fluent-plugin-nginx-nap-decode 0.4.62 → 0.4.63
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 13352e73a18f16d29963dd28012b19956e0c9d6fa48928c3cd0fd2ec04fb91bf
|
|
4
|
+
data.tar.gz: c47021af3ed8dea2f1d3d9fbd0d79aef9a3e2e06c062c0e90ccbcf2c14ae3dfe
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 528353605faa7fd9bb8e15cbd5788647ba8e6e25f65d31550be6590e93fc5a72e6a7d346ae79e4da623f14705c58cd17b622f74d49580196e2461d74e8e62c20
|
|
7
|
+
data.tar.gz: 6b7d3ce3386bd8bf7f26d9b9b9b723df2d1e8801d0ac8d819799989935a541843b077d9860e0111441c04b9508d80e627cb6560b19ada6de3246edfe4451244d
|
|
@@ -3,7 +3,7 @@ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
|
|
|
3
3
|
|
|
4
4
|
Gem::Specification.new do |spec|
|
|
5
5
|
spec.name = "fluent-plugin-nginx-nap-decode"
|
|
6
|
-
spec.version = "0.4.
|
|
6
|
+
spec.version = "0.4.63"
|
|
7
7
|
spec.authors = ["Kostas Skenderidis"]
|
|
8
8
|
spec.email = ["skenderidis@gmail.com"]
|
|
9
9
|
|
|
@@ -34,8 +34,10 @@ module Fluent
|
|
|
34
34
|
|
|
35
35
|
if record['violations']['policyEntity'].has_key?('cookies')
|
|
36
36
|
record['violations']['context']='cookies'
|
|
37
|
-
record['violations']['snippet']['buffer-decode']=Base64.decode64(record['violations']['snippet']['buffer']) #base64 decode
|
|
38
37
|
record['violations']['observedEntity']['value-decode']=Base64.decode64(record['violations']['observedEntity']['value']) #base64 decode
|
|
38
|
+
if record['violations'].has_key?('snippet')
|
|
39
|
+
record['violations']['snippet']['buffer-decode']=Base64.decode64(record['violations']['snippet']['buffer']) #base64 decode
|
|
40
|
+
end
|
|
39
41
|
# If header is explicit then the NAP does NOT provide the "observedEntity". This
|
|
40
42
|
# This creates a problem with reporting later on, so we added the record "name"
|
|
41
43
|
# Notes: Why is parameters an array!!
|
|
@@ -47,8 +49,10 @@ module Fluent
|
|
|
47
49
|
end
|
|
48
50
|
if record['violations']['policyEntity'].has_key?('headers')
|
|
49
51
|
record['violations']['context']='headers'
|
|
50
|
-
record['violations']['snippet']['buffer-decode']=Base64.decode64(record['violations']['snippet']['buffer']) #base64 decode
|
|
51
52
|
record['violations']['observedEntity']['value-decode']=Base64.decode64(record['violations']['observedEntity']['value']) #base64 decode
|
|
53
|
+
if record['violations'].has_key?('snippet')
|
|
54
|
+
record['violations']['snippet']['buffer-decode']=Base64.decode64(record['violations']['snippet']['buffer']) #base64 decode
|
|
55
|
+
end
|
|
52
56
|
# If header is explicit then the NAP does NOT provide the "observedEntity". This
|
|
53
57
|
# This creates a problem with reporting later on, so we added the record "name"
|
|
54
58
|
# Notes: Why is parameters an array!!
|
|
@@ -60,8 +64,11 @@ module Fluent
|
|
|
60
64
|
end
|
|
61
65
|
if record['violations']['policyEntity'].has_key?('parameters')
|
|
62
66
|
record['violations']['context']='parameters'
|
|
63
|
-
|
|
67
|
+
|
|
64
68
|
record['violations']['observedEntity']['value-decode']=Base64.decode64(record['violations']['observedEntity']['value']) #base64 decode
|
|
69
|
+
if record['violations'].has_key?('snippet')
|
|
70
|
+
record['violations']['snippet']['buffer-decode']=Base64.decode64(record['violations']['snippet']['buffer']) #base64 decode
|
|
71
|
+
end
|
|
65
72
|
# If parameter is explicit then the NAP does NOT provide the "observedEntity". This
|
|
66
73
|
# This creates a problem with reporting later on, so we added the record "name"
|
|
67
74
|
# Notes: Why is parameters an array!!
|
|
@@ -73,19 +80,23 @@ module Fluent
|
|
|
73
80
|
end
|
|
74
81
|
if record['violations']['policyEntity'].has_key?('urls')
|
|
75
82
|
record['violations']['context']='urls'
|
|
76
|
-
record['violations']
|
|
83
|
+
if record['violations'].has_key?('snippet')
|
|
84
|
+
record['violations']['snippet']['buffer-decode']=Base64.decode64(record['violations']['snippet']['buffer']) #base64 decode
|
|
85
|
+
end
|
|
77
86
|
record['violations']['observedEntity']['name-decode']=Base64.decode64(record['violations']['observedEntity']['name']) #base64 decode
|
|
78
87
|
end
|
|
79
88
|
else
|
|
80
89
|
record['violations']['context']='request'
|
|
81
|
-
record['violations']
|
|
90
|
+
if record['violations'].has_key?('snippet')
|
|
91
|
+
record['violations']['snippet']['buffer-decode']=Base64.decode64(record['violations']['snippet']['buffer']) #base64 decode
|
|
92
|
+
end
|
|
82
93
|
end
|
|
83
94
|
|
|
84
95
|
|
|
85
96
|
when 'VIOL_COOKIE_LENGTH', 'VIOL_HEADER_LENGTH', 'VIOL_URL_METACHAR'
|
|
86
97
|
record['violations']['observedEntity']['name-decode']=Base64.decode64(record['violations']['observedEntity']['name']) #base64 decode
|
|
87
98
|
|
|
88
|
-
when 'VIOL_PARAMETER_VALUE_METACHAR', 'VIOL_PARAMETER_DATA_TYPE', '
|
|
99
|
+
when 'VIOL_PARAMETER_VALUE_METACHAR', 'VIOL_PARAMETER_DATA_TYPE', 'VIOL_PARAMETER_NUMERIC_VALUE', 'VIOL_PARAMETER_VALUE_LENGTH', 'VIOL_PARAMETER_ARRAY_VALUE', 'VIOL_PARAMETER_LOCATION', 'VIOL_PARAMETER_STATIC_VALUE'
|
|
89
100
|
record['violations']['observedEntity']['value-decode']=Base64.decode64(record['violations']['observedEntity']['value']) #base64 decode
|
|
90
101
|
# If parameter is explicit then the NAP does NOT provide the "observedEntity".
|
|
91
102
|
# For consistency we create the observedEntity.value
|
|
@@ -97,8 +108,7 @@ module Fluent
|
|
|
97
108
|
record['violations']['observedEntity']['name-decode']=record['violations']['policyEntity']['parameters'][0]['name']
|
|
98
109
|
end
|
|
99
110
|
|
|
100
|
-
|
|
101
|
-
when 'VIOL_URL_LENGTH', 'VIOL_POST_DATA_LENGTH', 'VIOL_QUERY_STRING_LENGTH', 'VIOL_REQUEST_LENGTH'
|
|
111
|
+
when 'VIOL_URL_LENGTH', 'VIOL_POST_DATA_LENGTH', 'VIOL_QUERY_STRING_LENGTH', 'VIOL_REQUEST_LENGTH', 'VIOL_PARAMETER_EMPTY_VALUE', 'VIOL_COOKIE_LENGTH', 'VIOL_HEADER_LENGTH', 'VIOL_PARAMETER'
|
|
102
112
|
# If filetype is explicit then the NAP does NOT provide the "observedEntity".
|
|
103
113
|
# For consistency we create the observedEntity.value
|
|
104
114
|
# This creates a problem with reporting later on, so we added the record "name"
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: fluent-plugin-nginx-nap-decode
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.4.
|
|
4
|
+
version: 0.4.63
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Kostas Skenderidis
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2024-04-04 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: fluentd
|
|
@@ -67,7 +67,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
67
67
|
- !ruby/object:Gem::Version
|
|
68
68
|
version: '0'
|
|
69
69
|
requirements: []
|
|
70
|
-
rubygems_version: 3.4.
|
|
70
|
+
rubygems_version: 3.4.19
|
|
71
71
|
signing_key:
|
|
72
72
|
specification_version: 4
|
|
73
73
|
summary: Decode the base64 values that are included on the NAP logs
|