fluent-plugin-jfrog-siem 2.0.6 → 2.0.8

Sign up to get free protection for your applications and to get access to all the features.
Files changed (8) hide show
  1. checksums.yaml +4 -4
  2. data/Gemfile.lock +28 -18
  3. data/fluent-plugin-jfrog-siem.gemspec +3 -5
  4. data/lib/fluent/plugin/test_violations.rb +421 -0
  5. data/lib/fluent/plugin/xray.rb +199 -195
  6. data/pkg/fluent-plugin-jfrog-siem-2.0.8.gem +0 -0
  7. data/test/plugin/test_in_jfrog_siem.rb +41 -41
  8. metadata +10 -51
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: fa44f9a815aa280de6977f666e2da6ea8be2bae24cc8c7365430cbfd6bc3496b
4
- data.tar.gz: ad2eec36ca931720158e21e9abcf7d99e4c32618365ef300ca465df59339e307
3
+ metadata.gz: d54b989518483df9f5df0a16bf1911fd57a0c2768e3bb7eeadfe566f023a0a54
4
+ data.tar.gz: fb9ebc429c302d9f3ae1b1003e32277f8fe6d49c490b316da5300f2b91346265
5
5
  SHA512:
6
- metadata.gz: f7cca01dc886183ad29fb99151f0c25f56900cce252f4c17eb88c5a4ec2e9c4dc9571049540b2dc5e1d36b5db612f4ee347d063e6c26a3d2506586a35b04ebf0
7
- data.tar.gz: 7691c4e9dd2bdb3c6df6e562bd497842de79b086c46f28af0924b19c021350effa2b382e3cb8ab948af1a30ea6a52e470ba4467e4e9adcea38157fde9cb65dde
6
+ metadata.gz: d7be078791c0d2a802b7cbda86e3af7489147b70b1f36ae757b400b3c014fcfb61de2e1539b448010c3e95c71ae643c2c74184416a2a0f94f6be6ab29d370a6f
7
+ data.tar.gz: ee1a8bb8716fdd04bb96e11aa4b0f85965835e080a5d9f5524b694584f72c0635e3e1069f71250d868207e9cf54aefe820ed8bf3085994c434f6b066eadc8268
data/Gemfile.lock CHANGED
@@ -1,41 +1,49 @@
1
1
  PATH
2
2
  remote: .
3
3
  specs:
4
- fluent-plugin-jfrog-siem (1.0.0)
5
- concurrent-ruby (~> 1.1.8)
4
+ fluent-plugin-jfrog-siem (2.0.8)
6
5
  concurrent-ruby-edge
7
6
  fluentd (>= 0.14.10, < 2)
7
+ rest-client (~> 2.0)
8
8
 
9
9
  GEM
10
10
  remote: https://rubygems.org/
11
11
  specs:
12
+ base64 (0.2.0)
12
13
  concurrent-ruby (1.1.8)
13
14
  concurrent-ruby-edge (0.6.0)
14
15
  concurrent-ruby (~> 1.1.6)
15
- cool.io (1.7.1)
16
+ cool.io (1.9.0)
17
+ csv (3.3.0)
16
18
  diff-lcs (1.4.4)
17
19
  domain_name (0.5.20190701)
18
20
  unf (>= 0.0.5, < 1.0.0)
19
- fluentd (1.13.1)
21
+ drb (2.2.1)
22
+ fluentd (1.17.1)
23
+ base64 (~> 0.2)
20
24
  bundler
21
25
  cool.io (>= 1.4.5, < 2.0.0)
22
- http_parser.rb (>= 0.5.1, < 0.7.0)
26
+ csv (~> 3.2)
27
+ drb (~> 2.2)
28
+ http_parser.rb (>= 0.5.1, < 0.9.0)
29
+ logger (~> 1.6)
23
30
  msgpack (>= 1.3.1, < 2.0.0)
24
- serverengine (>= 2.2.2, < 3.0.0)
25
- sigdump (~> 0.2.2)
26
- strptime (>= 0.2.2, < 1.0.0)
31
+ serverengine (>= 2.3.2, < 3.0.0)
32
+ sigdump (~> 0.2.5)
33
+ strptime (>= 0.2.4, < 1.0.0)
27
34
  tzinfo (>= 1.0, < 3.0)
28
35
  tzinfo-data (~> 1.0)
29
- webrick (>= 1.4.2, < 1.8.0)
36
+ webrick (~> 1.4)
30
37
  yajl-ruby (~> 1.0)
31
38
  http-accept (1.7.0)
32
39
  http-cookie (1.0.3)
33
40
  domain_name (~> 0.5)
34
- http_parser.rb (0.6.0)
41
+ http_parser.rb (0.8.0)
42
+ logger (1.6.1)
35
43
  mime-types (3.3.1)
36
44
  mime-types-data (~> 3.2015)
37
45
  mime-types-data (3.2021.0225)
38
- msgpack (1.4.2)
46
+ msgpack (1.7.3)
39
47
  netrc (0.11.0)
40
48
  power_assert (2.0.0)
41
49
  rake (12.3.3)
@@ -57,28 +65,30 @@ GEM
57
65
  diff-lcs (>= 1.2.0, < 2.0)
58
66
  rspec-support (~> 3.10.0)
59
67
  rspec-support (3.10.2)
60
- serverengine (2.2.4)
68
+ serverengine (2.4.0)
69
+ base64 (~> 0.1)
70
+ logger (~> 1.4)
61
71
  sigdump (~> 0.2.2)
62
- sigdump (0.2.4)
72
+ sigdump (0.2.5)
63
73
  strptime (0.2.5)
64
74
  test-unit (3.4.2)
65
75
  power_assert
66
- tzinfo (2.0.4)
76
+ tzinfo (2.0.6)
67
77
  concurrent-ruby (~> 1.0)
68
- tzinfo-data (1.2021.1)
78
+ tzinfo-data (1.2024.2)
69
79
  tzinfo (>= 1.0.0)
70
80
  unf (0.1.4)
71
81
  unf_ext
72
82
  unf_ext (0.0.7.7)
73
- webrick (1.7.0)
74
- yajl-ruby (1.4.1)
83
+ webrick (1.9.0)
84
+ yajl-ruby (1.4.3)
75
85
 
76
86
  PLATFORMS
87
+ arm64-darwin-23
77
88
  x86_64-darwin-20
78
89
 
79
90
  DEPENDENCIES
80
91
  bundler (~> 2.0)
81
- concurrent-ruby (~> 1.1.8)
82
92
  concurrent-ruby-edge
83
93
  fluent-plugin-jfrog-siem!
