logstash-codec-idmef 0.9.2 → 0.9.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -1,7 +1,7 @@
1
1
  Gem::Specification.new do |s|
2
2
 
3
3
  s.name = 'logstash-codec-idmef'
4
- s.version = '0.9.2'
4
+ s.version = '0.9.3'
5
5
  s.licenses = ['Apache License (2.0)']
6
6
  s.summary = "Create IDMEF in XML"
7
7
  s.description = "This gem is a Logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/logstash-plugin install gemname. This gem is not a stand-alone program"
@@ -6,20 +6,110 @@ require 'insist'
6
6
 
7
7
  describe LogStash::Codecs::IDMEF do
8
8
 
9
- context "encode IDMEF" do
10
- subject(:codec) { LogStash::Codecs::IDMEF.new }
9
+ context "Encode IDMEF" do
10
+ describe "with default configuration" do
11
+ let(:config) { {"paths" => {"alert.messageid" => "67a63ad4-11b9-4ee2-8aee-d1c032a13b35",
12
+ "alert.analyzer(0).analyzerid" => "localhost.localdomain"
13
+ },
14
+ "validate_xml" => "true"
15
+ }
16
+ }
17
+ subject(:codec) { LogStash::Codecs::IDMEF.new(config) }
18
+
19
+ let(:expected_result) { %Q(<?xml version=\"1.0\"?><idmef:IDMEF-Message xmlns:idmef=\"http://iana.org/idmef\"><idmef:Alert messageid=\"67a63ad4-11b9-4ee2-8aee-d1c032a13b35\"><idmef:Analyzer analyzerid=\"localhost.localdomain\"/><idmef:CreateTime ntpstamp=\"0xe274b756.0xc20c49ba\">2020-05-24T09:05:26+00:00</idmef:CreateTime><idmef:DetectTime ntpstamp=\"0xe274b756.0xc20c49ba\">2020-05-24T09:05:26+00:00</idmef:DetectTime><idmef:AnalyzerTime ntpstamp=\"0xe274b756.0xc20c49ba\">2020-05-24T09:05:26+00:00</idmef:AnalyzerTime><idmef:Target decoy=\"unknown\"><idmef:Node category=\"unknown\"><idmef:name>localhost.localdomain</idmef:name></idmef:Node></idmef:Target><idmef:Classification text=\"Login attempt\"/><idmef:AdditionalData meaning=\"@version\" type=\"string\"><idmef:string>1</idmef:string></idmef:AdditionalData></idmef:Alert></idmef:IDMEF-Message>\n)}
20
+ let(:results) { [] }
21
+
22
+ it "should return proper IDMEF XML from event" do
23
+ codec.on_event{|data, newdata| results << newdata}
24
+ event = LogStash::Event.new("@timestamp" => DateTime.parse("2020-05-24T09:05:26.758Z").to_time,
25
+ "host" => "localhost.localdomain",
26
+ "message" => "Login attempt",
27
+ "@version" => "1",
28
+ "msg" => "")
29
+ codec.encode(event)
30
+ insist {results.first} == expected_result
31
+ end
32
+ end
33
+
34
+ describe "with additionaldata disabled" do
35
+ let(:config) { {"paths" => {"alert.messageid" => "67a63ad4-11b9-4ee2-8aee-d1c032a13b35",
36
+ "alert.analyzer(0).analyzerid" => "localhost.localdomain"
37
+ },
38
+ "validate_xml" => "true",
39
+ "additionaldata" => "false"
40
+ }
41
+ }
42
+ subject(:codec) { LogStash::Codecs::IDMEF.new(config) }
43
+
44
+ let(:expected_result) { %Q(<?xml version=\"1.0\"?><idmef:IDMEF-Message xmlns:idmef=\"http://iana.org/idmef\"><idmef:Alert messageid=\"67a63ad4-11b9-4ee2-8aee-d1c032a13b35\"><idmef:Analyzer analyzerid=\"localhost.localdomain\"/><idmef:CreateTime ntpstamp=\"0xe274b756.0xc20c49ba\">2020-05-24T09:05:26+00:00</idmef:CreateTime><idmef:DetectTime ntpstamp=\"0xe274b756.0xc20c49ba\">2020-05-24T09:05:26+00:00</idmef:DetectTime><idmef:AnalyzerTime ntpstamp=\"0xe274b756.0xc20c49ba\">2020-05-24T09:05:26+00:00</idmef:AnalyzerTime><idmef:Target decoy=\"unknown\"><idmef:Node category=\"unknown\"><idmef:name>localhost.localdomain</idmef:name></idmef:Node></idmef:Target><idmef:Classification text=\"Login attempt\"/></idmef:Alert></idmef:IDMEF-Message>\n)}
45
+ let(:results) { [] }
46
+
47
+ it "should return proper IDMEF XML from event" do
48
+ codec.on_event{|data, newdata| results << newdata}
49
+ event = LogStash::Event.new("@timestamp" => DateTime.parse("2020-05-24T09:05:26.758Z").to_time,
50
+ "host" => "localhost.localdomain",
51
+ "message" => "Login attempt",
52
+ "@version" => "1",
53
+ "msg" => "")
54
+ codec.encode(event)
55
+ insist {results.first} == expected_result
56
+ end
57
+ end
58
+
59
+ describe "with defaults paths disabled" do
60
+ let(:config) { {"paths" => {"alert.messageid" => "67a63ad4-11b9-4ee2-8aee-d1c032a13b35",
61
+ "alert.analyzer(0).analyzerid" => "localhost.localdomain",
62
+ "alert.create_time" => "%{@timestamp}",
63
+ "alert.classification.text" => "%{message}"
64
+ },
65
+ "validate_xml" => "true",
66
+ "defaults" => "false"
67
+ }
68
+ }
69
+ subject(:codec) { LogStash::Codecs::IDMEF.new(config) }
70
+
71
+ let(:expected_result) { %Q(<?xml version=\"1.0\"?><idmef:IDMEF-Message xmlns:idmef=\"http://iana.org/idmef\"><idmef:Alert messageid=\"67a63ad4-11b9-4ee2-8aee-d1c032a13b35\"><idmef:Analyzer analyzerid=\"localhost.localdomain\"/><idmef:CreateTime ntpstamp=\"0xe274b756.0xc20c49ba\">2020-05-24T09:05:26+00:00</idmef:CreateTime><idmef:Classification text=\"Login attempt\"/><idmef:AdditionalData meaning=\"host\" type=\"string\"><idmef:string>localhost.localdomain</idmef:string></idmef:AdditionalData><idmef:AdditionalData meaning=\"@version\" type=\"string\"><idmef:string>1</idmef:string></idmef:AdditionalData></idmef:Alert></idmef:IDMEF-Message>\n)}
72
+ let(:results) { [] }
73
+
74
+ it "should return proper IDMEF XML from event" do
75
+ codec.on_event{|data, newdata| results << newdata}
76
+ event = LogStash::Event.new("@timestamp" => DateTime.parse("2020-05-24T09:05:26.758Z").to_time,
77
+ "host" => "localhost.localdomain",
78
+ "message" => "Login attempt",
79
+ "@version" => "1",
80
+ "msg" => "")
81
+ codec.encode(event)
82
+ insist {results.first} == expected_result
83
+ end
84
+ end
11
85
 
12
- let(:expected_result) { %Q(<?xml version=\"1.0\"?><idmef:IDMEF-Message xmlns:idmef=\"http://iana.org/idmef\"><idmef:Alert messageid=\"67a63ad4-11b9-4ee2-8aee-d1c032a13b35\"><idmef:Analyzer analyzerid=\"localhost.localdomain\"/><idmef:CreateTime>2020-05-24T09:05:26+00:00</idmef:CreateTime><idmef:DetectTime>2020-05-24T09:05:26+00:00</idmef:DetectTime><idmef:AnalyzerTime>2020-05-24T09:05:26+00:00</idmef:AnalyzerTime><idmef:Target decoy=\"unknown\"><idmef:Node category=\"unknown\"><idmef:name>localhost.localdomain</idmef:name></idmef:Node></idmef:Target><idmef:Classification text=\"Login attempt\"/><idmef:AdditionalData meaning=\"@version\" type=\"string\"><idmef:string>1</idmef:string></idmef:AdditionalData></idmef:Alert></idmef:IDMEF-Message>\n)}
13
- let(:results) { []}
14
-
15
- it "should return proper IDMEF XML from event" do
16
- codec.on_event{|data, newdata| results << newdata}
17
- codec.paths = {"alert.messageid" => "67a63ad4-11b9-4ee2-8aee-d1c032a13b35" }
18
- event = LogStash::Event.new("@timestamp" => DateTime.parse("2020-05-24T09:05:26.758Z").to_time, "host" => "localhost.localdomain", "message" => "Login attempt", "@version" => "1", "msg" => "")
19
- codec.encode(event)
20
- insist {results.first} == expected_result
86
+ describe "with defaults paths and additionaldata disabled" do
87
+ let(:config) { {"paths" => {"alert.messageid" => "67a63ad4-11b9-4ee2-8aee-d1c032a13b35",
88
+ "alert.analyzer(0).analyzerid" => "localhost.localdomain",
89
+ "alert.create_time" => "%{@timestamp}",
90
+ "alert.classification.text" => "%{message}"
91
+ },
92
+ "validate_xml" => "true",
93
+ "defaults" => "false",
94
+ "additionaldata" => "false"
95
+ }
96
+ }
97
+ subject(:codec) { LogStash::Codecs::IDMEF.new(config) }
98
+
99
+ let(:expected_result) { %Q(<?xml version=\"1.0\"?><idmef:IDMEF-Message xmlns:idmef=\"http://iana.org/idmef\"><idmef:Alert messageid=\"67a63ad4-11b9-4ee2-8aee-d1c032a13b35\"><idmef:Analyzer analyzerid=\"localhost.localdomain\"/><idmef:CreateTime ntpstamp=\"0xe274b756.0xc20c49ba\">2020-05-24T09:05:26+00:00</idmef:CreateTime><idmef:Classification text=\"Login attempt\"/></idmef:Alert></idmef:IDMEF-Message>\n)}
100
+ let(:results) { [] }
101
+
102
+ it "should return proper IDMEF XML from event" do
103
+ codec.on_event{|data, newdata| results << newdata}
104
+ event = LogStash::Event.new("@timestamp" => DateTime.parse("2020-05-24T09:05:26.758Z").to_time,
105
+ "host" => "localhost.localdomain",
106
+ "message" => "Login attempt",
107
+ "@version" => "1",
108
+ "msg" => "")
109
+ codec.encode(event)
110
+ insist {results.first} == expected_result
111
+ end
21
112
  end
22
113
 
23
114
  end
24
-
25
115
  end
metadata CHANGED
@@ -1,16 +1,17 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: logstash-codec-idmef
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.9.2
4
+ version: 0.9.3
5
5
  platform: ruby
6
6
  authors:
7
7
  - Prelude Team
8
- autorequire:
8
+ autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2020-05-24 00:00:00.000000000 Z
11
+ date: 2020-06-07 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
+ name: logstash-core-plugin-api
14
15
  requirement: !ruby/object:Gem::Requirement
15
16
  requirements:
16
17
  - - ">="
@@ -19,9 +20,8 @@ dependencies:
19
20
  - - "<="
20
21
  - !ruby/object:Gem::Version
21
22
  version: '2.99'
22
- name: logstash-core-plugin-api
23
- prerelease: false
24
23
  type: :runtime
24
+ prerelease: false
25
25
  version_requirements: !ruby/object:Gem::Requirement
26
26
  requirements:
27
27
  - - ">="
@@ -31,56 +31,56 @@ dependencies:
31
31
  - !ruby/object:Gem::Version
32
32
  version: '2.99'
33
33
  - !ruby/object:Gem::Dependency
34
+ name: logstash-codec-plain
34
35
  requirement: !ruby/object:Gem::Requirement
35
36
  requirements:
36
37
  - - ">="
37
38
  - !ruby/object:Gem::Version
38
39
  version: '0'
39
- name: logstash-codec-plain
40
- prerelease: false
41
40
  type: :runtime
41
+ prerelease: false
42
42
  version_requirements: !ruby/object:Gem::Requirement
43
43
  requirements:
44
44
  - - ">="
45
45
  - !ruby/object:Gem::Version
46
46
  version: '0'
47
47
  - !ruby/object:Gem::Dependency
48
+ name: nokogiri
48
49
  requirement: !ruby/object:Gem::Requirement
49
50
  requirements:
50
51
  - - ">="
51
52
  - !ruby/object:Gem::Version
52
53
  version: '0'
53
- name: nokogiri
54
- prerelease: false
55
54
  type: :runtime
55
+ prerelease: false
56
56
  version_requirements: !ruby/object:Gem::Requirement
57
57
  requirements:
58
58
  - - ">="
59
59
  - !ruby/object:Gem::Version
60
60
  version: '0'
61
61
  - !ruby/object:Gem::Dependency
62
+ name: logstash-devutils
62
63
  requirement: !ruby/object:Gem::Requirement
63
64
  requirements:
64
65
  - - ">="
65
66
  - !ruby/object:Gem::Version
66
67
  version: '0'
67
- name: logstash-devutils
68
- prerelease: false
69
68
  type: :development
69
+ prerelease: false
70
70
  version_requirements: !ruby/object:Gem::Requirement
71
71
  requirements:
72
72
  - - ">="
73
73
  - !ruby/object:Gem::Version
74
74
  version: '0'
75
75
  - !ruby/object:Gem::Dependency
76
+ name: insist
76
77
  requirement: !ruby/object:Gem::Requirement
77
78
  requirements:
78
79
  - - ">="
79
80
  - !ruby/object:Gem::Version
80
81
  version: '0'
81
- name: insist
82
- prerelease: false
83
82
  type: :development
83
+ prerelease: false
84
84
  version_requirements: !ruby/object:Gem::Requirement
85
85
  requirements:
86
86
  - - ">="
@@ -102,6 +102,7 @@ files:
102
102
  - NOTICE.TXT
103
103
  - README.md
104
104
  - docs/index.asciidoc
105
+ - lib/logstash/codecs/idmef-message.dtd
105
106
  - lib/logstash/codecs/idmef.rb
106
107
  - logstash-codec-idmef.gemspec
107
108
  - spec/codecs/idmef_spec.rb
@@ -111,7 +112,7 @@ licenses:
111
112
  metadata:
112
113
  logstash_plugin: 'true'
113
114
  logstash_group: codec
114
- post_install_message:
115
+ post_install_message:
115
116
  rdoc_options: []
116
117
  require_paths:
117
118
  - lib
@@ -126,9 +127,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
126
127
  - !ruby/object:Gem::Version
127
128
  version: '0'
128
129
  requirements: []
129
- rubyforge_project:
130
- rubygems_version: 2.7.10
131
- signing_key:
130
+ rubygems_version: 3.1.2
131
+ signing_key:
132
132
  specification_version: 4
133
133
  summary: Create IDMEF in XML
134
134
  test_files: