fluent-plugin-nginx-nap-decode 0.4.64 → 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. checksums.yaml +4 -4
  2. data/fluent-plugin-nginx-nap-decode-0.4.64.gem +0 -0
  3. data/fluent-plugin-nginx-nap-decode.gemspec +1 -1
  4. data/lib/fluent/plugin/filter_nginx_nap_decode.rb +6 -2
  5. metadata +2 -1
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 4b05d88c6346625519167d3f3b263b93b216662bb9fc9b55180c29abca2e0668
4
- data.tar.gz: 78f3a8946faf7d578ed833a8462faf3e6d4f244578e36c2b4b46e416966300a8
3
+ metadata.gz: a470e811dc51325dfea59ccf696aa376efbc4499c3e8105140e025a827559268
4
+ data.tar.gz: bfb25f0d137f797b4dcdfec5ab44f0ed2176c15c177fb90750a43015c4045234
5
5
  SHA512:
6
- metadata.gz: 81660db9f36ab40db4c43a45efc41eae2badcf8004423dedfb2aa0612f6091d27b984ffc06bc2bdd327e8ff1ed5ac3c1de2a83db40de998aab5d53b12f17cee8
7
- data.tar.gz: 7ed4aae41c076961ab5fcc1239c58c696ab198db9281d87d938e5f22e88f24a74a4dfc86688706af83a6da66abcf7f1bc4830257db86602b5823a3d925cd6582
6
+ metadata.gz: b66cb8ac301c224f873597c487cc5be41f64674f17500dfae8b2ee0a6cdb0868a6bf20d783dd1ac65e61202da163b9c4d6cd21965536f08ddec5913e9c639cbe
7
+ data.tar.gz: e9520b1b8c3f7560802e919ad4b327b849126bd173f262efee435f6b58769789ba5e9455d93b2fd07779654f41429578c72dc5acfb35760f5fd989ffd5d8d04e
data/fluent-plugin-nginx-nap-decode.gemspec CHANGED
@@ -3,7 +3,7 @@ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
3
3
 
4
4
  Gem::Specification.new do |spec|
5
5
  spec.name = "fluent-plugin-nginx-nap-decode"
6
- spec.version = "0.4.64"
6
+ spec.version = "1.0.0"
7
7
  spec.authors = ["Kostas Skenderidis"]
8
8
  spec.email = ["skenderidis@gmail.com"]
9
9
 
data/lib/fluent/plugin/filter_nginx_nap_decode.rb CHANGED
@@ -103,7 +103,6 @@ module Fluent
103
103
  else
104
104
  record['violations']['observedEntity']['name-decode']=record['violations']['policyEntity']['parameters'][0]['name']
105
105
  end
106
-
107
106
  when 'VIOL_URL_LENGTH', 'VIOL_POST_DATA_LENGTH', 'VIOL_QUERY_STRING_LENGTH', 'VIOL_REQUEST_LENGTH', 'VIOL_COOKIE_LENGTH', 'VIOL_HEADER_LENGTH'
108
107
  # If filetype is explicit then the NAP does NOT provide the "observedEntity". This creates a problem with reporting later on, so we added the record "name"
109
108
  # Notes: Why is filetypes an array!!
@@ -112,7 +111,12 @@ module Fluent
112
111
  else
113
112
  record['violations']['observedEntity']['name-decode']=record['violations']['policyEntity']['filetypes'][0]['name']
114
113
  end
115
-
114
+ when 'VIOL_EVASION'
115
+ # if the observed entity is parameter then base64-decode the parameter
116
+ if record['violations']['observedEntity']['scope']=="parameter"
117
+ record['violations']['observedEntity']['name-decode']=Base64.decode64(record['violations']['observedEntity']['name']) #base64 decode
118
+ record['violations']['observedEntity']['value-decode']=Base64.decode64(record['violations']['observedEntity']['value']) #base64 decode
119
+ end
116
120
  end
117
121
  record
118
122
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: fluent-plugin-nginx-nap-decode
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.4.64
4
+ version: 1.0.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Kostas Skenderidis
@@ -42,6 +42,7 @@ files:
42
42
  - LICENSE
43
43
  - README.md
44
44
  - Rakefile
45
+ - fluent-plugin-nginx-nap-decode-0.4.64.gem
45
46
  - fluent-plugin-nginx-nap-decode.gemspec
46
47
  - lib/fluent/plugin/filter_nginx_nap_decode.rb
47
48
  - publish.md