84
94
  rake (~> 12.0)
data/fluent-plugin-jfrog-siem.gemspec CHANGED
@@ -3,9 +3,9 @@ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
3
3
 
4
4
  Gem::Specification.new do |spec|
5
5
  spec.name = "fluent-plugin-jfrog-siem"
6
- spec.version = "2.0.6"
7
- spec.authors = ["Mahitha Byreddy", "Sudhindra Rao","Giridharan Ramasamy"]
8
- spec.email = ["mahithab@jfrog.com", "sudhindrar@jfrog.com", "girir@jfrog.com"]
6
+ spec.version = "2.0.8"
7
+ spec.authors = ["Mahitha Byreddy", "Ben Harosh"]
8
+ spec.email = ["partner-support@jfrog.com"]
9
9
 
10
10
  spec.summary = %q{JFrog SIEM fluent input plugin will send the SIEM events from JFrog Xray to Fluentd}
11
11
  spec.description = %q{JFrog SIEM fluent input plugin will send the SIEM events from JFrog Xray to Fluentd which can then be delivered to whatever output plugin specified}
@@ -24,12 +24,10 @@ Gem::Specification.new do |spec|
24
24
  spec.add_development_dependency "rake", "~> 12.0"
25
25
  spec.add_development_dependency "test-unit", "~> 3.0"
26
26
  spec.add_development_dependency "rest-client", "~> 2.0"
27
- spec.add_development_dependency "concurrent-ruby", "~> 1.1.8" , "< 1.1.10"
28
27
  spec.add_development_dependency "concurrent-ruby-edge", '>= 0'
29
28
  spec.add_development_dependency 'rspec', '~> 3.10.0'
30
29
 
31
30
  spec.add_runtime_dependency "rest-client", "~> 2.0"
32
- spec.add_runtime_dependency "concurrent-ruby", "~> 1.1.8" , "< 1.1.10"
33
31
  spec.add_runtime_dependency "concurrent-ruby-edge", '>= 0'
34
32
  spec.add_runtime_dependency "fluentd", [">= 0.14.10", "< 2"]
35
33
  end
data/lib/fluent/plugin/test_violations.rb ADDED
@@ -0,0 +1,421 @@
1
+
2
+ def get_violations_details_test()
3
+ response = '{
4
+ "violation_id": "1710136527020015616",
5
+ "description": "Root access could be granted to a stranger",
6
+ "summary": "Custom issue 1",
7
+ "severity": "High",
8
+ "type": "Security",
9
+ "provider": "MB",
10
+ "infected_components": [
11
+ "generic://sha256:242fe18ca64a362e4088096447c8f815fb2aa2c569c5f342de1c82318eb4973a/artifact_1.zip"
12
+ ],
13
+ "created": "2023-10-06T03:34:55Z",
14
+ "watch_name": "test_all-repositories_7005086_security",
15
+ "matched_policies": [
16
+ {
17
+ "policy": "test_security_policy_7005086",
18
+ "rule": "securityRule",
19
+ "is_blocking": false
20
+ }
21
+ ],
22
+ "issue_id": "XRAYS1-artifact_1.zip7005086",
23
+ "properties": [
24
+ {
25
+ "cve": "CVE-2018-2000568",
26
+ "cvss_v2": "5.0/CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:P/A:N"
27
+ }
28
+ ],
29
+ "impacted_artifacts": [
30
+ "mw-maven-repository-manager/inhouse_snapshot/com/mathworks/team/recruiting/recruiting/2.41.3-SNAPSHOT/recruiting-2.41.3-20230920.193355-4.war"
31
+ ],
32
+ "applicability": null
33
+ }'
34
+ resp_obj = JSON.parse(response)
35
+ return resp_obj
36
+ end
37
+
38
+ def get_violations_test()
39
+ response = '{
40
+ "total_violations":54,
41
+ "violations":[
42
+ {
43
+ "description":"Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to bypass validation via a request with a org.apache.struts.taglib.html.Constants.CANCEL parameter, which causes the action to be canceled but would not be detected from applications that do not use the isCancelled check.",
44
+ "severity":"High",
45
+ "type":"Security",
46
+ "infected_components":[
47
+ "gav://struts:struts:1.1"
48
+ ],
49
+ "created":"2021-06-16T21:22:18Z",
50
+ "watch_name":"maven-watch1",
51
+ "issue_id":"XRAY-55418",
52
+ "violation_details_url":"http://localhost:8046/xray/api/v1/violations?watch_id=ff9cf61f42a095cd97ea0ec0&issue_id=XRAY-55418&comp_id=gav:%2F%2Fstruts:struts:1.1",
53
+ "impacted_artifacts":[
54
+ "mw-maven-repository-manager/inhouse_snapshot/com/mathworks/team/recruiting/recruiting/2.41.3-SNAPSHOT/recruiting-2.41.3-20230920.193355-4.war"
55
+ ]
56
+ },
57
+ {
58
+ "description":"The Apache Software License, Version 1.1",
59
+ "severity":"High",
60
+ "type":"License",
61
+ "infected_components":[
62
+ "gav://struts:struts:1.1"
63
+ ],
64
+ "created":"2021-06-16T21:22:18Z",
65
+ "watch_name":"license-watch",
66
+ "issue_id":"Apache-1.1",
67
+ "violation_details_url":"http://localhost:8046/xray/api/v1/violations?watch_id=b241c1986818d68993093e35&issue_id=Apache-1.1&comp_id=gav:%2F%2Fstruts:struts:1.1",
68
+ "impacted_artifacts":[
69
+ "default/maven-repo-1/struts/struts/1.1/struts-1.1.jar"
70
+ ]
71
+ },
72
+ {
73
+ "description":"The MultiPageValidator implementation in Apache Struts 1 1.1 through 1.3.10 allows remote attackers to bypass intended access restrictions via a modified page parameter.",
74
+ "severity":"High",
75
+ "type":"Security",
76
+ "infected_components":[
77
+ "gav://struts:struts:1.1"
78
+ ],
79
+ "created":"2021-06-16T21:22:18Z",
80
+ "watch_name":"maven-watch1",
81
+ "issue_id":"XRAY-55648",
82
+ "violation_details_url":"http://localhost:8046/xray/api/v1/violations?watch_id=ff9cf61f42a095cd97ea0ec0&issue_id=XRAY-55648&comp_id=gav:%2F%2Fstruts:struts:1.1",
83
+ "impacted_artifacts":[
84
+ "default/maven-repo-1/struts/struts/1.1/struts-1.1.jar"
85
+ ]
86
+ },
87
+ {
88
+ "description":"Cross-site scripting (XSS) vulnerability in Apache Struts before 1.2.9-162.31.1 on SUSE Linux Enterprise (SLE) 11, before 1.2.9-108.2 on SUSE openSUSE 10.3, before 1.2.9-198.2 on SUSE openSUSE 11.0, and before 1.2.9-162.163.2 on SUSE openSUSE 11.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to \"insufficient quoting of parameters.\"",
89
+ "severity":"Medium",
90
+ "type":"Security",
91
+ "infected_components":[
92
+ "gav://struts:struts:1.1"
93
+ ],
94
+ "created":"2021-06-16T21:22:18Z",
95
+ "watch_name":"maven-watch1",
96
+ "issue_id":"XRAY-55444",
97
+ "violation_details_url":"http://localhost:8046/xray/api/v1/violations?watch_id=ff9cf61f42a095cd97ea0ec0&issue_id=XRAY-55444&comp_id=gav:%2F%2Fstruts:struts:1.1",
98
+ "impacted_artifacts":[
99
+ "default/maven-repo-1/struts/struts/1.1/struts-1.1.jar"
100
+ ]
101
+ },
102
+ {
103
+ "description":"Cross-site scripting (XSS) vulnerability in (1) LookupDispatchAction and possibly (2) DispatchAction and (3) ActionDispatcher in Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to inject arbitrary web script or HTML via the parameter name, which is not filtered in the resulting error message.",
104
+ "severity":"Medium",
105
+ "type":"Security",
106
+ "infected_components":[
107
+ "gav://struts:struts:1.1"
108
+ ],
109
+ "created":"2021-06-16T21:22:18Z",
110
+ "watch_name":"maven-watch1",
111
+ "issue_id":"XRAY-55420",
112
+ "violation_details_url":"http://localhost:8046/xray/api/v1/violations?watch_id=ff9cf61f42a095cd97ea0ec0&issue_id=XRAY-55420&comp_id=gav:%2F%2Fstruts:struts:1.1",
113
+ "impacted_artifacts":[
114
+ "default/maven-repo-1/struts/struts/1.1/struts-1.1.jar"
115
+ ]
116
+ },
117
+ {
118
+ "description":"ActionForm in Apache Software Foundation (ASF) Struts before 1.2.9 with BeanUtils 1.7 allows remote attackers to cause a denial of service via a multipart/form-data encoded form with a parameter name that references the public getMultipartRequestHandler method, which provides further access to elements in the CommonsMultipartRequestHandler implementation and BeanUtils.",
119
+ "severity":"High",
120
+ "type":"Security",
121
+ "infected_components":[
122
+ "gav://struts:struts:1.1"
123
+ ],
124
+ "created":"2021-06-16T21:22:18Z",
125
+ "watch_name":"maven-watch1",
126
+ "issue_id":"XRAY-55419",
127
+ "violation_details_url":"http://localhost:8046/xray/api/v1/violations?watch_id=ff9cf61f42a095cd97ea0ec0&issue_id=XRAY-55419&comp_id=gav:%2F%2Fstruts:struts:1.1",
128
+ "impacted_artifacts":[
129
+ "default/maven-repo-1/struts/struts/1.1/struts-1.1.jar"
130
+ ]
131
+ },
132
+ {
133
+ "description":"The MultiPageValidator implementation in Apache Struts 1 1.1 through 1.3.10 allows remote attackers to bypass intended access restrictions via a modified page parameter.",
134
+ "severity":"High",
135
+ "type":"Security",
136
+ "infected_components":[
137
+ "gav://struts:struts:1.2.4"
138
+ ],
139
+ "created":"2021-06-16T21:22:27Z",
140
+ "watch_name":"maven-watch-2",
141
+ "issue_id":"XRAY-55648",
142
+ "violation_details_url":"http://localhost:8046/xray/api/v1/violations?watch_id=2a3ee020bf1a86b84d122c0c&issue_id=XRAY-55648&comp_id=gav:%2F%2Fstruts:struts:1.2.4",
143
+ "impacted_artifacts":[
144
+ "default/maven-repo-2/struts/struts/1.2.4/struts-1.2.4.jar"
145
+ ]
146
+ },
147
+ {
148
+ "description":"ActionForm in Apache Software Foundation (ASF) Struts before 1.2.9 with BeanUtils 1.7 allows remote attackers to cause a denial of service via a multipart/form-data encoded form with a parameter name that references the public getMultipartRequestHandler method, which provides further access to elements in the CommonsMultipartRequestHandler implementation and BeanUtils.",
149
+ "severity":"High",
150
+ "type":"Security",
151
+ "infected_components":[
152
+ "gav://struts:struts:1.2.4"
153
+ ],
154
+ "created":"2021-06-16T21:22:27Z",
155
+ "watch_name":"maven-watch-2",
156
+ "issue_id":"XRAY-55419",
157
+ "violation_details_url":"http://localhost:8046/xray/api/v1/violations?watch_id=2a3ee020bf1a86b84d122c0c&issue_id=XRAY-55419&comp_id=gav:%2F%2Fstruts:struts:1.2.4",
158
+ "impacted_artifacts":[
159
+ "default/maven-repo-2/struts/struts/1.2.4/struts-1.2.4.jar"
160
+ ]
161
+ },
162
+ {
163
+ "description":"Cross-site scripting (XSS) vulnerability in (1) LookupDispatchAction and possibly (2) DispatchAction and (3) ActionDispatcher in Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to inject arbitrary web script or HTML via the parameter name, which is not filtered in the resulting error message.",
164
+ "severity":"Medium",
165
+ "type":"Security",
166
+ "infected_components":[
167
+ "gav://struts:struts:1.2.4"
168
+ ],
169
+ "created":"2021-06-16T21:22:27Z",
170
+ "watch_name":"maven-watch-2",
171
+ "issue_id":"XRAY-55420",
172
+ "violation_details_url":"http://localhost:8046/xray/api/v1/violations?watch_id=2a3ee020bf1a86b84d122c0c&issue_id=XRAY-55420&comp_id=gav:%2F%2Fstruts:struts:1.2.4",
173
+ "impacted_artifacts":[
174
+ "default/maven-repo-2/struts/struts/1.2.4/struts-1.2.4.jar"
175
+ ]
176
+ },
177
+ {
178
+ "description":"The Apache Software License, Version 2.0",
179
+ "severity":"High",
180
+ "type":"License",
181
+ "infected_components":[
182
+ "gav://struts:struts:1.2.4"
183
+ ],
184
+ "created":"2021-06-16T21:22:27Z",
185
+ "watch_name":"license-watch",
186
+ "issue_id":"Apache-2.0",
187
+ "violation_details_url":"http://localhost:8046/xray/api/v1/violations?watch_id=b241c1986818d68993093e35&issue_id=Apache-2.0&comp_id=gav:%2F%2Fstruts:struts:1.2.4",
188
+ "impacted_artifacts":[
189
+ "default/maven-repo-2/struts/struts/1.2.4/struts-1.2.4.jar"
190
+ ]
191
+ },
192
+ {
193
+ "description":"Cross-site scripting (XSS) vulnerability in Apache Struts before 1.2.9-162.31.1 on SUSE Linux Enterprise (SLE) 11, before 1.2.9-108.2 on SUSE openSUSE 10.3, before 1.2.9-198.2 on SUSE openSUSE 11.0, and before 1.2.9-162.163.2 on SUSE openSUSE 11.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to \"insufficient quoting of parameters.\"",
194
+ "severity":"Medium",
195
+ "type":"Security",
196
+ "infected_components":[
197
+ "gav://struts:struts:1.2.4"
198
+ ],
199
+ "created":"2021-06-16T21:22:27Z",
200
+ "watch_name":"maven-watch-2",
201
+ "issue_id":"XRAY-55444",
202
+ "violation_details_url":"http://localhost:8046/xray/api/v1/violations?watch_id=2a3ee020bf1a86b84d122c0c&issue_id=XRAY-55444&comp_id=gav:%2F%2Fstruts:struts:1.2.4",
203
+ "impacted_artifacts":[
204
+ "default/maven-repo-2/struts/struts/1.2.4/struts-1.2.4.jar"
205
+ ]
206
+ },
207
+ {
208
+ "description":"Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to bypass validation via a request with a org.apache.struts.taglib.html.Constants.CANCEL parameter, which causes the action to be canceled but would not be detected from applications that do not use the isCancelled check.",
209
+ "severity":"High",
210
+ "type":"Security",
211
+ "infected_components":[
212
+ "gav://struts:struts:1.2.4"
213
+ ],
214
+ "created":"2021-06-16T21:22:27Z",
215
+ "watch_name":"maven-watch-2",
216
+ "issue_id":"XRAY-55418",
217
+ "violation_details_url":"http://localhost:8046/xray/api/v1/violations?watch_id=2a3ee020bf1a86b84d122c0c&issue_id=XRAY-55418&comp_id=gav:%2F%2Fstruts:struts:1.2.4",
218
+ "impacted_artifacts":[
219
+ "default/maven-repo-2/struts/struts/1.2.4/struts-1.2.4.jar"
220
+ ]
221
+ },
222
+ {
223
+ "description":"Unicode Terms of Use",
224
+ "severity":"High",
225
+ "type":"License",
226
+ "infected_components":[
227
+ "gav://org.apache.struts:struts2-core:2.0.9"
228
+ ],
229
+ "created":"2021-06-16T21:22:37Z",
230
+ "watch_name":"license-watch",
231
+ "issue_id":"Unicode-TOU",
232
+ "violation_details_url":"http://localhost:8046/xray/api/v1/violations?watch_id=b241c1986818d68993093e35&issue_id=Unicode-TOU&comp_id=gav:%2F%2Forg.apache.struts:struts2-core:2.0.9",
233
+ "impacted_artifacts":[
234
+ "default/maven-repo-3/org/apache/struts/struts2-core/2.0.9/struts2-core-2.0.9.jar"
235
+ ]
236
+ },
237
+ {
238
+ "description":"BSD 3-Clause \"New\" or \"Revised\" License",
239
+ "severity":"High",
240
+ "type":"License",
241
+ "infected_components":[
242
+ "gav://org.apache.struts:struts2-core:2.0.9"
243
+ ],
244
+ "created":"2021-06-16T21:22:37Z",
245
+ "watch_name":"license-watch",
246
+ "issue_id":"BSD-3-Clause",
247
+ "violation_details_url":"http://localhost:8046/xray/api/v1/violations?watch_id=b241c1986818d68993093e35&issue_id=BSD-3-Clause&comp_id=gav:%2F%2Forg.apache.struts:struts2-core:2.0.9",
248
+ "impacted_artifacts":[
249
+ "default/maven-repo-3/org/apache/struts/struts2-core/2.0.9/struts2-core-2.0.9.jar"
250
+ ]
251
+ },
252
+ {
253
+ "description":"The Apache Software License, Version 2.0",
254
+ "severity":"High",
255
+ "type":"License",
256
+ "infected_components":[
257
+ "gav://org.apache.struts:struts2-core:2.0.9"
258
+ ],
259
+ "created":"2021-06-16T21:22:37Z",
260
+ "watch_name":"license-watch",
261
+ "issue_id":"Apache-2.0",
262
+ "violation_details_url":"http://localhost:8046/xray/api/v1/violations?watch_id=b241c1986818d68993093e35&issue_id=Apache-2.0&comp_id=gav:%2F%2Forg.apache.struts:struts2-core:2.0.9",
263
+ "impacted_artifacts":[
264
+ "default/maven-repo-3/org/apache/struts/struts2-core/2.0.9/struts2-core-2.0.9.jar"
265
+ ]
266
+ },
267
+ {
268
+ "description":"The OGNL extensive expression evaluation capability in XWork in Struts 2.0.0 through 2.1.8.1, as used in Atlassian Fisheye, Crucible, and possibly other products, uses a permissive whitelist, which allows remote attackers to modify server-side context objects and bypass the \"#\" protection mechanism in ParameterInterceptors via the (1) #context, (2) #_memberAccess, (3) #root, (4) #this, (5) #_typeResolver, (6) #_classResolver, (7) #_traceEvaluations, (8) #_lastEvaluation, (9) #_keepLastEvaluation, and possibly other OGNL context variables, a different vulnerability than CVE-2008-6504.",
269
+ "severity":"Medium",
270
+ "type":"Security",
271
+ "infected_components":[
272
+ "gav://org.apache.struts:struts2-core:2.0.9"
273
+ ],
274
+ "created":"2021-06-16T21:22:37Z",
275
+ "watch_name":"maven-watch-3",
276
+ "issue_id":"XRAY-55471",
277
+ "violation_details_url":"http://localhost:8046/xray/api/v1/violations?watch_id=2c5ecab8172f24086f4b3bf4&issue_id=XRAY-55471&comp_id=gav:%2F%2Forg.apache.struts:struts2-core:2.0.9",
278
+ "impacted_artifacts":[
279
+ "default/maven-repo-3/org/apache/struts/struts2-core/2.0.9/struts2-core-2.0.9.jar"
280
+ ]
281
+ },
282
+ {
283
+ "description":"Academic Free License v2.1",
284
+ "severity":"High",
285
+ "type":"License",
286
+ "infected_components":[
287
+ "gav://org.apache.struts:struts2-core:2.0.9"
288
+ ],
289
+ "created":"2021-06-16T21:22:37Z",
290
+ "watch_name":"license-watch",
291
+ "issue_id":"AFL-2.1",
292
+ "violation_details_url":"http://localhost:8046/xray/api/v1/violations?watch_id=b241c1986818d68993093e35&issue_id=AFL-2.1&comp_id=gav:%2F%2Forg.apache.struts:struts2-core:2.0.9",
293
+ "impacted_artifacts":[
294
+ "default/maven-repo-3/org/apache/struts/struts2-core/2.0.9/struts2-core-2.0.9.jar"
295
+ ]
296
+ },
297
+ {
298
+ "description":"ParametersInterceptor in OpenSymphony XWork 2.0.x before 2.0.6 and 2.1.x before 2.1.2, as used in Apache Struts and other products, does not properly restrict # (pound sign) references to context objects, which allows remote attackers to execute Object-Graph Navigation Language (OGNL) statements and modify server-side context objects, as demonstrated by use of a \\u0023 representation for the # character.",
299
+ "severity":"Medium",
300
+ "type":"Security",
301
+ "infected_components":[
302
+ "gav://org.apache.struts:struts2-core:2.0.9"
303
+ ],
304
+ "created":"2021-06-16T21:22:38Z",
305
+ "watch_name":"maven-watch-3",
306
+ "issue_id":"XRAY-55446",
307
+ "violation_details_url":"http://localhost:8046/xray/api/v1/violations?watch_id=2c5ecab8172f24086f4b3bf4&issue_id=XRAY-55446&comp_id=gav:%2F%2Forg.apache.struts:struts2-core:2.0.9",
308
+ "impacted_artifacts":[
309
+ "default/maven-repo-3/org/apache/struts/struts2-core/2.0.9/struts2-core-2.0.9.jar"
310
+ ]
311
+ },
312
+ {
313
+ "description":"Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.x before 2.0.11.1 and 2.1.x before 2.1.1 allow remote attackers to inject arbitrary web script or HTML via vectors associated with improper handling of (1) \" (double quote) characters in the href attribute of an s:a tag and (2) parameters in the action attribute of an s:url tag.",
314
+ "severity":"Medium",
315
+ "type":"Security",
316
+ "infected_components":[
317
+ "gav://org.apache.struts:struts2-core:2.0.9"
318
+ ],
319
+ "created":"2021-06-16T21:22:38Z",
320
+ "watch_name":"maven-watch-3",
321
+ "issue_id":"XRAY-55448",
322
+ "violation_details_url":"http://localhost:8046/xray/api/v1/violations?watch_id=2c5ecab8172f24086f4b3bf4&issue_id=XRAY-55448&comp_id=gav:%2F%2Forg.apache.struts:struts2-core:2.0.9",
323
+ "impacted_artifacts":[
324
+ "default/maven-repo-3/org/apache/struts/struts2-core/2.0.9/struts2-core-2.0.9.jar"
325
+ ]
326
+ },
327
+ {
328
+ "description":"Forced OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution. Affected software : Apache Struts 2.0.0 - Struts 2.5.25.",
329
+ "severity":"Critical",
330
+ "type":"Security",
331
+ "infected_components":[
332
+ "gav://org.apache.struts:struts2-core:2.0.9"
333
+ ],
334
+ "created":"2021-06-16T21:22:38Z",
335
+ "watch_name":"maven-watch-3",
336
+ "issue_id":"XRAY-129844",
337
+ "violation_details_url":"http://localhost:8046/xray/api/v1/violations?watch_id=2c5ecab8172f24086f4b3bf4&issue_id=XRAY-129844&comp_id=gav:%2F%2Forg.apache.struts:struts2-core:2.0.9",
338
+ "impacted_artifacts":[
339
+ "default/maven-repo-3/org/apache/struts/struts2-core/2.0.9/struts2-core-2.0.9.jar"
340
+ ]
341
+ },
342
+ {
343
+ "description":"The ExceptionDelegator component in Apache Struts before 2.2.3.1 interprets parameter values as OGNL expressions during certain exception handling for mismatched data types of properties, which allows remote attackers to execute arbitrary Java code via a crafted parameter.",
344
+ "severity":"High",
345
+ "type":"Security",
346
+ "infected_components":[
347
+ "gav://org.apache.struts:struts2-core:2.0.9"
348
+ ],
349
+ "created":"2021-06-16T21:22:38Z",
350
+ "watch_name":"maven-watch-3",
351
+ "issue_id":"XRAY-55522",
352
+ "violation_details_url":"http://localhost:8046/xray/api/v1/violations?watch_id=2c5ecab8172f24086f4b3bf4&issue_id=XRAY-55522&comp_id=gav:%2F%2Forg.apache.struts:struts2-core:2.0.9",
353
+ "impacted_artifacts":[
354
+ "default/maven-repo-3/org/apache/struts/struts2-core/2.0.9/struts2-core-2.0.9.jar"
355
+ ]
356
+ },
357
+ {
358
+ "description":"Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted value that contains both \"${}\" and \"%{}\" sequences, which causes the OGNL code to be evaluated twice.",
359
+ "severity":"High",
360
+ "type":"Security",
361
+ "infected_components":[
362
+ "gav://org.apache.struts:struts2-core:2.0.9"
363
+ ],
364
+ "created":"2021-06-16T21:22:38Z",
365
+ "watch_name":"maven-watch-3",
366
+ "issue_id":"XRAY-55575",
367
+ "violation_details_url":"http://localhost:8046/xray/api/v1/violations?watch_id=2c5ecab8172f24086f4b3bf4&issue_id=XRAY-55575&comp_id=gav:%2F%2Forg.apache.struts:struts2-core:2.0.9",
368
+ "impacted_artifacts":[
369
+ "default/maven-repo-3/org/apache/struts/struts2-core/2.0.9/struts2-core-2.0.9.jar"
370
+ ]
371
+ },
372
+ {
373
+ "description":"Apache Struts JSP Page Handling Unspecified XSS",
374
+ "severity":"Medium",
375
+ "type":"Security",
376
+ "infected_components":[
377
+ "gav://org.apache.struts:struts2-core:2.0.9"
378
+ ],
379
+ "created":"2021-06-16T21:22:38Z",
380
+ "watch_name":"maven-watch-3",
381
+ "issue_id":"XRAY-81164",
382
+ "violation_details_url":"http://localhost:8046/xray/api/v1/violations?watch_id=2c5ecab8172f24086f4b3bf4&issue_id=XRAY-81164&comp_id=gav:%2F%2Forg.apache.struts:struts2-core:2.0.9",
383
+ "impacted_artifacts":[
384
+ "default/maven-repo-3/org/apache/struts/struts2-core/2.0.9/struts2-core-2.0.9.jar"
385
+ ]
386
+ },
387
+ {
388
+ "description":"Apache Struts <s:textfield> Tag <s:include> Handling XSS",
389
+ "severity":"Medium",
390
+ "type":"Security",
391
+ "infected_components":[
392
+ "gav://org.apache.struts:struts2-core:2.0.9"
393
+ ],
394
+ "created":"2021-06-16T21:22:38Z",
395
+ "watch_name":"maven-watch-3",
396
+ "issue_id":"XRAY-81187",
397
+ "violation_details_url":"http://localhost:8046/xray/api/v1/violations?watch_id=2c5ecab8172f24086f4b3bf4&issue_id=XRAY-81187&comp_id=gav:%2F%2Forg.apache.struts:struts2-core:2.0.9",
398
+ "impacted_artifacts":[
399
+ "default/maven-repo-3/org/apache/struts/struts2-core/2.0.9/struts2-core-2.0.9.jar"
400
+ ]
401
+ },
402
+ {
403
+ "description":"Apache Struts EL / OGNL Interpretation Unspecified Remote Code Execution",
404
+ "severity":"High",
405
+ "type":"Security",
406
+ "infected_components":[
407
+ "gav://org.apache.struts:struts2-core:2.0.9"
408
+ ],
409
+ "created":"2021-06-16T21:22:38Z",
410
+ "watch_name":"maven-watch-3",
411
+ "issue_id":"XRAY-87424",
412
+ "violation_details_url":"http://localhost:8046/xray/api/v1/violations?watch_id=2c5ecab8172f24086f4b3bf4&issue_id=XRAY-87424&comp_id=gav:%2F%2Forg.apache.struts:struts2-core:2.0.9",
413
+ "impacted_artifacts":[
414
+ "default/maven-repo-3/org/apache/struts/struts2-core/2.0.9/struts2-core-2.0.9.jar"
415
+ ]
416
+ }
417
+ ]
418
+ }'
419
+ resp_obj = JSON.parse(response)
420
+ return resp_obj
421
+ end
data/lib/fluent/plugin/xray.rb CHANGED
@@ -1,195 +1,199 @@
1
- require 'concurrent'
2
- require 'concurrent-edge'
3
- require 'json'
4
- require "fluent/plugin/position_file"
5
-
6
- class Xray
7
- def initialize(jpd_url, username, api_key, token, wait_interval, batch_size, pos_file_path, router, tag)
8
- @jpd_url = jpd_url
9
- @username = username
10
- @api_key = api_key
11
- @token = token
12
- @wait_interval = wait_interval
13
- @batch_size = batch_size
14
- @pos_file_path = pos_file_path
15
- @router = router
16
- @tag = tag
17
- end
18
-
19
- def violations(date_since)
20
- violations_channel = Concurrent::Channel.new(capacity: @batch_size)
21
- page_number = 1
22
- timer_task = Concurrent::TimerTask.new(execution_interval: @wait_interval, timeout_interval: 30) do
23
- xray_json = {"filters": { "created_from": date_since }, "pagination": {"order_by": "created","limit": @batch_size ,"offset": page_number } }
24
- puts "Fetching Xray Violations with #{xray_json} parameters"
25
- resp = get_violations(xray_json)
26
- page_violation_count = resp['violations'].length
27
- puts "Total violations count is #{resp['total_violations']}"
28
- if resp['total_violations'] > 0
29
- puts "Number of Violations in page #{page_number} are #{page_violation_count}"
30
- resp['violations'].each {|v| violations_channel = process(v, violations_channel) }
31
- page_number += 1 if next_page?(page_violation_count)
32
- end
33
- end
34
- timer_task.execute
35
-
36
- violations_channel
37
- end
38
-
39
- def violation_details(violations_channel)
40
- violations_channel.each do |v|
41
- Concurrent::Promises.future(v) do |v|
42
- process_violation_details(v['violation_details_url'])
43
- pos_file = PositionFile.new(@pos_file_path)
44
- puts "Adding issue #{v['issue_id']} to position file at #{@pos_file_path}"
45
- pos_file.write(v)
46
- end
47
- end
48
- end
49
-
50
- def process_violation_details(xray_violation_detail_url)
51
- begin
52
- detailResp_json = data_normalization(get_violations_detail(xray_violation_detail_url))
53
- time = Fluent::Engine.now
54
- puts "Emitting normalized Xray Violation #{detailResp_json['issue_id']}"
55
- @router.emit(@tag, time, detailResp_json)
56
- rescue => e
57
- puts "Process Violation details error: #{e}"
58
- raise Fluent::ConfigError, "Process Violation details error: #{e}"
59
- end
60
- end
61
-
62
- def get_violations_detail(xray_violation_detail_url)
63
- if !@token.nil? && @token != ''
64
- response = RestClient::Request.new(
65
- :method => :get,
66
- :url => @jpd_url + xray_violation_detail_url[xray_violation_detail_url.index('/xray/'),xray_violation_detail_url.length],
67
- :headers => { :accept => :json, :content_type => :json, Authorization:'Bearer ' + @token }
68
- )
69
- elsif !@api_key.nil? && @api_key != ''
70
- response = RestClient::Request.new(
71
- :method => :get,
72
- :url => @jpd_url + xray_violation_detail_url[xray_violation_detail_url.index('/xray/'),xray_violation_detail_url.length],
73
- :user => @username,
74
- :password => @api_key
75
- )
76
- end
77
-
78
- response.execute do |response, request, result|
79
- case response.code
80
- when 200
81
- return JSON.parse(response.to_s)
82
- else
83
- puts "Validation failed error (cannot reach Artifactory to pull Xray Violation details): #{response.to_json}"
84
- raise Fluent::ConfigError, "Validation failed error (cannot reach Artifactory to pull Xray Violation details): #{response.to_json}"
85
- end
86
- end
87
- end
88
-
89
- def data_normalization(detailResp_json)
90
- cve = []
91
- cvss_v2_list = []
92
- cvss_v3_list = []
93
- policy_list = []
94
- rule_list = []
95
- impacted_artifact_url_list = []
96
- if detailResp_json.key?('properties')
97
- properties = detailResp_json['properties']
98
- for index in 0..properties.length-1 do
99
- if properties[index].key?('cve')
100
- cve.push(properties[index]['cve'])
101
- end
102
- if properties[index].key?('cvss_v2')
103
- cvss_v2_list.push(properties[index]['cvss_v2'])
104
- end
105
- if properties[index].key?('cvss_v3')
106
- cvss_v3_list.push(properties[index]['cvss_v3'])
107
- end
108
- end
109
-
110
- detailResp_json["cve"] = cve.sort.reverse[0]
111
- cvss_v2 = cvss_v2_list.sort.reverse[0]
112
- cvss_v3 = cvss_v3_list.sort.reverse[0]
113
- if !cvss_v3.nil?
114
- cvss = cvss_v3
115
- elsif !cvss_v2.nil?
116
- cvss = cvss_v2
117
- end
118
- cvss_score = cvss[0..2]
119
- cvss_version = cvss.split(':')[1][0..2]
120
- detailResp_json["cvss_score"] = cvss_score
121
- detailResp_json["cvss_version"] = cvss_version
122
- end
123
-
124
- if detailResp_json.key?('matched_policies')
125
- matched_policies = detailResp_json['matched_policies']
126
- for index in 0..matched_policies.length-1 do
127
- if matched_policies[index].key?('policy')
128
- policy_list.push(matched_policies[index]['policy'])
129
- end
130
- if matched_policies[index].key?('rule')
131
- rule_list.push(matched_policies[index]['rule'])
132
- end
133
- end
134
- detailResp_json['policies'] = policy_list
135
- detailResp_json['rules'] = rule_list
136
- end
137
-
138
- detailResp_json['impacted_artifacts'].each do |impacted_artifact|
139
- matchdata = impacted_artifact.match /default\/(?<repo_name>[^\/]*)\/(?<path>.*)/
140
- impacted_artifact_url = matchdata['repo_name'] + ":" + matchdata['path'] + " "
141
- impacted_artifact_url_list.append(impacted_artifact_url)
142
- end
143
- detailResp_json['impacted_artifacts_url'] = impacted_artifact_url_list
144
- return detailResp_json
145
- end
146
-
147
- def process(violation, violations_channel)
148
- pos_file = PositionFile.new(@pos_file_path)
149
- unless pos_file.processed?(violation)
150
- violations_channel << violation
151
- else
152
- puts "Violation #{violation['issue_id']} is already processed"
153
- end
154
- #violations_channel << violation unless pos_file.processed?(violation)
155
- violations_channel
156
- end
157
-
158
- private
159
- def get_violations(xray_json)
160
- if !@token.nil? && @token != ''
161
- puts "Validating JPD access token and fetching violations"
162
- response = RestClient::Request.new(
163
- :method => :post,
164
- :url => @jpd_url + "/xray/api/v1/violations",
165
- :payload => xray_json.to_json,
166
- :headers => { :accept => :json, :content_type => :json, Authorization:'Bearer ' + @token }
167
- )
168
- elsif !@api_key.nil? && @api_key != ''
169
- puts "Validating JPD API Key and fetching violations"
170
- response = RestClient::Request.new(
171
- :method => :post,
172
- :url => @jpd_url + "/xray/api/v1/violations",
173
- :payload => xray_json.to_json,
174
- :user => @username,
175
- :password => @api_key,
176
- :headers => { :accept => :json, :content_type => :json }
177
- )
178
- end
179
- response.execute do |response, request, result|
180
- case response.code
181
- when 200
182
- return JSON.parse(response.to_str)
183
- else
184
- puts "Validation failed error (cannot reach Artifactory to pull Xray Violations): #{response.to_json}"
185
- raise Fluent::ConfigError, "Validation failed error (cannot reach Artifactory to pull Xray Violations): #{response.to_json}"
186
- end
187
- end
188
- end
189
-
190
- def next_page?(count)
191
- count == @batch_size
192
- end
193
-
194
- end
195
-
1
+ require 'concurrent'
2
+ require 'concurrent-edge'
3
+ require 'json'
4
+ require "fluent/plugin/position_file"
5
+
6
+ class Xray
7
+ def initialize(jpd_url, username, api_key, token, wait_interval, batch_size, pos_file_path, router, tag)
8
+ @jpd_url = jpd_url
9
+ @username = username
10
+ @api_key = api_key
11
+ @token = token
12
+ @wait_interval = wait_interval
13
+ @batch_size = batch_size
14
+ @pos_file_path = pos_file_path
15
+ @router = router
16
+ @tag = tag
17
+ end
18
+
19
+ def violations(date_since)
20
+ violations_channel = Concurrent::Channel.new(capacity: @batch_size)
21
+ page_number = 1
22
+ timer_task = Concurrent::TimerTask.new(execution_interval: @wait_interval, timeout_interval: 30) do
23
+ xray_json = {"filters": { "created_from": date_since }, "pagination": {"order_by": "created","limit": @batch_size ,"offset": page_number } }
24
+ puts "Fetching Xray Violations with #{xray_json} parameters"
25
+ resp = get_violations(xray_json)
26
+ page_violation_count = resp['violations'].length
27
+ puts "Total violations count is #{resp['total_violations']}"
28
+ if resp['total_violations'] > 0
29
+ puts "Number of Violations in page #{page_number} are #{page_violation_count}"
30
+ resp['violations'].each {|v| violations_channel = process(v, violations_channel) }
31
+ page_number += 1 if next_page?(page_violation_count)
32
+ end
33
+ end
34
+ timer_task.execute
35
+
36
+ violations_channel
37
+ end
38
+
39
+ def violation_details(violations_channel)
40
+ violations_channel.each do |v|
41
+ Concurrent::Promises.future(v) do |v|
42
+ process_violation_details(v['violation_details_url'])
43
+ pos_file = PositionFile.new(@pos_file_path)
44
+ puts "Adding issue #{v['issue_id']} to position file at #{@pos_file_path}"
45
+ pos_file.write(v)
46
+ end
47
+ end
48
+ end
49
+
50
+ def process_violation_details(xray_violation_detail_url)
51
+ begin
52
+ detailResp_json = data_normalization(get_violations_detail(xray_violation_detail_url))
53
+ time = Fluent::Engine.now
54
+ puts "Emitting normalized Xray Violation #{detailResp_json['issue_id']}"
55
+ @router.emit(@tag, time, detailResp_json)
56
+ rescue => e
57
+ puts "Process Violation details error: #{e}"
58
+ raise Fluent::ConfigError, "Process Violation details error: #{e}"
59
+ end
60
+ end
61
+
62
+ def get_violations_detail(xray_violation_detail_url)
63
+ if !@token.nil? && @token != ''
64
+ response = RestClient::Request.new(
65
+ :method => :get,
66
+ :url => @jpd_url + xray_violation_detail_url[xray_violation_detail_url.index('/xray/'),xray_violation_detail_url.length],
67
+ :headers => { :accept => :json, :content_type => :json, Authorization:'Bearer ' + @token }
68
+ )
69
+ elsif !@api_key.nil? && @api_key != ''
70
+ response = RestClient::Request.new(
71
+ :method => :get,
72
+ :url => @jpd_url + xray_violation_detail_url[xray_violation_detail_url.index('/xray/'),xray_violation_detail_url.length],
73
+ :user => @username,
74
+ :password => @api_key
75
+ )
76
+ end
77
+
78
+ response.execute do |response, request, result|
79
+ case response.code
80
+ when 200
81
+ return JSON.parse(response.to_s)
82
+ else
83
+ puts "Validation failed error (cannot reach Artifactory to pull Xray Violation details): #{response.to_json}"
84
+ raise Fluent::ConfigError, "Validation failed error (cannot reach Artifactory to pull Xray Violation details): #{response.to_json}"
85
+ end
86
+ end
87
+ end
88
+
89
+ def data_normalization(detailResp_json)
90
+ cve = []
91
+ cvss_v2_list = []
92
+ cvss_v3_list = []
93
+ policy_list = []
94
+ rule_list = []
95
+ impacted_artifact_url_list = []
96
+ if detailResp_json.key?('properties')
97
+ properties = detailResp_json['properties']
98
+ for index in 0..properties.length-1 do
99
+ if properties[index].key?('cve')
100
+ cve.push(properties[index]['cve'])
101
+ end
102
+ if properties[index].key?('cvss_v2')
103
+ cvss_v2_list.push(properties[index]['cvss_v2'])
104
+ end
105
+ if properties[index].key?('cvss_v3')
106
+ cvss_v3_list.push(properties[index]['cvss_v3'])
107
+ end
108
+ end
109
+
110
+ detailResp_json["cve"] = cve.sort.reverse[0]
111
+ cvss_v2 = cvss_v2_list.sort.reverse[0]
112
+ cvss_v3 = cvss_v3_list.sort.reverse[0]
113
+ if !cvss_v3.nil?
114
+ cvss = cvss_v3
115
+ elsif !cvss_v2.nil?
116
+ cvss = cvss_v2
117
+ end
118
+ cvss_score = cvss[0..2]
119
+ cvss_version = cvss.split(':')[1][0..2]
120
+ detailResp_json["cvss_score"] = cvss_score
121
+ detailResp_json["cvss_version"] = cvss_version
122
+ end
123
+
124
+ if detailResp_json.key?('matched_policies')
125
+ matched_policies = detailResp_json['matched_policies']
126
+ for index in 0..matched_policies.length-1 do
127
+ if matched_policies[index].key?('policy')
128
+ policy_list.push(matched_policies[index]['policy'])
129
+ end
130
+ if matched_policies[index].key?('rule')
131
+ rule_list.push(matched_policies[index]['rule'])
132
+ end
133
+ end
134
+ detailResp_json['policies'] = policy_list
135
+ detailResp_json['rules'] = rule_list
136
+ end
137
+
138
+ detailResp_json['impacted_artifacts'].each do |impacted_artifact|
139
+ matchdata = impacted_artifact.match /default\/(?<repo_name>[^\/]*)\/(?<path>.*)/
140
+ if matchdata
141
+ impacted_artifact_url = matchdata['repo_name'] + ":" + matchdata['path'] + " "
142
+ impacted_artifact_url_list.append(impacted_artifact_url)
143
+ else
144
+ impacted_artifact_url_list.append(impacted_artifact)
145
+ end
146
+ end
147
+ detailResp_json['impacted_artifacts_url'] = impacted_artifact_url_list
148
+ return detailResp_json
149
+ end
150
+
151
+ def process(violation, violations_channel)
152
+ pos_file = PositionFile.new(@pos_file_path)
153
+ unless pos_file.processed?(violation)
154
+ violations_channel << violation
155
+ else
156
+ puts "Violation #{violation['issue_id']} is already processed"
157
+ end
158
+ #violations_channel << violation unless pos_file.processed?(violation)
159
+ violations_channel
160
+ end
161
+
162
+ private
163
+ def get_violations(xray_json)
164
+ if !@token.nil? && @token != ''
165
+ puts "Validating JPD access token and fetching violations"
166
+ response = RestClient::Request.new(
167
+ :method => :post,
168
+ :url => @jpd_url + "/xray/api/v1/violations",
169
+ :payload => xray_json.to_json,
170
+ :headers => { :accept => :json, :content_type => :json, Authorization:'Bearer ' + @token }
171
+ )
172
+ elsif !@api_key.nil? && @api_key != ''
173
+ puts "Validating JPD API Key and fetching violations"
174
+ response = RestClient::Request.new(
175
+ :method => :post,
176
+ :url => @jpd_url + "/xray/api/v1/violations",
177
+ :payload => xray_json.to_json,
178
+ :user => @username,
179
+ :password => @api_key,
180
