RubyGems - logstash-codec-idmef - Versions diffs - 0.9.2 → 0.9.3 - Mend

logstash-codec-idmef 0.9.2 → 0.9.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +3 -0
data/docs/index.asciidoc +61 -22
data/lib/logstash/codecs/idmef-message.dtd +661 -0
data/lib/logstash/codecs/idmef.rb +283 -202
data/logstash-codec-idmef.gemspec +1 -1
data/spec/codecs/idmef_spec.rb +102 -12
metadata +17 -17

data/logstash-codec-idmef.gemspec CHANGED

@@ -1,7 +1,7 @@
 Gem::Specification.new do |s|
   s.name            = 'logstash-codec-idmef'
-  s.version         = '0.9.2'
+  s.version         = '0.9.3'
   s.licenses        = ['Apache License (2.0)']
   s.summary         = "Create IDMEF in XML"
   s.description     = "This gem is a Logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/logstash-plugin install gemname. This gem is not a stand-alone program"

data/spec/codecs/idmef_spec.rb CHANGED

@@ -6,20 +6,110 @@ require 'insist'
 describe LogStash::Codecs::IDMEF do
-  context "encode IDMEF" do
-    subject(:codec) { LogStash::Codecs::IDMEF.new }
+  context "Encode IDMEF" do
+    describe "with default configuration" do
+      let(:config) { {"paths" => {"alert.messageid" => "67a63ad4-11b9-4ee2-8aee-d1c032a13b35",
+                                  "alert.analyzer(0).analyzerid" => "localhost.localdomain"
+                                 },
+                      "validate_xml" => "true"
+                     }
+                   }
+      subject(:codec) { LogStash::Codecs::IDMEF.new(config) }
+      let(:expected_result)   { %Q(<?xml version=\"1.0\"?><idmef:IDMEF-Message xmlns:idmef=\"http://iana.org/idmef\"><idmef:Alert messageid=\"67a63ad4-11b9-4ee2-8aee-d1c032a13b35\"><idmef:Analyzer analyzerid=\"localhost.localdomain\"/><idmef:CreateTime ntpstamp=\"0xe274b756.0xc20c49ba\">2020-05-24T09:05:26+00:00</idmef:CreateTime><idmef:DetectTime ntpstamp=\"0xe274b756.0xc20c49ba\">2020-05-24T09:05:26+00:00</idmef:DetectTime><idmef:AnalyzerTime ntpstamp=\"0xe274b756.0xc20c49ba\">2020-05-24T09:05:26+00:00</idmef:AnalyzerTime><idmef:Target decoy=\"unknown\"><idmef:Node category=\"unknown\"><idmef:name>localhost.localdomain</idmef:name></idmef:Node></idmef:Target><idmef:Classification text=\"Login attempt\"/><idmef:AdditionalData meaning=\"@version\" type=\"string\"><idmef:string>1</idmef:string></idmef:AdditionalData></idmef:Alert></idmef:IDMEF-Message>\n)}
+      let(:results) { [] }
+      it "should return proper IDMEF XML from event" do
+        codec.on_event{|data, newdata| results << newdata}
+        event = LogStash::Event.new("@timestamp" => DateTime.parse("2020-05-24T09:05:26.758Z").to_time,
+                                    "host" => "localhost.localdomain",
+                                    "message" => "Login attempt",
+                                    "@version" => "1",
+                                    "msg" => "")
+        codec.encode(event)
+        insist {results.first} == expected_result
+      end
+    end
+    describe "with additionaldata disabled" do
+      let(:config) { {"paths" => {"alert.messageid" => "67a63ad4-11b9-4ee2-8aee-d1c032a13b35",
+                                  "alert.analyzer(0).analyzerid" => "localhost.localdomain"
+                                 },
+                      "validate_xml" => "true",
+                      "additionaldata" => "false"
+                     }
+                   }
+      subject(:codec) { LogStash::Codecs::IDMEF.new(config) }
+      let(:expected_result)   { %Q(<?xml version=\"1.0\"?><idmef:IDMEF-Message xmlns:idmef=\"http://iana.org/idmef\"><idmef:Alert messageid=\"67a63ad4-11b9-4ee2-8aee-d1c032a13b35\"><idmef:Analyzer analyzerid=\"localhost.localdomain\"/><idmef:CreateTime ntpstamp=\"0xe274b756.0xc20c49ba\">2020-05-24T09:05:26+00:00</idmef:CreateTime><idmef:DetectTime ntpstamp=\"0xe274b756.0xc20c49ba\">2020-05-24T09:05:26+00:00</idmef:DetectTime><idmef:AnalyzerTime ntpstamp=\"0xe274b756.0xc20c49ba\">2020-05-24T09:05:26+00:00</idmef:AnalyzerTime><idmef:Target decoy=\"unknown\"><idmef:Node category=\"unknown\"><idmef:name>localhost.localdomain</idmef:name></idmef:Node></idmef:Target><idmef:Classification text=\"Login attempt\"/></idmef:Alert></idmef:IDMEF-Message>\n)}
+      let(:results) { [] }
+      it "should return proper IDMEF XML from event" do
+        codec.on_event{|data, newdata| results << newdata}
+        event = LogStash::Event.new("@timestamp" => DateTime.parse("2020-05-24T09:05:26.758Z").to_time,
+                                    "host" => "localhost.localdomain",
+                                    "message" => "Login attempt",
+                                    "@version" => "1",
+                                    "msg" => "")
+        codec.encode(event)
+        insist {results.first} == expected_result
+      end
+    end
+    describe "with defaults paths disabled" do
+      let(:config) { {"paths" => {"alert.messageid" => "67a63ad4-11b9-4ee2-8aee-d1c032a13b35",
+                                  "alert.analyzer(0).analyzerid" => "localhost.localdomain",
+                                  "alert.create_time" => "%{@timestamp}",
+                                  "alert.classification.text" => "%{message}"
+                                 },
+                      "validate_xml" => "true",
+                      "defaults" => "false"
+                     }
+                   }
+      subject(:codec) { LogStash::Codecs::IDMEF.new(config) }
+      let(:expected_result)   { %Q(<?xml version=\"1.0\"?><idmef:IDMEF-Message xmlns:idmef=\"http://iana.org/idmef\"><idmef:Alert messageid=\"67a63ad4-11b9-4ee2-8aee-d1c032a13b35\"><idmef:Analyzer analyzerid=\"localhost.localdomain\"/><idmef:CreateTime ntpstamp=\"0xe274b756.0xc20c49ba\">2020-05-24T09:05:26+00:00</idmef:CreateTime><idmef:Classification text=\"Login attempt\"/><idmef:AdditionalData meaning=\"host\" type=\"string\"><idmef:string>localhost.localdomain</idmef:string></idmef:AdditionalData><idmef:AdditionalData meaning=\"@version\" type=\"string\"><idmef:string>1</idmef:string></idmef:AdditionalData></idmef:Alert></idmef:IDMEF-Message>\n)}
+      let(:results) { [] }
+      it "should return proper IDMEF XML from event" do
+        codec.on_event{|data, newdata| results << newdata}
+        event = LogStash::Event.new("@timestamp" => DateTime.parse("2020-05-24T09:05:26.758Z").to_time,
+                                    "host" => "localhost.localdomain",
+                                    "message" => "Login attempt",
+                                    "@version" => "1",
+                                    "msg" => "")
+        codec.encode(event)
+        insist {results.first} == expected_result
+      end
+    end
-    let(:expected_result)   { %Q(<?xml version=\"1.0\"?><idmef:IDMEF-Message xmlns:idmef=\"http://iana.org/idmef\"><idmef:Alert messageid=\"67a63ad4-11b9-4ee2-8aee-d1c032a13b35\"><idmef:Analyzer analyzerid=\"localhost.localdomain\"/><idmef:CreateTime>2020-05-24T09:05:26+00:00</idmef:CreateTime><idmef:DetectTime>2020-05-24T09:05:26+00:00</idmef:DetectTime><idmef:AnalyzerTime>2020-05-24T09:05:26+00:00</idmef:AnalyzerTime><idmef:Target decoy=\"unknown\"><idmef:Node category=\"unknown\"><idmef:name>localhost.localdomain</idmef:name></idmef:Node></idmef:Target><idmef:Classification text=\"Login attempt\"/><idmef:AdditionalData meaning=\"@version\" type=\"string\"><idmef:string>1</idmef:string></idmef:AdditionalData></idmef:Alert></idmef:IDMEF-Message>\n)}
-    let(:results) { []}
-    it "should return proper IDMEF XML from event" do
-      codec.on_event{|data, newdata| results << newdata}
-      codec.paths = {"alert.messageid" => "67a63ad4-11b9-4ee2-8aee-d1c032a13b35" }
-      event = LogStash::Event.new("@timestamp" => DateTime.parse("2020-05-24T09:05:26.758Z").to_time, "host" => "localhost.localdomain", "message" => "Login attempt", "@version" => "1", "msg" => "")
-      codec.encode(event)
-      insist {results.first} == expected_result
+    describe "with defaults paths and additionaldata disabled" do
+      let(:config) { {"paths" => {"alert.messageid" => "67a63ad4-11b9-4ee2-8aee-d1c032a13b35",
+                                  "alert.analyzer(0).analyzerid" => "localhost.localdomain",
+                                  "alert.create_time" => "%{@timestamp}",
+                                  "alert.classification.text" => "%{message}"
+                                 },
+                      "validate_xml" => "true",
+                      "defaults" => "false",
+                      "additionaldata" => "false"
+                     }
+                   }
+      subject(:codec) { LogStash::Codecs::IDMEF.new(config) }
+      let(:expected_result)   { %Q(<?xml version=\"1.0\"?><idmef:IDMEF-Message xmlns:idmef=\"http://iana.org/idmef\"><idmef:Alert messageid=\"67a63ad4-11b9-4ee2-8aee-d1c032a13b35\"><idmef:Analyzer analyzerid=\"localhost.localdomain\"/><idmef:CreateTime ntpstamp=\"0xe274b756.0xc20c49ba\">2020-05-24T09:05:26+00:00</idmef:CreateTime><idmef:Classification text=\"Login attempt\"/></idmef:Alert></idmef:IDMEF-Message>\n)}
+      let(:results) { [] }
+      it "should return proper IDMEF XML from event" do
+        codec.on_event{|data, newdata| results << newdata}
+        event = LogStash::Event.new("@timestamp" => DateTime.parse("2020-05-24T09:05:26.758Z").to_time,
+                                    "host" => "localhost.localdomain",
+                                    "message" => "Login attempt",
+                                    "@version" => "1",
+                                    "msg" => "")
+        codec.encode(event)
+        insist {results.first} == expected_result
+      end
     end
   end
 end

