fluent-plugin-nginx-nap-decode 0.4.64 → 1.0.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: ceddbf27d889379d26e3427f23e2cc2e4a82a41db34a02d24f679ab316025ed0
|
|
4
|
+
data.tar.gz: 2d9e4d969e8e4d9fc5d760328214801031af88829ded3869ee98e4e9f5a48cc6
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: eb9f7d705c9eb2b4a198f1e236ad16902c4f3d14dde17720eddc4f7bfdc6317db638ec8c20ef163297562175f45909af6a55435fa1e648c1377bade27ea64915
|
|
7
|
+
data.tar.gz: 7fb3108b53470e61adb43647d3d4397920ab3c31374d6b29e067db6319e82bc305d9f70e7ac0f24fa8ebad484db3359f6fe38d0b3c04952a130ca3e958bbc673
|
|
Binary file
|
|
@@ -3,7 +3,7 @@ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
|
|
|
3
3
|
|
|
4
4
|
Gem::Specification.new do |spec|
|
|
5
5
|
spec.name = "fluent-plugin-nginx-nap-decode"
|
|
6
|
-
spec.version = "0.
|
|
6
|
+
spec.version = "1.0.1"
|
|
7
7
|
spec.authors = ["Kostas Skenderidis"]
|
|
8
8
|
spec.email = ["skenderidis@gmail.com"]
|
|
9
9
|
|
|
@@ -103,7 +103,6 @@ module Fluent
|
|
|
103
103
|
else
|
|
104
104
|
record['violations']['observedEntity']['name-decode']=record['violations']['policyEntity']['parameters'][0]['name']
|
|
105
105
|
end
|
|
106
|
-
|
|
107
106
|
when 'VIOL_URL_LENGTH', 'VIOL_POST_DATA_LENGTH', 'VIOL_QUERY_STRING_LENGTH', 'VIOL_REQUEST_LENGTH', 'VIOL_COOKIE_LENGTH', 'VIOL_HEADER_LENGTH'
|
|
108
107
|
# If filetype is explicit then the NAP does NOT provide the "observedEntity". This creates a problem with reporting later on, so we added the record "name"
|
|
109
108
|
# Notes: Why is filetypes an array!!
|
|
@@ -112,7 +111,15 @@ module Fluent
|
|
|
112
111
|
else
|
|
113
112
|
record['violations']['observedEntity']['name-decode']=record['violations']['policyEntity']['filetypes'][0]['name']
|
|
114
113
|
end
|
|
114
|
+
when 'VIOL_EVASION'
|
|
115
|
+
# if the observed entity is parameter then base64-decode the parameter
|
|
116
|
+
if record['violations']['observedEntity']['scope']=="parameter"
|
|
117
|
+
record['violations']['observedEntity']['name-decode']=Base64.decode64(record['violations']['observedEntity']['name']) #base64 decode
|
|
118
|
+
record['violations']['observedEntity']['value-decode']=Base64.decode64(record['violations']['observedEntity']['value']) #base64 decode
|
|
119
|
+
|
|
120
|
+
record['violations']['snippet']['buffer-decode']=Base64.decode64(record['violations']['snippet']['buffer']) if record['violations'].has_key?('snippet')
|
|
115
121
|
|
|
122
|
+
end
|
|
116
123
|
end
|
|
117
124
|
record
|
|
118
125
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: fluent-plugin-nginx-nap-decode
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 1.0.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Kostas Skenderidis
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2024-04-
|
|
11
|
+
date: 2024-04-06 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: fluentd
|
|
@@ -42,6 +42,7 @@ files:
|
|
|
42
42
|
- LICENSE
|
|
43
43
|
- README.md
|
|
44
44
|
- Rakefile
|
|
45
|
+
- fluent-plugin-nginx-nap-decode-0.4.64.gem
|
|
45
46
|
- fluent-plugin-nginx-nap-decode.gemspec
|
|
46
47
|
- lib/fluent/plugin/filter_nginx_nap_decode.rb
|
|
47
48
|
- publish.md
|