"issue_id":"XRAY-55420",
|
112
|
+
"violation_details_url":"http://localhost:8046/xray/api/v1/violations?watch_id=ff9cf61f42a095cd97ea0ec0&issue_id=XRAY-55420&comp_id=gav:%2F%2Fstruts:struts:1.1",
|
113
|
+
"impacted_artifacts":[
|
114
|
+
"default/maven-repo-1/struts/struts/1.1/struts-1.1.jar"
|
115
|
+
]
|
116
|
+
},
|
117
|
+
{
|
118
|
+
"description":"ActionForm in Apache Software Foundation (ASF) Struts before 1.2.9 with BeanUtils 1.7 allows remote attackers to cause a denial of service via a multipart/form-data encoded form with a parameter name that references the public getMultipartRequestHandler method, which provides further access to elements in the CommonsMultipartRequestHandler implementation and BeanUtils.",
|
119
|
+
"severity":"High",
|
120
|
+
"type":"Security",
|
121
|
+
"infected_components":[
|
122
|
+
"gav://struts:struts:1.1"
|
123
|
+
],
|
124
|
+
"created":"2021-06-16T21:22:18Z",
|
125
|
+
"watch_name":"maven-watch1",
|
126
|
+
"issue_id":"XRAY-55419",
|
127
|
+
"violation_details_url":"http://localhost:8046/xray/api/v1/violations?watch_id=ff9cf61f42a095cd97ea0ec0&issue_id=XRAY-55419&comp_id=gav:%2F%2Fstruts:struts:1.1",
|
128
|
+
"impacted_artifacts":[
|
129
|
+
"default/maven-repo-1/struts/struts/1.1/struts-1.1.jar"
|
130
|
+
]
|
131
|
+
},
|
132
|
+
{
|
133
|
+
"description":"The MultiPageValidator implementation in Apache Struts 1 1.1 through 1.3.10 allows remote attackers to bypass intended access restrictions via a modified page parameter.",
|
134
|
+
"severity":"High",
|
135
|
+
"type":"Security",
|
136
|
+
"infected_components":[
|
137
|
+
"gav://struts:struts:1.2.4"
|
138
|
+
],
|
139
|
+
"created":"2021-06-16T21:22:27Z",
|
140
|
+
"watch_name":"maven-watch-2",
|
141
|
+
"issue_id":"XRAY-55648",
|
142
|
+
"violation_details_url":"http://localhost:8046/xray/api/v1/violations?watch_id=2a3ee020bf1a86b84d122c0c&issue_id=XRAY-55648&comp_id=gav:%2F%2Fstruts:struts:1.2.4",
|
143
|
+
"impacted_artifacts":[
|
144
|
+
"default/maven-repo-2/struts/struts/1.2.4/struts-1.2.4.jar"
|
145
|
+
]
|
146
|
+
},
|
147
|
+
{
|
148
|
+
"description":"ActionForm in Apache Software Foundation (ASF) Struts before 1.2.9 with BeanUtils 1.7 allows remote attackers to cause a denial of service via a multipart/form-data encoded form with a parameter name that references the public getMultipartRequestHandler method, which provides further access to elements in the CommonsMultipartRequestHandler implementation and BeanUtils.",
|
149
|
+
"severity":"High",
|
150
|
+
"type":"Security",
|
151
|
+
"infected_components":[
|
152
|
+
"gav://struts:struts:1.2.4"
|
153
|
+
],
|
154
|
+
"created":"2021-06-16T21:22:27Z",
|
155
|
+
"watch_name":"maven-watch-2",
|
156
|
+
"issue_id":"XRAY-55419",
|
157
|
+
"violation_details_url":"http://localhost:8046/xray/api/v1/violations?watch_id=2a3ee020bf1a86b84d122c0c&issue_id=XRAY-55419&comp_id=gav:%2F%2Fstruts:struts:1.2.4",
|
158
|
+
"impacted_artifacts":[
|
159
|
+
"default/maven-repo-2/struts/struts/1.2.4/struts-1.2.4.jar"
|
160
|
+
]
|
161
|
+
},
|
162
|
+
{
|
163
|
+
"description":"Cross-site scripting (XSS) vulnerability in (1) LookupDispatchAction and possibly (2) DispatchAction and (3) ActionDispatcher in Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to inject arbitrary web script or HTML via the parameter name, which is not filtered in the resulting error message.",
|
164
|
+
"severity":"Medium",
|
165
|
+
"type":"Security",
|
166
|
+
"infected_components":[
|
167
|
+
"gav://struts:struts:1.2.4"
|
168
|
+
],
|
169
|
+
"created":"2021-06-16T21:22:27Z",
|
170
|
+
"watch_name":"maven-watch-2",
|
171
|
+
"issue_id":"XRAY-55420",
|
172
|
+
"violation_details_url":"http://localhost:8046/xray/api/v1/violations?watch_id=2a3ee020bf1a86b84d122c0c&issue_id=XRAY-55420&comp_id=gav:%2F%2Fstruts:struts:1.2.4",
|
173
|
+
"impacted_artifacts":[
|
174
|
+
"default/maven-repo-2/struts/struts/1.2.4/struts-1.2.4.jar"
|
175
|
+
]
|
176
|
+
},
|
177
|
+
{
|
178
|
+
"description":"The Apache Software License, Version 2.0",
|
179
|
+
"severity":"High",
|
180
|
+
"type":"License",
|
181
|
+
"infected_components":[
|
182
|
+
"gav://struts:struts:1.2.4"
|
183
|
+
],
|
184
|
+
"created":"2021-06-16T21:22:27Z",
|
185
|
+
"watch_name":"license-watch",
|
186
|
+
"issue_id":"Apache-2.0",
|
187
|
+
"violation_details_url":"http://localhost:8046/xray/api/v1/violations?watch_id=b241c1986818d68993093e35&issue_id=Apache-2.0&comp_id=gav:%2F%2Fstruts:struts:1.2.4",
|
188
|
+
"impacted_artifacts":[
|
189
|
+
"default/maven-repo-2/struts/struts/1.2.4/struts-1.2.4.jar"
|
190
|
+
]
|
191
|
+
},
|
192
|
+
{
|
193
|
+
"description":"Cross-site scripting (XSS) vulnerability in Apache Struts before 1.2.9-162.31.1 on SUSE Linux Enterprise (SLE) 11, before 1.2.9-108.2 on SUSE openSUSE 10.3, before 1.2.9-198.2 on SUSE openSUSE 11.0, and before 1.2.9-162.163.2 on SUSE openSUSE 11.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to \"insufficient quoting of parameters.\"",
|
194
|
+
"severity":"Medium",
|
195
|
+
"type":"Security",
|
196
|
+
"infected_components":[
|
197
|
+
"gav://struts:struts:1.2.4"
|
198
|
+
],
|
199
|
+
"created":"2021-06-16T21:22:27Z",
|
200
|
+
"watch_name":"maven-watch-2",
|
201
|
+
"issue_id":"XRAY-55444",
|
202
|
+
"violation_details_url":"http://localhost:8046/xray/api/v1/violations?watch_id=2a3ee020bf1a86b84d122c0c&issue_id=XRAY-55444&comp_id=gav:%2F%2Fstruts:struts:1.2.4",
|
203
|
+
"impacted_artifacts":[
|
204
|
+
"default/maven-repo-2/struts/struts/1.2.4/struts-1.2.4.jar"
|
205
|
+
]
|
206
|
+
},
|
207
|
+
{
|
208
|
+
"description":"Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to bypass validation via a request with a org.apache.struts.taglib.html.Constants.CANCEL parameter, which causes the action to be canceled but would not be detected from applications that do not use the isCancelled check.",
|
209
|
+
"severity":"High",
|
210
|
+
"type":"Security",
|
211
|
+
"infected_components":[
|
212
|
+
"gav://struts:struts:1.2.4"
|
213
|
+
],
|
214
|
+
"created":"2021-06-16T21:22:27Z",
|
215
|
+
"watch_name":"maven-watch-2",
|
216
|
+
"issue_id":"XRAY-55418",
|
217
|
+
"violation_details_url":"http://localhost:8046/xray/api/v1/violations?watch_id=2a3ee020bf1a86b84d122c0c&issue_id=XRAY-55418&comp_id=gav:%2F%2Fstruts:struts:1.2.4",
|
218
|
+
"impacted_artifacts":[