metadata CHANGED

@@ -1,16 +1,17 @@
 --- !ruby/object:Gem::Specification
 name: logstash-codec-idmef
 version: !ruby/object:Gem::Version
-  version: 0.9.2
+  version: 0.9.3
 platform: ruby
 authors:
 - Prelude Team
-autorequire:
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2020-05-24 00:00:00.000000000 Z
+date: 2020-06-07 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
+  name: logstash-core-plugin-api
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -19,9 +20,8 @@ dependencies:
     - - "<="
       - !ruby/object:Gem::Version
         version: '2.99'
-  name: logstash-core-plugin-api
-  prerelease: false
   type: :runtime
+  prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -31,56 +31,56 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '2.99'
 - !ruby/object:Gem::Dependency
+  name: logstash-codec-plain
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
-  name: logstash-codec-plain
-  prerelease: false
   type: :runtime
+  prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
+  name: nokogiri
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
-  name: nokogiri
-  prerelease: false
   type: :runtime
+  prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
+  name: logstash-devutils
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
-  name: logstash-devutils
-  prerelease: false
   type: :development
+  prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
+  name: insist
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
-  name: insist
-  prerelease: false
   type: :development
+  prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -102,6 +102,7 @@ files:
 - NOTICE.TXT
 - README.md
 - docs/index.asciidoc
+- lib/logstash/codecs/idmef-message.dtd
 - lib/logstash/codecs/idmef.rb
 - logstash-codec-idmef.gemspec
 - spec/codecs/idmef_spec.rb
@@ -111,7 +112,7 @@ licenses:
 metadata:
   logstash_plugin: 'true'
   logstash_group: codec
-post_install_message:
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -126,9 +127,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project:
-rubygems_version: 2.7.10
-signing_key:
+rubygems_version: 3.1.2
+signing_key:
 specification_version: 4
 summary: Create IDMEF in XML
 test_files: