internet_security_event 1.2.1 → 3.0.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 3df07baf6dbb78e612229fee0043e79a955c01f7f1655c8e77a6a142340d4114
4
- data.tar.gz: 53bd006f3735a68a8d8255e5c83245f636eb69bd9957c581fa65a6d094c0e0ea
3
+ metadata.gz: 9618c67bc76530f18f67b1c2634fc8a1638f003216c0870bc7aeea96f72136e6
4
+ data.tar.gz: eb38ae645cc40fee9e92b465bb05178d39769bd77aa3804666b13283fb0192bf
5
5
  SHA512:
6
- metadata.gz: 2f3cdfec986f3112a037f78eb7579f6adca58b09361cfeea297a0c1d941409871312524cd14cf1bfa2534c50b255f7ebb4ec2e0d82085413d6096d5783f444ec
7
- data.tar.gz: e49b5770d869368c49786ad8997cf85f4178f7cf52fef2eac957018db45c0ebeb0210d0bd225fc1339dc4bb215acacf52d37b55c9b0d5f205049d98b70de6621
6
+ metadata.gz: 1698abecd6ad8f8f76ee0cea45a3e6de1ce4c483b1f5082be060cda480e2e4bef7bdb261f5ed5baf6bc9d243f1a1e948b85f4b755f0a999376fcd9dbe59d1def
7
+ data.tar.gz: da7e963cadddbe85148b28f8a0f4247e36f51d8f9ed6ccd502d0f69f04657180cc1b6c57642b022e7235cf11ed9abfd4be90f95d264918282d59231ba28e2222
@@ -30,6 +30,7 @@ jobs:
30
30
  - "2.7"
31
31
  - "3.0"
32
32
  - "3.1"
33
+ - "3.2"
33
34
  name: Ruby ${{ matrix.ruby }}
34
35
  steps:
35
36
  - uses: actions/checkout@v2
data/CHANGELOG.md CHANGED
@@ -2,37 +2,60 @@
2
2
 
3
3
  All notable changes to this project will be documented in this file.
4
4
 
5
- The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
5
+ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)
6
6
  and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
7
7
 
8
- ## [1.2.1] - 2022-07-15
8
+ ## [v3.0.0](https://github.com/smortex/internet_security_event/tree/v3.0.0) (2023-04-17)
9
+
10
+ [Full Changelog](https://github.com/smortex/internet_security_event/compare/v2.0.0...v3.0.0)
11
+
12
+ **Breaking changes:**
13
+
14
+ - Add support for verifying CRL [\#4](https://github.com/smortex/internet_security_event/pull/4) ([smortex](https://github.com/smortex))
15
+
16
+ ## [v2.0.0](https://github.com/smortex/internet_security_event/tree/v2.0.0) (2022-07-16)
17
+
18
+ [Full Changelog](https://github.com/smortex/internet_security_event/compare/v1.2.1...v2.0.0)
19
+
20
+ **Breaking changes:**
21
+
22
+ - Bump activesupport to 6.x [\#2](https://github.com/smortex/internet_security_event/pull/2) ([smortex](https://github.com/smortex))
23
+
24
+ **Merged pull requests:**
25
+
26
+ - Integrate github\_changelog\_generator [\#1](https://github.com/smortex/internet_security_event/pull/1) ([smortex](https://github.com/smortex))
27
+
28
+ ## [v1.2.1] - 2022-07-15
9
29
 
10
30
  ### Changed
11
31
  - Emit a `warning` state instead of a `warn` state to match Riemann wording.
12
32
 
13
- ## [1.2.0] - 2019-02-28
33
+ ## [v1.2.0] - 2019-02-28
14
34
 
15
35
  ### Changed
16
36
  - Rely on `OpenSSL::SSL.verify_certificate_identity` to check that a certificate
17
37
  is valid for the provided hostname.
18
38
 
19
- ## [1.1.0] - 2019-02-21
39
+ ## [v1.1.0] - 2019-02-21
20
40
 
21
41
  ### Added
22
42
  - Add basic suport for TLSA events.
23
43
 
24
- ## [1.0.2] - 2019-02-21
44
+ ## [v1.0.2] - 2019-02-21
25
45
 
26
46
  ### Changed
27
47
  - Fix checking of TLS hostnames with wildcard certificates.
28
48
 
29
- ## [1.0.1] - 2019-02-18
49
+ ## [v1.0.1] - 2019-02-18
30
50
 
31
51
  ### Changed
32
52
  - Improve the way TLS certificates state is computed.
33
53
 
34
- [Unreleased]: https://github.com/smortex/internet_security_event/compare/v1.2.0...HEAD
35
- [1.2.0]: https://github.com/smortex/internet_security_event/compare/v1.1.0...v1.2.0
36
- [1.1.0]: https://github.com/smortex/internet_security_event/compare/v1.0.2...v1.1.0
37
- [1.0.2]: https://github.com/smortex/internet_security_event/compare/v1.0.1...v1.0.2
38
- [1.0.1]: https://github.com/smortex/internet_security_event/compare/v1.0.0...v1.0.1
54
+ [v1.2.1]: https://github.com/smortex/internet_security_event/compare/v1.2.0...v1.2.1
55
+ [v1.2.0]: https://github.com/smortex/internet_security_event/compare/v1.1.0...v1.2.0
56
+ [v1.1.0]: https://github.com/smortex/internet_security_event/compare/v1.0.2...v1.1.0
57
+ [v1.0.2]: https://github.com/smortex/internet_security_event/compare/v1.0.1...v1.0.2
58
+ [v1.0.1]: https://github.com/smortex/internet_security_event/compare/v1.0.0...v1.0.1
59
+
60
+
61
+ \* *This Changelog was automatically generated by [github_changelog_generator](https://github.com/github-changelog-generator/github-changelog-generator)*
data/HISTORY.md ADDED
@@ -0,0 +1,31 @@
1
+ ## [v1.2.1] - 2022-07-15
2
+
3
+ ### Changed
4
+ - Emit a `warning` state instead of a `warn` state to match Riemann wording.
5
+
6
+ ## [v1.2.0] - 2019-02-28
7
+
8
+ ### Changed
9
+ - Rely on `OpenSSL::SSL.verify_certificate_identity` to check that a certificate
10
+ is valid for the provided hostname.
11
+
12
+ ## [v1.1.0] - 2019-02-21
13
+
14
+ ### Added
15
+ - Add basic suport for TLSA events.
16
+
17
+ ## [v1.0.2] - 2019-02-21
18
+
19
+ ### Changed
20
+ - Fix checking of TLS hostnames with wildcard certificates.
21
+
22
+ ## [v1.0.1] - 2019-02-18
23
+
24
+ ### Changed
25
+ - Improve the way TLS certificates state is computed.
26
+
27
+ [v1.2.1]: https://github.com/smortex/internet_security_event/compare/v1.2.0...v1.2.1
28
+ [v1.2.0]: https://github.com/smortex/internet_security_event/compare/v1.1.0...v1.2.0
29
+ [v1.1.0]: https://github.com/smortex/internet_security_event/compare/v1.0.2...v1.1.0
30
+ [v1.0.2]: https://github.com/smortex/internet_security_event/compare/v1.0.1...v1.0.2
31
+ [v1.0.1]: https://github.com/smortex/internet_security_event/compare/v1.0.0...v1.0.1
data/Rakefile CHANGED
@@ -1,8 +1,27 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  require 'bundler/gem_tasks'
4
+ require 'github_changelog_generator/task'
4
5
  require 'rspec/core/rake_task'
5
6
 
6
7
  RSpec::Core::RakeTask.new(:spec)
7
8
 
9
+ GitHubChangelogGenerator::RakeTask.new :changelog do |config|
10
+ config.header = <<~HEADER.chomp
11
+ # Changelog
12
+
13
+ All notable changes to this project will be documented in this file.
14
+
15
+ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)
16
+ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
17
+ HEADER
18
+ config.exclude_labels = %w[duplicate question invalid wontfix wont-fix skip-changelog ignore]
19
+ config.user = 'smortex'
20
+ config.project = 'internet_security_event'
21
+ config.since_tag = 'v1.2.1'
22
+ config.issues = false
23
+ require 'internet_security_event/version'
24
+ config.future_release = "v#{InternetSecurityEvent::VERSION}"
25
+ end
26
+
8
27
  task default: :spec
@@ -24,9 +24,10 @@ Gem::Specification.new do |spec|
24
24
  spec.executables = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
25
25
  spec.require_paths = ['lib']
26
26
 
27
- spec.add_dependency 'activesupport', '~> 5.2'
27
+ spec.add_dependency 'activesupport', '~> 6.0'
28
28
 
29
29
  spec.add_development_dependency 'bundler'
30
+ spec.add_development_dependency 'github_changelog_generator'
30
31
  spec.add_development_dependency 'rake'
31
32
  spec.add_development_dependency 'rspec'
32
33
  spec.add_development_dependency 'rubocop'
@@ -1,9 +1,11 @@
1
1
  # frozen_string_literal: true
2
2
 
3
- require 'internet_security_event/x509_status'
3
+ require 'internet_security_event/x509_certificate_status'
4
4
 
5
5
  module InternetSecurityEvent
6
- class TLSStatus < X509Status
6
+ class TLSStatus < X509CertificateStatus
7
+ attr_reader :hostname
8
+
7
9
  def initialize(hostname, certificate)
8
10
  @hostname = hostname
9
11
  super(certificate)
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module InternetSecurityEvent
4
- VERSION = '1.2.1'
4
+ VERSION = '3.0.0'
5
5
  end
@@ -0,0 +1,37 @@
1
+ # frozen_string_literal: true
2
+
3
+ require 'internet_security_event/x509_status'
4
+
5
+ module InternetSecurityEvent
6
+ class X509CertificateRevocationListStatus < X509Status
7
+ attr_reader :crl
8
+
9
+ def initialize(crl)
10
+ @crl = crl
11
+
12
+ super()
13
+ end
14
+
15
+ def description
16
+ super('crl')
17
+ end
18
+
19
+ def to_e
20
+ super.merge({
21
+ issuer: crl.issuer.to_s,
22
+ last_update: crl.last_update.to_s,
23
+ next_update: crl.next_update.to_s,
24
+ })
25
+ end
26
+
27
+ private
28
+
29
+ def not_before
30
+ crl.last_update
31
+ end
32
+
33
+ def not_after
34
+ crl.next_update
35
+ end
36
+ end
37
+ end
@@ -0,0 +1,39 @@
1
+ # frozen_string_literal: true
2
+
3
+ require 'internet_security_event/x509_status'
4
+
5
+ module InternetSecurityEvent
6
+ class X509CertificateStatus < X509Status
7
+ attr_reader :certificate
8
+
9
+ def initialize(certificate)
10
+ @certificate = certificate
11
+
12
+ super()
13
+ end
14
+
15
+ def description
16
+ super('certificate')
17
+ end
18
+
19
+ def to_e
20
+ super.merge({
21
+ subject: certificate.subject.to_s,
22
+ issuer: certificate.issuer.to_s,
23
+ serial: certificate.serial.to_i,
24
+ not_before: certificate.not_before.to_s,
25
+ not_after: certificate.not_after.to_s,
26
+ })
27
+ end
28
+
29
+ private
30
+
31
+ def not_before
32
+ certificate.not_before
33
+ end
34
+
35
+ def not_after
36
+ certificate.not_after
37
+ end
38
+ end
39
+ end
@@ -4,27 +4,20 @@ require 'active_support/core_ext/numeric/time'
4
4
 
5
5
  module InternetSecurityEvent
6
6
  class X509Status
7
- attr_reader :certificate, :hostname
8
-
9
- def initialize(certificate)
10
- @certificate = certificate
11
- end
12
-
13
- def self.build(certificate)
14
- obj = new(certificate)
7
+ def self.build(object)
8
+ obj = if object.is_a?(OpenSSL::X509::Certificate)
9
+ X509CertificateStatus.new(object)
10
+ elsif object.is_a?(OpenSSL::X509::CRL)
11
+ X509CertificateRevocationListStatus.new(object)
12
+ end
15
13
  obj.to_e
16
14
  end
17
15
 
18
- def to_e # rubocop:disable Metrics/AbcSize
16
+ def to_e
19
17
  {
20
18
  state: state,
21
19
  description: description,
22
20
  metric: metric,
23
- subject: certificate.subject.to_s,
24
- issuer: certificate.issuer.to_s,
25
- serial: certificate.serial.to_i,
26
- not_before: certificate.not_before.to_s,
27
- not_after: certificate.not_after.to_s,
28
21
  }
29
22
  end
30
23
 
@@ -34,11 +27,15 @@ module InternetSecurityEvent
34
27
 
35
28
  private
36
29
 
37
- def description
38
- return "certificate will become valid in #{distance_of_time_in_words_to_now(certificate.not_before)}" if not_valid_yet?
39
- return "certificate has expired #{distance_of_time_in_words_to_now(certificate.not_after)} ago" if expired?
30
+ # Define these method in sub-classes
31
+ # def not_before; end
32
+ # def not_after; end
33
+
34
+ def description(name)
35
+ return "#{name} will become valid in #{distance_of_time_in_words_to_now(not_before)}" if not_valid_yet?
36
+ return "#{name} has expired #{distance_of_time_in_words_to_now(not_after)} ago" if expired?
40
37
 
41
- "certificate will expire in #{distance_of_time_in_words_to_now(certificate.not_after)}"
38
+ "#{name} will expire in #{distance_of_time_in_words_to_now(not_after)}"
42
39
  end
43
40
 
44
41
  def state
@@ -52,27 +49,27 @@ module InternetSecurityEvent
52
49
  end
53
50
 
54
51
  def metric
55
- certificate.not_after - now
52
+ not_after - now
56
53
  end
57
54
 
58
55
  def not_valid_yet?
59
- now < certificate.not_before
56
+ now < not_before
60
57
  end
61
58
 
62
59
  def expired_or_expire_soon?
63
- now + renewal_duration / 3 > certificate.not_after
60
+ now + renewal_duration / 3 > not_after
64
61
  end
65
62
 
66
63
  def expired?
67
- now > certificate.not_after
64
+ now > not_after
68
65
  end
69
66
 
70
67
  def expire_soonish?
71
- now + 2 * renewal_duration / 3 > certificate.not_after
68
+ now + 2 * renewal_duration / 3 > not_after
72
69
  end
73
70
 
74
71
  def validity_duration
75
- certificate.not_after - certificate.not_before
72
+ not_after - not_before
76
73
  end
77
74
 
78
75
  def now
@@ -4,4 +4,6 @@ require 'internet_security_event/now'
4
4
  require 'internet_security_event/tls_status'
5
5
  require 'internet_security_event/tlsa_status'
6
6
  require 'internet_security_event/x509_status'
7
+ require 'internet_security_event/x509_certificate_status'
8
+ require 'internet_security_event/x509_certificate_revocation_list_status'
7
9
  require 'resolv/dns/resource/in/tlsa'
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: internet_security_event
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.2.1
4
+ version: 3.0.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Romain Tartière
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2022-07-16 00:00:00.000000000 Z
11
+ date: 2023-04-17 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: activesupport
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - "~>"
18
18
  - !ruby/object:Gem::Version
19
- version: '5.2'
19
+ version: '6.0'
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - "~>"
25
25
  - !ruby/object:Gem::Version
26
- version: '5.2'
26
+ version: '6.0'
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: bundler
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -38,6 +38,20 @@ dependencies:
38
38
  - - ">="
39
39
  - !ruby/object:Gem::Version
40
40
  version: '0'
41
+ - !ruby/object:Gem::Dependency
42
+ name: github_changelog_generator
43
+ requirement: !ruby/object:Gem::Requirement
44
+ requirements:
45
+ - - ">="
46
+ - !ruby/object:Gem::Version
47
+ version: '0'
48
+ type: :development
49
+ prerelease: false
50
+ version_requirements: !ruby/object:Gem::Requirement
51
+ requirements:
52
+ - - ">="
53
+ - !ruby/object:Gem::Version
54
+ version: '0'
41
55
  - !ruby/object:Gem::Dependency
42
56
  name: rake
43
57
  requirement: !ruby/object:Gem::Requirement
@@ -136,6 +150,7 @@ files:
136
150
  - CHANGELOG.md
137
151
  - CODE_OF_CONDUCT.md
138
152
  - Gemfile
153
+ - HISTORY.md
139
154
  - LICENSE.txt
140
155
  - README.md
141
156
  - Rakefile
@@ -147,6 +162,8 @@ files:
147
162
  - lib/internet_security_event/tls_status.rb
148
163
  - lib/internet_security_event/tlsa_status.rb
149
164
  - lib/internet_security_event/version.rb
165
+ - lib/internet_security_event/x509_certificate_revocation_list_status.rb
166
+ - lib/internet_security_event/x509_certificate_status.rb
150
167
  - lib/internet_security_event/x509_status.rb
151
168
  - lib/resolv/dns/resource/in/tlsa.rb
152
169
  homepage: https://github.com/smortex/internet_security_event
@@ -168,7 +185,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
168
185
  - !ruby/object:Gem::Version
169
186
  version: '0'
170
187
  requirements: []
171
- rubygems_version: 3.3.17
188
+ rubygems_version: 3.4.10
172
189
  signing_key:
173
190
  specification_version: 4
174
191
  summary: Build events describing the status of various internet services