|
219
|
+
"default/maven-repo-2/struts/struts/1.2.4/struts-1.2.4.jar"
|
220
|
+
]
|
221
|
+
},
|
222
|
+
{
|
223
|
+
"description":"Unicode Terms of Use",
|
224
|
+
"severity":"High",
|
225
|
+
"type":"License",
|
226
|
+
"infected_components":[
|
227
|
+
"gav://org.apache.struts:struts2-core:2.0.9"
|
228
|
+
],
|
229
|
+
"created":"2021-06-16T21:22:37Z",
|
230
|
+
"watch_name":"license-watch",
|
231
|
+
"issue_id":"Unicode-TOU",
|
232
|
+
"violation_details_url":"http://localhost:8046/xray/api/v1/violations?watch_id=b241c1986818d68993093e35&issue_id=Unicode-TOU&comp_id=gav:%2F%2Forg.apache.struts:struts2-core:2.0.9",
|
233
|
+
"impacted_artifacts":[
|
234
|
+
"default/maven-repo-3/org/apache/struts/struts2-core/2.0.9/struts2-core-2.0.9.jar"
|
235
|
+
]
|
236
|
+
},
|
237
|
+
{
|
238
|
+
"description":"BSD 3-Clause \"New\" or \"Revised\" License",
|
239
|
+
"severity":"High",
|
240
|
+
"type":"License",
|
241
|
+
"infected_components":[
|
242
|
+
"gav://org.apache.struts:struts2-core:2.0.9"
|
243
|
+
],
|
244
|
+
"created":"2021-06-16T21:22:37Z",
|
245
|
+
"watch_name":"license-watch",
|
246
|
+
"issue_id":"BSD-3-Clause",
|
247
|
+
"violation_details_url":"http://localhost:8046/xray/api/v1/violations?watch_id=b241c1986818d68993093e35&issue_id=BSD-3-Clause&comp_id=gav:%2F%2Forg.apache.struts:struts2-core:2.0.9",
|
248
|
+
"impacted_artifacts":[
|
249
|
+
"default/maven-repo-3/org/apache/struts/struts2-core/2.0.9/struts2-core-2.0.9.jar"
|
250
|
+
]
|
251
|
+
},
|
252
|
+
{
|
253
|
+
"description":"The Apache Software License, Version 2.0",
|
254
|
+
"severity":"High",
|
255
|
+
"type":"License",
|
256
|
+
"infected_components":[
|
257
|
+
"gav://org.apache.struts:struts2-core:2.0.9"
|
258
|
+
],
|
259
|
+
"created":"2021-06-16T21:22:37Z",
|
260
|
+
"watch_name":"license-watch",
|
261
|
+
"issue_id":"Apache-2.0",
|
262
|
+
"violation_details_url":"http://localhost:8046/xray/api/v1/violations?watch_id=b241c1986818d68993093e35&issue_id=Apache-2.0&comp_id=gav:%2F%2Forg.apache.struts:struts2-core:2.0.9",
|
263
|
+
"impacted_artifacts":[
|
264
|
+
"default/maven-repo-3/org/apache/struts/struts2-core/2.0.9/struts2-core-2.0.9.jar"
|
265
|
+
]
|
266
|
+
},
|
267
|
+
{
|
268
|
+
"description":"The OGNL extensive expression evaluation capability in XWork in Struts 2.0.0 through 2.1.8.1, as used in Atlassian Fisheye, Crucible, and possibly other products, uses a permissive whitelist, which allows remote attackers to modify server-side context objects and bypass the \"#\" protection mechanism in ParameterInterceptors via the (1) #context, (2) #_memberAccess, (3) #root, (4) #this, (5) #_typeResolver, (6) #_classResolver, (7) #_traceEvaluations, (8) #_lastEvaluation, (9) #_keepLastEvaluation, and possibly other OGNL context variables, a different vulnerability than CVE-2008-6504.",
|
269
|
+
"severity":"Medium",
|
270
|
+
"type":"Security",
|
271
|
+
"infected_components":[
|
272
|
+
"gav://org.apache.struts:struts2-core:2.0.9"
|
273
|
+
],
|
274
|
+
"created":"2021-06-16T21:22:37Z",
|
275
|
+
"watch_name":"maven-watch-3",
|
276
|
+
"issue_id":"XRAY-55471",
|
277
|
+
"violation_details_url":"http://localhost:8046/xray/api/v1/violations?watch_id=2c5ecab8172f24086f4b3bf4&issue_id=XRAY-55471&comp_id=gav:%2F%2Forg.apache.struts:struts2-core:2.0.9",
|
278
|
+
"impacted_artifacts":[
|
279
|
+
"default/maven-repo-3/org/apache/struts/struts2-core/2.0.9/struts2-core-2.0.9.jar"
|
280
|
+
]
|
281
|
+
},
|
282
|
+
{
|
283
|
+
"description":"Academic Free License v2.1",
|
284
|
+
"severity":"High",
|
285
|
+
"type":"License",
|
286
|
+
"infected_components":[
|
287
|
+
"gav://org.apache.struts:struts2-core:2.0.9"
|
288
|
+
],
|
289
|
+
"created":"2021-06-16T21:22:37Z",
|
290
|
+
"watch_name":"license-watch",
|
291
|
+
"issue_id":"AFL-2.1",
|
292
|
+
"violation_details_url":"http://localhost:8046/xray/api/v1/violations?watch_id=b241c1986818d68993093e35&issue_id=AFL-2.1&comp_id=gav:%2F%2Forg.apache.struts:struts2-core:2.0.9",
|
293
|
+
"impacted_artifacts":[
|
294
|
+
"default/maven-repo-3/org/apache/struts/struts2-core/2.0.9/struts2-core-2.0.9.jar"
|
295
|
+
]
|
296
|
+
},
|
297
|
+
{
|
298
|
+
"description":"ParametersInterceptor in OpenSymphony XWork 2.0.x before 2.0.6 and 2.1.x before 2.1.2, as used in Apache Struts and other products, does not properly restrict # (pound sign) references to context objects, which allows remote attackers to execute Object-Graph Navigation Language (OGNL) statements and modify server-side context objects, as demonstrated by use of a \\u0023 representation for the # character.",
|
299
|
+
"severity":"Medium",
|
300
|
+
"type":"Security",
|
301
|
+
"infected_components":[
|
302
|
+
"gav://org.apache.struts:struts2-core:2.0.9"
|
303
|
+
],
|
304
|
+
"created":"2021-06-16T21:22:38Z",
|
305
|
+
"watch_name":"maven-watch-3",
|
306
|
+
"issue_id":"XRAY-55446",
|
307
|
+
"violation_details_url":"http://localhost:8046/xray/api/v1/violations?watch_id=2c5ecab8172f24086f4b3bf4&issue_id=XRAY-55446&comp_id=gav:%2F%2Forg.apache.struts:struts2-core:2.0.9",
|
308
|
+
"impacted_artifacts":[
|
309
|
+
"default/maven-repo-3/org/apache/struts/struts2-core/2.0.9/struts2-core-2.0.9.jar"
|
310
|
+
]
|
311
|
+
},
|
312
|
+
{
|
313
|
+
"description":"Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.x before 2.0.11.1 and 2.1.x before 2.1.1 allow remote attackers to inject arbitrary web script or HTML via vectors associated with improper handling of (1) \" (double quote) characters in the href attribute of an s:a tag and (2) parameters in the action attribute of an s:url tag.",
|
314
|
+
"severity":"Medium",
|
315
|
+
"type":"Security",
|
316
|
+
"infected_components":[
|
317
|
+
"gav://org.apache.struts:struts2-core:2.0.9"
|
318
|
+
],
|
319
|
+
"created":"2021-06-16T21:22:38Z",
|
320
|
+
"watch_name":"maven-watch-3",
|
321
|
+
"issue_id":"XRAY-55448",
|
322
|
+
"violation_details_url":"http://localhost:8046/xray/api/v1/violations?watch_id=2c5ecab8172f24086f4b3bf4&issue_id=XRAY-55448&comp_id=gav:%2F%2Forg.apache.struts:struts2-core:2.0.9",
|
323
|
+
"impacted_artifacts":[
|
324
|
+
"default/maven-repo-3/org/apache/struts/struts2-core/2.0.9/struts2-core-2.0.9.jar"
|
325
|
+
]
|
326
|
+
},
|
327
|
+
{
|
328
|
+
"description":"Forced OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution. Affected software : Apache Struts 2.0.0 - Struts 2.5.25.",
|
329
|
+
"severity":"Critical",
|
330
|
+
"type":"Security",
|
331
|
+
"infected_components":[
|
332
|
+
"gav://org.apache.struts:struts2-core:2.0.9"
|
333
|
+
],
|
334
|
+
"created":"2021-06-16T21:22:38Z",
|
335
|
+
"watch_name":"maven-watch-3",
|
336
|
+
"issue_id":"XRAY-129844",
|
337
|
+
"violation_details_url":"http://localhost:8046/xray/api/v1/violations?watch_id=2c5ecab8172f24086f4b3bf4&issue_id=XRAY-129844&comp_id=gav:%2F%2Forg.apache.struts:struts2-core:2.0.9",
|
338
|
+
"impacted_artifacts":[
|
339
|
+
"default/maven-repo-3/org/apache/struts/struts2-core/2.0.9/struts2-core-2.0.9.jar"
|
340
|
+
]
|
341
|
+
},
|
342
|
+
{
|
343
|
+
"description":"The ExceptionDelegator component in Apache Struts before 2.2.3.1 interprets parameter values as OGNL expressions during certain exception handling for mismatched data types of properties, which allows remote attackers to execute arbitrary Java code via a crafted parameter.",
|
344
|
+
"severity":"High",
|
345
|
+
"type":"Security",
|
346
|
+
"infected_components":[
|
347
|
+
"gav://org.apache.struts:struts2-core:2.0.9"
|
348
|
+
],
|
349
|
+
"created":"2021-06-16T21:22:38Z",
|
350
|
+
"watch_name":"maven-watch-3",
|
351
|
+
"issue_id":"XRAY-55522",
|
352
|
+
"violation_details_url":"http://localhost:8046/xray/api/v1/violations?watch_id=2c5ecab8172f24086f4b3bf4&issue_id=XRAY-55522&comp_id=gav:%2F%2Forg.apache.struts:struts2-core:2.0.9",
|
353
|
+
"impacted_artifacts":[
|
354
|
+
"default/maven-repo-3/org/apache/struts/struts2-core/2.0.9/struts2-core-2.0.9.jar"
|
355
|
+
]
|
356
|
+
},
|
357
|
+
{
|
358
|
+
"description":"Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted value that contains both \"${}\" and \"%{}\" sequences, which causes the OGNL code to be evaluated twice.",
|
359
|
+
"severity":"High",
|
360
|
+
"type":"Security",
|
361
|
+
"infected_components":[
|
362
|
+
"gav://org.apache.struts:struts2-core:2.0.9"
|
363
|
+
],
|
364
|
+
"created":"2021-06-16T21:22:38Z",
|
365
|
+
"watch_name":"maven-watch-3",
|
366
|
+
"issue_id":"XRAY-55575",
|
367
|
+
"violation_details_url":"http://localhost:8046/xray/api/v1/violations?watch_id=2c5ecab8172f24086f4b3bf4&issue_id=XRAY-55575&comp_id=gav:%2F%2Forg.apache.struts:struts2-core:2.0.9",
|
368
|
+
"impacted_artifacts":[
|
369
|
+
"default/maven-repo-3/org/apache/struts/struts2-core/2.0.9/struts2-core-2.0.9.jar"
|
370
|
+
]
|
371
|
+
},
|
372
|
+
{
|
373
|
+
"description":"Apache Struts JSP Page Handling Unspecified XSS",
|
374
|
+
"severity":"Medium",
|
375
|
+
"type":"Security",
|
376
|
+
"infected_components":[
|
377
|
+
"gav://org.apache.struts:struts2-core:2.0.9"
|
378
|
+
],
|
379
|
+
"created":"2021-06-16T21:22:38Z",
|
380
|
+
"watch_name":"maven-watch-3",
|
381
|
+
"issue_id":"XRAY-81164",
|
382
|
+
"violation_details_url":"http://localhost:8046/xray/api/v1/violations?watch_id=2c5ecab8172f24086f4b3bf4&issue_id=XRAY-81164&comp_id=gav:%2F%2Forg.apache.struts:struts2-core:2.0.9",
|
383
|
+
"impacted_artifacts":[
|
384
|
+
"default/maven-repo-3/org/apache/struts/struts2-core/2.0.9/struts2-core-2.0.9.jar"
|
385
|
+
]
|
386
|
+
},
|
387
|
+
{
|
388
|
+
"description":"Apache Struts <s:textfield> Tag <s:include> Handling XSS",
|
389
|
+
"severity":"Medium",
|
390
|
+
"type":"Security",
|
391
|
+
"infected_components":[
|
392
|
+
"gav://org.apache.struts:struts2-core:2.0.9"
|
393
|
+
],
|
394
|
+
"created":"2021-06-16T21:22:38Z",
|
395
|
+
"watch_name":"maven-watch-3",
|
396
|
+
"issue_id":"XRAY-81187",
|
397
|
+
"violation_details_url":"http://localhost:8046/xray/api/v1/violations?watch_id=2c5ecab8172f24086f4b3bf4&issue_id=XRAY-81187&comp_id=gav:%2F%2Forg.apache.struts:struts2-core:2.0.9",
|
398
|
+
"impacted_artifacts":[
|
399
|
+
"default/maven-repo-3/org/apache/struts/struts2-core/2.0.9/struts2-core-2.0.9.jar"
|
400
|
+
]
|
401
|
+
},
|
402
|
+
{
|
403
|
+
"description":"Apache Struts EL / OGNL Interpretation Unspecified Remote Code Execution",
|
404
|
+
"severity":"High",
|
405
|
+
"type":"Security",
|
406
|
+
"infected_components":[
|
407
|
+
"gav://org.apache.struts:struts2-core:2.0.9"
|
408
|
+
],
|
409
|
+
"created":"2021-06-16T21:22:38Z",
|
410
|
+
"watch_name":"maven-watch-3",
|
411
|
+
"issue_id":"XRAY-87424",
|
412
|
+
"violation_details_url":"http://localhost:8046/xray/api/v1/violations?watch_id=2c5ecab8172f24086f4b3bf4&issue_id=XRAY-87424&comp_id=gav:%2F%2Forg.apache.struts:struts2-core:2.0.9",
|
413
|
+
"impacted_artifacts":[
|
414
|
+
"default/maven-repo-3/org/apache/struts/struts2-core/2.0.9/struts2-core-2.0.9.jar"
|
415
|
+
]
|
416
|
+
}
|
417
|
+
]
|
418
|
+
}'
|
419
|
+
resp_obj = JSON.parse(response)
|
420
|
+
return resp_obj
|
421
|
+
end
|
data/lib/fluent/plugin/xray.rb
CHANGED
@@ -21,6 +21,7 @@ class Xray
|
|
21
21
|
page_number = 1
|
22
22
|
timer_task = Concurrent::TimerTask.new(execution_interval: @wait_interval, timeout_interval: 30) do
|
23
23
|
xray_json = {"filters": { "created_from": date_since }, "pagination": {"order_by": "created","limit": @batch_size ,"offset": page_number } }
|
24
|
+
puts "Fetching Xray Violations with #{xray_json} parameters"
|
24
25
|
resp = get_violations(xray_json)
|
25
26
|
page_violation_count = resp['violations'].length
|
26
27
|
puts "Total violations count is #{resp['total_violations']}"
|
@@ -38,22 +39,23 @@ class Xray
|
|
38
39
|
def violation_details(violations_channel)
|
39
40
|
violations_channel.each do |v|
|
40
41
|
Concurrent::Promises.future(v) do |v|
|
41
|
-
|
42
|
+
process_violation_details(v['violation_details_url'])
|
42
43
|
pos_file = PositionFile.new(@pos_file_path)
|
44
|
+
puts "Adding issue #{v['issue_id']} to position file at #{@pos_file_path}"
|
43
45
|
pos_file.write(v)
|
44
46
|
end
|
45
47
|
end
|
46
48
|
end
|
47
49
|
|
48
|
-
def
|
50
|
+
def process_violation_details(xray_violation_detail_url)
|
49
51
|
begin
|
50
52
|
detailResp_json = data_normalization(get_violations_detail(xray_violation_detail_url))
|
51
53
|
time = Fluent::Engine.now
|
52
|
-
puts detailResp_json
|
54
|
+
puts "Emitting normalized Xray Violation #{detailResp_json['issue_id']}"
|
53
55
|
@router.emit(@tag, time, detailResp_json)
|
54
56
|
rescue => e
|
55
|
-
puts "error: #{e}"
|
56
|
-
raise Fluent::ConfigError, "
|
57
|
+
puts "Process Violation details error: #{e}"
|
58
|
+
raise Fluent::ConfigError, "Process Violation details error: #{e}"
|
57
59
|
end
|
58
60
|
end
|
59
61
|
|
@@ -78,8 +80,8 @@ class Xray
|
|
78
80
|
when 200
|
79
81
|
return JSON.parse(response.to_s)
|
80
82
|
else
|
81
|
-
puts "error: #{response.to_json}"
|
82
|
-
raise Fluent::ConfigError, "
|
83
|
+
puts "Validation failed error (cannot reach Artifactory to pull Xray Violation details): #{response.to_json}"
|
84
|
+
raise Fluent::ConfigError, "Validation failed error (cannot reach Artifactory to pull Xray Violation details): #{response.to_json}"
|
83
85
|
end
|
84
86
|
end
|
85
87
|
end
|
@@ -135,8 +137,12 @@ class Xray
|
|
135
137
|
|
136
138
|
detailResp_json['impacted_artifacts'].each do |impacted_artifact|
|
137
139
|
matchdata = impacted_artifact.match /default\/(?<repo_name>[^\/]*)\/(?<path>.*)/
|
138
|
-
|
139
|
-
|
140
|
+
if matchdata
|
141
|
+
impacted_artifact_url = matchdata['repo_name'] + ":" + matchdata['path'] + " "
|
142
|
+
impacted_artifact_url_list.append(impacted_artifact_url)
|
143
|
+
else
|
144
|
+
impacted_artifact_url_list.append(impacted_artifact)
|
145
|
+
end
|
140
146
|
end
|
141
147
|
detailResp_json['impacted_artifacts_url'] = impacted_artifact_url_list
|
142
148
|
return detailResp_json
|
@@ -144,13 +150,19 @@ class Xray
|
|
144
150
|
|
145
151
|
def process(violation, violations_channel)
|
146
152
|
pos_file = PositionFile.new(@pos_file_path)
|
147
|
-
|
153
|
+
unless pos_file.processed?(violation)
|
154
|
+
violations_channel << violation
|
155
|
+
else
|
156
|
+
puts "Violation #{violation['issue_id']} is already processed"
|
157
|
+
end
|
158
|
+
#violations_channel << violation unless pos_file.processed?(violation)
|
148
159
|
violations_channel
|
149
160
|
end
|
150
161
|
|
151
162
|
private
|
152
163
|
def get_violations(xray_json)
|
153
164
|
if !@token.nil? && @token != ''
|
165
|
+
puts "Validating JPD access token and fetching violations"
|
154
166
|
response = RestClient::Request.new(
|
155
167
|
:method => :post,
|
156
168
|
:url => @jpd_url + "/xray/api/v1/violations",
|
@@ -158,6 +170,7 @@ class Xray
|
|
158
170
|
:headers => { :accept => :json, :content_type => :json, Authorization:'Bearer ' + @token }
|
159
171
|
)
|
160
172
|
elsif !@api_key.nil? && @api_key != ''
|
173
|
+
puts "Validating JPD API Key and fetching violations"
|
161
174
|
response = RestClient::Request.new(
|
162
175
|
:method => :post,
|
163
176
|
:url => @jpd_url + "/xray/api/v1/violations",
|
@@ -172,8 +185,8 @@ class Xray
|
|
172
185
|
when 200
|
173
186
|
return JSON.parse(response.to_str)
|
174
187
|
else
|
175
|
-
puts "error: #{response.to_json}"
|
176
|
-
raise Fluent::ConfigError, "
|
188
|
+
puts "Validation failed error (cannot reach Artifactory to pull Xray Violations): #{response.to_json}"
|
189
|
+
raise Fluent::ConfigError, "Validation failed error (cannot reach Artifactory to pull Xray Violations): #{response.to_json}"
|
177
190
|
end
|
178
191
|
end
|
179
192
|
end
|
metadata
CHANGED
@@ -1,16 +1,16 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: fluent-plugin-jfrog-siem
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 2.0.
|
4
|
+
version: 2.0.7
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Mahitha Byreddy
|
8
8
|
- Sudhindra Rao
|
9
9
|
- Giridharan Ramasamy
|
10
|
-
autorequire:
|
10
|
+
autorequire:
|
11
11
|
bindir: bin
|
12
12
|
cert_chain: []
|
13
|
-
date:
|
13
|
+
date: 2023-10-23 00:00:00.000000000 Z
|
14
14
|
dependencies:
|
15
15
|
- !ruby/object:Gem::Dependency
|
16
16
|
name: bundler
|
@@ -137,6 +137,9 @@ dependencies:
|
|
137
137
|
- - "~>"
|
138
138
|
- !ruby/object:Gem::Version
|
139
139
|
version: 1.1.8
|
140
|
+
- - "<"
|
141
|
+
- !ruby/object:Gem::Version
|
142
|
+
version: 1.1.10
|
140
143
|
type: :runtime
|
141
144
|
prerelease: false
|
142
145
|
version_requirements: !ruby/object:Gem::Requirement
|
@@ -144,6 +147,9 @@ dependencies:
|
|
144
147
|
- - "~>"
|
145
148
|
- !ruby/object:Gem::Version
|
146
149
|
version: 1.1.8
|
150
|
+
- - "<"
|
151
|
+
- !ruby/object:Gem::Version
|
152
|
+
version: 1.1.10
|
147
153
|
- !ruby/object:Gem::Dependency
|
148
154
|
name: concurrent-ruby-edge
|
149
155
|
requirement: !ruby/object:Gem::Requirement
|
@@ -197,6 +203,7 @@ files:
|
|
197
203
|
- fluent-plugin-jfrog-siem.gemspec
|
198
204
|
- lib/fluent/plugin/in_jfrog_siem.rb
|
199
205
|
- lib/fluent/plugin/position_file.rb
|
206
|
+
- lib/fluent/plugin/test_violations.rb
|
200
207
|
- lib/fluent/plugin/violations.json
|
201
208
|
- lib/fluent/plugin/xray.rb
|
202
209
|
- spec/position_file_spec.rb
|
@@ -208,7 +215,7 @@ homepage: https://github.com/jfrog/fluent-plugin-jfrog-siem
|
|
208
215
|
licenses:
|
209
216
|
- Apache-2.0
|
210
217
|
metadata: {}
|
211
|
-
post_install_message:
|
218
|
+
post_install_message:
|
212
219
|
rdoc_options: []
|
213
220
|
require_paths:
|
214
221
|
- lib
|
@@ -223,8 +230,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
223
230
|
- !ruby/object:Gem::Version
|
224
231
|
version: '0'
|
225
232
|
requirements: []
|
226
|
-
rubygems_version: 3.
|
227
|
-
signing_key:
|
233
|
+
rubygems_version: 3.1.6
|
234
|
+
signing_key:
|
228
235
|
specification_version: 4
|
229
236
|
summary: JFrog SIEM fluent input plugin will send the SIEM events from JFrog Xray
|
230
237
|
to Fluentd
|