RubyGems - fluent-plugin-parser_cef - Versions diffs - 0.2.0 → 0.3.0 - Mend

fluent-plugin-parser_cef 0.2.0 → 0.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

checksums.yaml +4 -4
data/VERSION +1 -1
data/fluent-plugin-parser_cef.gemspec +2 -0
data/lib/fluent/plugin/parser_cef.rb +49 -61
data/spec/fluent/plugin/parser_cef_spec.rb +30 -0
data/spec/spec_helper.rb +3 -5
metadata +4 -4

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 0e2eedd443b1b7fec47ddc045ee1f7506de43022
-  data.tar.gz: ccbc339b8394d269ab365f4b4e8fc22d49a7d57b
+  metadata.gz: c09965c761425d6ee3fc54bbb9fba450a7a77ca1
+  data.tar.gz: '048a3194df2c21016b2d394f244c40ea6a4f6a44'
 SHA512:
-  metadata.gz: 4e2b5fa97f9308e265b5baba0ddeb0abd211384adda34631d4c9b7793c5411b9f0edf38e7288b78ebea281a4baf577a9682a82137c05ee5061b4dcf08589d264
-  data.tar.gz: 3e44f6c3731f048dbf4012678dc123c5b1ca69d64e6353e60c53b5684070072c2c507b9bbae35a4d09d5f4cf006bcf1efd13479c963a6e436992b9a0e0d9c191
+  metadata.gz: 387f53dab5273481471073b35a2821a47b876e94f5aadcebb3cd0b9d4779cee6ad5c9708a90afb65ed91a0859a6d91480993cd39579f3ad2c73b20bb4cc8393d
+  data.tar.gz: 84594857d98d6a8a5850a64a725142474cefbc5c2395636f6312ba5eb66cfa19f4cb4b7e12b507082dd54517d815e885850ff4cf5eb7200aea757a2036776271

data/VERSION CHANGED

	@@ -1 +1 @@
1	- 0.2.0
1	+ 0.3.0

data/fluent-plugin-parser_cef.gemspec CHANGED

@@ -17,6 +17,8 @@ Gem::Specification.new do |spec|
   spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})
   spec.require_paths = ["lib"]
+  spec.required_ruby_version = "~> 2.0"
   spec.add_runtime_dependency "fluentd", ">= 0.12", "< 0.14"
   spec.add_development_dependency "bundler", "~> 1.3"

data/lib/fluent/plugin/parser_cef.rb CHANGED

@@ -8,9 +8,7 @@ require 'yaml'
 module Fluent
   class TextParser
     class CommonEventFormatParser < Parser
       Plugin.register_parser("cef", self)
       config_param :log_format, :string, :default => "syslog"
       config_param :log_utc_offset, :string, :default => nil
       config_param :syslog_timestamp_format, :string, :default => '\w{3}\s+\d{1,2}\s\d{2}:\d{2}:\d{2}'
@@ -19,14 +17,11 @@ module Fluent
       config_param :cef_keyfilename, :string, :default => 'config/cef_version_0_keys.yaml'
       config_param :output_raw_field, :bool, :default => false
       def configure(conf)
         super
         @key_value_format_regexp = /([^\s=]+)=(.*?)(?:(?=[^\s=]+=)|\z)/
         @valid_format_regexp = create_valid_format_regexp
         @utc_offset = get_utc_offset(@log_utc_offset)
         begin
           if @parse_strict_mode
             if @cef_keyfilename =~ /^\//
@@ -47,6 +42,55 @@ module Fluent
         end
       end
+      def parse(text)
+        if text.nil? || text.empty?
+          if block_given?
+            yield nil, nil
+            return
+          else
+            return nil, nil
+          end
+        end
+        text.force_encoding("utf-8")
+        replaced_text = text.scrub('?')
+        record = {}
+        record_overview = @valid_format_regexp.match(replaced_text)
+        if record_overview.nil?
+          if block_given?
+            yield Engine.now, { "raw" => replaced_text }
+            return
+          else
+            return Engine.now, { "raw" => replaced_text }
+          end
+        end
+        time = get_unixtime_with_utc_offset(record_overview["syslog_timestamp"], @utc_offset)
+        begin
+          record_overview.names.each {|key| record[key] = record_overview[key] }
+          text_cef_extension = record_overview["cef_extension"]
+          record.delete("cef_extension")
+        rescue
+          if block_given?
+            yield Engine.now, { "raw" => replaced_text }
+            return
+          else
+            return Engine.now, { "raw" => replaced_text }
+          end
+        end
+        unless text_cef_extension.nil?
+          record_cef_extension = parse_cef_extension(text_cef_extension)
+          record.merge!(record_cef_extension)
+        end
+        record["raw"] = replaced_text if @output_raw_field
+        if block_given?
+          yield time, record
+          return
+        else
+          return time, record
+        end
+      end
+      private
       def get_utc_offset(text)
         utc_offset = nil
         begin
@@ -91,7 +135,6 @@ module Fluent
         return Regexp.new(valid_format_regexp)
       end
       def get_unixtime_with_utc_offset(timestamp, utc_offset)
         unixtime = nil
         begin
@@ -106,59 +149,6 @@ module Fluent
         return unixtime
       end
-      def parse(text)
-        if text.nil? || text.empty?
-          if block_given?
-            yield nil, nil
-            return
-          else
-            return nil, nil
-          end
-        end
-        text.force_encoding("utf-8")
-        record = {}
-        record_overview = @valid_format_regexp.match(text)
-        if record_overview.nil?
-          if block_given?
-            yield Engine.now, { "raw" => text }
-            return
-          else
-            return Engine.now, { "raw" => text }
-          end
-        end
-        time = get_unixtime_with_utc_offset(record_overview["syslog_timestamp"], @utc_offset)
-        begin
-          record_overview.names.each {|key| record[key] = record_overview[key] }
-          text_cef_extension = record_overview["cef_extension"]
-          record.delete("cef_extension")
-        rescue
-          if block_given?
-            yield Engine.now, { "raw" => text }
-            return
-          else
-            return Engine.now, { "raw" => text }
-          end
-        end
-        unless text_cef_extension.nil?
-          record_cef_extension = parse_cef_extension(text_cef_extension)
-          record.merge!(record_cef_extension)
-        end
-        record["raw"] = text if @output_raw_field
-        if block_given?
-          yield time, record
-          return
-        else
-          return time, record
-        end
-      end
       def parse_cef_extension(text)
         if @parse_strict_mode == true
           return parse_cef_extension_with_strict_mode(text)
@@ -167,7 +157,6 @@ module Fluent
         end
       end
       def parse_cef_extension_with_strict_mode(text)
         record = {}
         begin
@@ -187,7 +176,6 @@ module Fluent
         return record
       end
       def parse_cef_extension_without_strict_mode(text)
         record = {}
         begin

data/spec/fluent/plugin/parser_cef_spec.rb CHANGED

@@ -283,5 +283,35 @@ RSpec.describe Fluent::TextParser::CommonEventFormatParser do
           "cef_severity" => "Severity",
           "cs1" => "test" }]}
     end
+    context "syslog message is UTF-8, but including invalid UTF-8 string" do
+      let (:config) {%[
+        log_utc_offset  +09:00
+      ]}
+      let (:text) { "Feb 19 00:35:11 hogehuga CEF:0|Vendor|Product|Version|ID|Name|Severity|src=192.168.1.1 spt=60000 dst=172.16.100.100 dpt=80 msg=\xe3\x2e\x2e\x2e" }
+      subject do
+        allow(Fluent::Engine).to receive(:now).and_return(Time.now.to_i)
+        @timestamp = Time.parse("Feb 19 00:35:11 +09:00").to_i
+        @test_driver = create_driver(config)
+        text.force_encoding("ascii-8bit")
+        @test_driver.parse(text)
+      end
+      it { is_expected.to eq [
+        @timestamp, {
+          "syslog_timestamp" => "Feb 19 00:35:11",
+          "syslog_hostname" => "hogehuga",
+          "syslog_tag" => "",
+          "cef_version" => "0",
+          "cef_device_vendor" => "Vendor",
+          "cef_device_product" => "Product",
+          "cef_device_version" => "Version",
+          "cef_device_event_class_id" => "ID",
+          "cef_name" => "Name",
+          "cef_severity" => "Severity",
+          "src" => "192.168.1.1",
+          "spt" => "60000",
+          "dst" => "172.16.100.100",
+          "dpt" => "80",
+          "msg" => "\xe3\x2e\x2e\x2e".scrub('?') }]}
+    end
   end
 end

data/spec/spec_helper.rb CHANGED

@@ -24,11 +24,9 @@ require 'simplecov'
 require 'coveralls'
 Coveralls.wear!
-SimpleCov.formatter = SimpleCov::Formatter::MultiFormatter[
-  SimpleCov::Formatter::HTMLFormatter,
-  Coveralls::SimpleCov::Formatter
-]
-SimpleCov.start
+SimpleCov.start do
+  add_filter "/spec/"
+end
 RSpec.configure do |config|
   # rspec-expectations config goes here. You can use an alternate

metadata CHANGED

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: fluent-plugin-parser_cef
 version: !ruby/object:Gem::Version
-  version: 0.2.0
+  version: 0.3.0
 platform: ruby
 authors:
 - Tomoyuki Sugimura
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2017-01-06 00:00:00.000000000 Z
+date: 2017-02-23 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: fluentd
@@ -134,9 +134,9 @@ require_paths:
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
-  - - ">="
+  - - "~>"
     - !ruby/object:Gem::Version
-      version: '0'
+      version: '2.0'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="