+ :headers => { :accept => :json, :content_type => :json }
181
+ )
182
+ end
183
+ response.execute do |response, request, result|
184
+ case response.code
185
+ when 200
186
+ return JSON.parse(response.to_str)
187
+ else
188
+ puts "Validation failed error (cannot reach Artifactory to pull Xray Violations): #{response.to_json}"
189
+ raise Fluent::ConfigError, "Validation failed error (cannot reach Artifactory to pull Xray Violations): #{response.to_json}"
190
+ end
191
+ end
192
+ end
193
+
194
+ def next_page?(count)
195
+ count == @batch_size
196
+ end
197
+
198
+ end
199
+
data/test/plugin/test_in_jfrog_siem.rb CHANGED
@@ -1,41 +1,41 @@
1
- require "helper"
2
- require "fluent/plugin/in_jfrog_siem.rb"
3
-
4
- class JfrogSiemInputTest < Test::Unit::TestCase
5
- setup do
6
- Fluent::Test.setup
7
- end
8
-
9
- test "failure" do
10
- #flunk
11
- end
12
-
13
- # Default configuration for tests
14
- CONFIG = %[
15
- tag "jfrog.xray.siem.vulnerabilities"
16
- jpd_url "JPDURL"
17
- username "admin"
18
- apikey "APIKEY"
19
- pos_file_path "#{ENV['JF_PRODUCT_DATA_INTERNAL']}/log/"
20
- wait_interval 10
21
- from_date "2016-01-01"
22
- batch_size 25
23
- ]
24
-
25
- private
26
-
27
- def create_driver(conf = CONFIG)
28
- Fluent::Test::Driver::Input.new(Fluent::Plugin::JfrogSiemInput).configure(conf)
29
- end
30
-
31
- sub_test_case 'Testing' do
32
- test 'Testing plugin in_jfrog_siem' do
33
- d = create_driver(CONFIG)
34
- begin
35
- d.run
36
- rescue => e
37
- raise "Test failed due to #{e}"
38
- end
39
- end
40
- end
41
- end
1
+ require "helper"
2
+ require "fluent/plugin/in_jfrog_siem.rb"
3
+
4
+ class JfrogSiemInputTest < Test::Unit::TestCase
5
+ setup do
6
+ Fluent::Test.setup
7
+ end
8
+
9
+ test "failure" do
10
+ #flunk
11
+ end
12
+
13
+ # Default configuration for tests
14
+ CONFIG = %[
15
+ tag "jfrog.xray.siem.vulnerabilities"
16
+ jpd_url "JPDURL"
17
+ username "admin"
18
+ apikey "APIKEY"
19
+ pos_file_path "#{ENV['JF_PRODUCT_DATA_INTERNAL']}/log/"
20
+ wait_interval 10
21
+ from_date "2016-01-01"
22
+ batch_size 25
23
+ ]
24
+
25
+ private
26
+
27
+ def create_driver(conf = CONFIG)
28
+ Fluent::Test::Driver::Input.new(Fluent::Plugin::JfrogSiemInput).configure(conf)
29
+ end
30
+
31
+ sub_test_case 'Testing' do
32
+ test 'Testing plugin in_jfrog_siem' do
33
+ d = create_driver(CONFIG)
34
+ begin
35
+ d.run
36
+ rescue => e
37
+ raise "Test failed due to #{e}"
38
+ end
39
+ end
40
+ end
41
+ end
metadata CHANGED
@@ -1,16 +1,15 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: fluent-plugin-jfrog-siem
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.0.6
4
+ version: 2.0.8
5
5
  platform: ruby
6
6
  authors:
7
7
  - Mahitha Byreddy
8
- - Sudhindra Rao
9
- - Giridharan Ramasamy
10
- autorequire:
8
+ - Ben Harosh
9
+ autorequire:
11
10
  bindir: bin
12
11
  cert_chain: []
13
- date: 2023-03-10 00:00:00.000000000 Z
12
+ date: 2024-11-07 00:00:00.000000000 Z
14
13
  dependencies:
15
14
  - !ruby/object:Gem::Dependency
16
15
  name: bundler
@@ -68,26 +67,6 @@ dependencies:
68
67
  - - "~>"
69
68
  - !ruby/object:Gem::Version
70
69
  version: '2.0'
71
- - !ruby/object:Gem::Dependency
72
- name: concurrent-ruby
73
- requirement: !ruby/object:Gem::Requirement
74
- requirements:
75
- - - "~>"
76
- - !ruby/object:Gem::Version
77
- version: 1.1.8
78
- - - "<"
79
- - !ruby/object:Gem::Version
80
- version: 1.1.10
81
- type: :development
82
- prerelease: false
83
- version_requirements: !ruby/object:Gem::Requirement
84
- requirements:
85
- - - "~>"
86
- - !ruby/object:Gem::Version
87
- version: 1.1.8
88
- - - "<"
89
- - !ruby/object:Gem::Version
90
- version: 1.1.10
91
70
  - !ruby/object:Gem::Dependency
92
71
  name: concurrent-ruby-edge
93
72
  requirement: !ruby/object:Gem::Requirement
@@ -130,26 +109,6 @@ dependencies:
130
109
  - - "~>"
131
110
  - !ruby/object:Gem::Version
132
111
  version: '2.0'
133
- - !ruby/object:Gem::Dependency
134
- name: concurrent-ruby
135
- requirement: !ruby/object:Gem::Requirement
136
- requirements:
137
- - - "~>"
138
- - !ruby/object:Gem::Version
139
- version: 1.1.8
140
- - - "<"
141
- - !ruby/object:Gem::Version
142
- version: 1.1.10
143
- type: :runtime
144
- prerelease: false
145
- version_requirements: !ruby/object:Gem::Requirement
146
- requirements:
147
- - - "~>"
148
- - !ruby/object:Gem::Version
149
- version: 1.1.8
150
- - - "<"
151
- - !ruby/object:Gem::Version
152
- version: 1.1.10
153
112
  - !ruby/object:Gem::Dependency
154
113
  name: concurrent-ruby-edge
155
114
  requirement: !ruby/object:Gem::Requirement
@@ -187,9 +146,7 @@ dependencies:
187
146
  description: JFrog SIEM fluent input plugin will send the SIEM events from JFrog Xray
188
147
  to Fluentd which can then be delivered to whatever output plugin specified
189
148
  email:
190
- - mahithab@jfrog.com
191
- - sudhindrar@jfrog.com
192
- - girir@jfrog.com
149
+ - partner-support@jfrog.com
193
150
  executables: []
194
151
  extensions: []
195
152
  extra_rdoc_files: []
@@ -203,8 +160,10 @@ files:
203
160
  - fluent-plugin-jfrog-siem.gemspec
204
161
  - lib/fluent/plugin/in_jfrog_siem.rb
205
162
  - lib/fluent/plugin/position_file.rb
163
+ - lib/fluent/plugin/test_violations.rb
206
164
  - lib/fluent/plugin/violations.json
207
165
  - lib/fluent/plugin/xray.rb
166
+ - pkg/fluent-plugin-jfrog-siem-2.0.8.gem
208
167
  - spec/position_file_spec.rb
209
168
  - spec/spec_helper.rb
210
169
  - spec/xray_spec.rb
@@ -214,7 +173,7 @@ homepage: https://github.com/jfrog/fluent-plugin-jfrog-siem
214
173
  licenses:
215
174
  - Apache-2.0
216
175
  metadata: {}
217
- post_install_message:
176
+ post_install_message:
218
177
  rdoc_options: []
219
178
  require_paths:
220
179
  - lib
@@ -229,8 +188,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
229
188
  - !ruby/object:Gem::Version
230
189
  version: '0'
231
190
  requirements: []
232
- rubygems_version: 3.0.3.1
233
- signing_key:
191
+ rubygems_version: 3.5.3
192
+ signing_key:
234
193
  specification_version: 4
235
194
  summary: JFrog SIEM fluent input plugin will send the SIEM events from JFrog Xray
236
195
  to Fluentd