fluent-plugin-jfrog-siem 0.1.4 → 0.1.5
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/fluent-plugin-jfrog-siem.gemspec +1 -1
- data/lib/fluent/plugin/in_jfrog_siem.rb +52 -22
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 6cfb13538b236dbfd917cf58038dab5e76d945fa0af419240fdd5508e976af1c
|
4
|
+
data.tar.gz: 9725242bcb3230a23f457b146bcf5e39cf562aad9abbcfbcc1ea390de2853093
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: e63137fd91a16f2ab65d3ecdc2e841d1c098e201a8a47b2d0687a80833e05bfa3fb0e4e6cf606245d58c884ef3740d7c4efa3fbbb9a4c095445e05ba3ee60b10
|
7
|
+
data.tar.gz: cc5dcb1ef463eb4d8c57bd246d4968b3a47639296f994913ebb75f01bb49496a44800197efe7bcc97e23bff0f84dc48570ba08d9157c0690715e00b9a0e5cfb5
|
@@ -3,7 +3,7 @@ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
|
|
3
3
|
|
4
4
|
Gem::Specification.new do |spec|
|
5
5
|
spec.name = "fluent-plugin-jfrog-siem"
|
6
|
-
spec.version = "0.1.
|
6
|
+
spec.version = "0.1.5"
|
7
7
|
spec.authors = ["John Peterson", "Mahitha Byreddy"]
|
8
8
|
spec.email = ["johnp@jfrog.com", "mahithab@jfrog.com"]
|
9
9
|
|
@@ -99,6 +99,7 @@ module Fluent
|
|
99
99
|
end
|
100
100
|
offset_count=1
|
101
101
|
left_violations=0
|
102
|
+
waiting_for_violations = false
|
102
103
|
xray_json={"filters": { "created_from": last_created_date }, "pagination": {"order_by": "created","limit": @batch_size ,"offset": offset_count } }
|
103
104
|
|
104
105
|
while true
|
@@ -120,8 +121,16 @@ module Fluent
|
|
120
121
|
|
121
122
|
# Determine if we need to persist this record or not
|
122
123
|
persistItem = true
|
123
|
-
if
|
124
|
-
|
124
|
+
if waiting_for_violations
|
125
|
+
if created_date <= last_created_date
|
126
|
+
# "not persisting it - waiting for violations"
|
127
|
+
persistItem = false
|
128
|
+
end
|
129
|
+
else
|
130
|
+
if created_date < last_created_date
|
131
|
+
# "persisting everything"
|
132
|
+
persistItem = true
|
133
|
+
end
|
125
134
|
end
|
126
135
|
|
127
136
|
# Publish the record to fluentd
|
@@ -158,9 +167,11 @@ module Fluent
|
|
158
167
|
# reduce left violations by jump size (not all batches have full item count??)
|
159
168
|
left_violations = left_violations - @batch_size
|
160
169
|
if left_violations <= 0
|
170
|
+
waiting_for_violations = true
|
161
171
|
sleep(@wait_interval)
|
162
172
|
else
|
163
173
|
# Grab the next record to process for the violation details url
|
174
|
+
waiting_for_violations = false
|
164
175
|
offset_count = offset_count + 1
|
165
176
|
xray_json={"filters": { "created_from": last_created_date_string }, "pagination": {"order_by": "created","limit": @batch_size , "offset": offset_count } }
|
166
177
|
end
|
@@ -226,33 +237,52 @@ module Fluent
|
|
226
237
|
# normalizes Xray data according to common information models for all log-vendors
|
227
238
|
def data_normalization(detailResp)
|
228
239
|
detailResp_json = JSON.parse(detailResp)
|
229
|
-
properties = detailResp_json['properties']
|
230
240
|
cve = []
|
231
241
|
cvss_v2_list = []
|
232
242
|
cvss_v3_list = []
|
233
|
-
|
234
|
-
|
235
|
-
|
236
|
-
|
237
|
-
|
238
|
-
|
243
|
+
impacted_artifact_url_list = []
|
244
|
+
if detailResp_json.key?('properties')
|
245
|
+
properties = detailResp_json['properties']
|
246
|
+
for index in 0..properties.length-1 do
|
247
|
+
if properties[index].key?('cve')
|
248
|
+
cve.push(properties[index]['cve'])
|
249
|
+
end
|
250
|
+
if properties[index].key?('cvss_v2')
|
251
|
+
cvss_v2_list.push(properties[index]['cvss_v2'])
|
252
|
+
end
|
253
|
+
if properties[index].key?('cvss_v3')
|
254
|
+
cvss_v3_list.push(properties[index]['cvss_v3'])
|
255
|
+
end
|
239
256
|
end
|
240
|
-
|
241
|
-
|
257
|
+
|
258
|
+
detailResp_json["cve"] = cve.sort.reverse[0]
|
259
|
+
cvss_v2 = cvss_v2_list.sort.reverse[0]
|
260
|
+
cvss_v3 = cvss_v3_list.sort.reverse[0]
|
261
|
+
if !cvss_v3.nil?
|
262
|
+
cvss = cvss_v3
|
263
|
+
elsif !cvss_v2.nil?
|
264
|
+
cvss = cvss_v2
|
242
265
|
end
|
266
|
+
cvss_score = cvss[0..2]
|
267
|
+
cvss_version = cvss.split(':')[1][0..2]
|
268
|
+
detailResp_json["cvss_score"] = cvss_score
|
269
|
+
detailResp_json["cvss_version"] = cvss_version
|
243
270
|
end
|
244
|
-
|
245
|
-
|
246
|
-
|
247
|
-
|
248
|
-
|
249
|
-
|
250
|
-
|
271
|
+
|
272
|
+
impacted_artifacts = detailResp_json['impacted_artifacts']
|
273
|
+
for impacted_artifact in impacted_artifacts do
|
274
|
+
if impacted_artifact.split('/', -1)[-1] == "manifest.json"
|
275
|
+
#docker formatting
|
276
|
+
repo_name = impacted_artifact.split('/', -1)[1]
|
277
|
+
image_name = impacted_artifact.split('/', -1)[2]
|
278
|
+
tag_name = impacted_artifact.split('/', -1)[3]
|
279
|
+
impacted_artifact_url = "/api/docker/" + repo_name + "/v2/" + image_name + "/manifests/" + tag_name
|
280
|
+
else
|
281
|
+
impacted_artifact_url = impacted_artifact.gsub("default", "")
|
282
|
+
end
|
283
|
+
impacted_artifact_url_list.append(impacted_artifact_url)
|
251
284
|
end
|
252
|
-
|
253
|
-
cvss_version = cvss.split(':')[1][0..2]
|
254
|
-
detailResp_json["cvss_score"] = cvss_score
|
255
|
-
detailResp_json["cvss_version"] = cvss_version
|
285
|
+
detailResp_json['impacted_artifacts_url'] = impacted_artifact_url_list
|
256
286
|
return detailResp_json
|
257
287
|
end
|
258
288
|
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: fluent-plugin-jfrog-siem
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.1.
|
4
|
+
version: 0.1.5
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- John Peterson
|
@@ -9,7 +9,7 @@ authors:
|
|
9
9
|
autorequire:
|
10
10
|
bindir: bin
|
11
11
|
cert_chain: []
|
12
|
-
date: 2021-
|
12
|
+
date: 2021-03-29 00:00:00.000000000 Z
|
13
13
|
dependencies:
|
14
14
|
- !ruby/object:Gem::Dependency
|
15
15
|
name: bundler
|