logstash-input-akamai-siem 1.0.0

data/lib/logstash/inputs/akamai_siem/headers.rb

@@ -0,0 +1,142 @@
+# frozen_string_literal: true
+
+class LogStash::Inputs::AkamaiSiem::Headers < ::Hash
+  def self.from(value)
+    new(value)
+  end
+
+  def self.allocate
+    new_self = super
+    new_self.initialize_names
+    new_self
+  end
+
+  def initialize(hash = nil)
+    super()
+    @names = {}
+    update(hash || {})
+  end
+
+  def initialize_names
+    @names = {}
+  end
+
+  # on dup/clone, we need to duplicate @names hash
+  def initialize_copy(other)
+    super
+    @names = other.names.dup
+  end
+
+  # need to synchronize concurrent writes to the shared KeyMap
+  keymap_mutex = Mutex.new
+
+  # symbol -> string mapper + cache
+  KeyMap = Hash.new do |map, key|
+    value = if key.respond_to?(:to_str)
+              key
+            else
+              key.to_s.split('_') # user_agent: %w(user agent)
+                 .each(&:capitalize!) # => %w(User Agent)
+                 .join('-') # => "User-Agent"
+            end
+    keymap_mutex.synchronize { map[key] = value }
+  end
+  KeyMap[:etag] = 'ETag'
+
+  def [](key)
+    key = KeyMap[key]
+    super(key) || super(@names[key.downcase])
+  end
+
+  def []=(key, val)
+    key = KeyMap[key]
+    key = (@names[key.downcase] ||= key)
+    # join multiple values with a comma
+    val = val.to_ary.join(', ') if val.respond_to?(:to_ary)
+    super(key, val)
+  end
+
+  def fetch(key, ...)
+    key = KeyMap[key]
+    key = @names.fetch(key.downcase, key)
+    super(key, ...)
+  end
+
+  def delete(key)
+    key = KeyMap[key]
+    key = @names[key.downcase]
+    return unless key
+
+    @names.delete key.downcase
+    super(key)
+  end
+
+  def dig(key, *rest)
+    key = KeyMap[key]
+    key = @names.fetch(key.downcase, key)
+    super(key, *rest)
+  end
+
+  def include?(key)
+    @names.include? key.downcase
+  end
+
+  alias has_key? include?
+  alias member? include?
+  alias key? include?
+
+  def merge!(other)
+    other.each { |k, v| self[k] = v }
+    self
+  end
+
+  alias update merge!
+
+  def merge(other)
+    hash = dup
+    hash.merge! other
+  end
+
+  def replace(other)
+    clear
+    @names.clear
+    update other
+    self
+  end
+
+  def to_hash
+    {}.update(self)
+  end
+
+  def parse(header_string)
+    return unless header_string && !header_string.empty?
+
+    headers = header_string.split("\r\n")
+
+    # Find the last set of response headers.
+    start_index = headers.rindex { |x| x.start_with?('HTTP/') } || 0
+    last_response = headers.slice(start_index, headers.size)
+
+    last_response
+      .tap { |a| a.shift if a.first.start_with?('HTTP/') }
+      .map { |h| h.split(/:\s*/, 2) } # split key and value
+      .reject { |p| p[0].nil? } # ignore blank lines
+      .each { |key, value| add_parsed(key, value) }
+  end
+
+  protected
+
+  attr_reader :names
+
+  private
+
+  # Join multiple values with a comma.
+  def add_parsed(key, value)
+    if key?(key)
+      self[key] = self[key].to_s
+      self[key] << ', ' << value
+    else
+      self[key] = value
+    end
+  end
+end

data/lib/logstash/inputs/akamai_siem/middleware_registry.rb

@@ -0,0 +1,81 @@
+# frozen_string_literal: true
+
+require 'monitor'
+
+module LogStash::Inputs::AkamaiSiem::MiddlewareRegistry
+  # Adds the ability for other modules to register and lookup
+  # middleware classes.
+  def registered_middleware
+    @registered_middleware ||= {}
+  end
+
+  # Register middleware class(es) on the current module.
+  #
+  # @param mappings [Hash] Middleware mappings from a lookup symbol to a middleware class.
+  # @return [void]
+  #
+  # @example Lookup by a constant
+  #
+  #   module Faraday
+  #     class Whatever < Middleware
+  #       # Middleware looked up by :foo returns Faraday::Whatever::Foo.
+  #       register_middleware(foo: Whatever)
+  #     end
+  #   end
+  def register_middleware(**mappings)
+    middleware_mutex do
+      registered_middleware.update(mappings)
+    end
+  end
+
+  # Unregister a previously registered middleware class.
+  #
+  # @param key [Symbol] key for the registered middleware.
+  def unregister_middleware(key)
+    registered_middleware.delete(key)
+  end
+
+  # Lookup middleware class with a registered Symbol shortcut.
+  #
+  # @param key [Symbol] key for the registered middleware.
+  # @return [Class] a middleware Class.
+  # @raise [Faraday::Error] if given key is not registered
+  #
+  # @example
+  #
+  #   module Faraday
+  #     class Whatever < Middleware
+  #       register_middleware(foo: Whatever)
+  #     end
+  #   end
+  #
+  #   Faraday::Middleware.lookup_middleware(:foo)
+  #   # => Faraday::Whatever
+  def lookup_middleware(key)
+    load_middleware(key) ||
+      raise(Faraday::Error, "#{key.inspect} is not registered on #{self}")
+  end
+
+  private
+
+  def middleware_mutex(&block)
+    @middleware_mutex ||= Monitor.new
+    @middleware_mutex.synchronize(&block)
+  end
+
+  def load_middleware(key)
+    value = registered_middleware[key]
+    case value
+    when Module
+      value
+    when Symbol, String
+      middleware_mutex do
+        @registered_middleware[key] = const_get(value)
+      end
+    when Proc
+      middleware_mutex do
+        @registered_middleware[key] = value.call
+      end
+    end
+  end
+end

data/lib/logstash/inputs/akamai_siem/request.rb

@@ -0,0 +1,92 @@
+# frozen_string_literal: true
+
+class LogStash::Inputs::AkamaiSiem
+  Request = Struct.new(:http_method, :path, :headers, :body, :host, :url) do
+    extend MiddlewareRegistry
+    alias_method :member_get, :[]
+    private :member_get
+    alias_method :member_set, :[]=
+    private :member_set
+
+    # @param request_method [String]
+    # @yield [request] for block customization, if block given
+    # @yieldparam request [Request]
+    # @return [Request]
+    def self.create(request_method)
+      new(request_method).tap do |request|
+        yield(request) if block_given?
+      end
+    end
+
+    remove_method :headers=
+    # Replace request headers, preserving the existing hash type.
+    #
+    # @param hash [Hash] new headers
+    def headers=(hash)
+      if headers
+        headers.replace hash
+      else
+        member_set(:headers, hash)
+      end
+    end
+
+    def update_uri(url)
+      if url.respond_to? :query
+        if (query = url.query)
+          path = url.path = Addressable::URI.unencode(url.path.dup.gsub(/\/$/, ''))
+        end
+      else
+        anchor_index = path.index('#')
+        path = path.slice(0, anchor_index) unless anchor_index.nil?
+        path, query = path.split('?', 2)
+      end
+      self.host = url.host
+      self.path = path
+      self.url = url
+    end
+
+    # @param key [Object] key to look up in headers
+    # @return [Object] value of the given header name
+    def [](key)
+      headers[key]
+    end
+
+    # @param key [Object] key of header to write
+    # @param value [Object] value of header
+    def []=(key, value)
+      headers[key] = value
+    end
+
+    def to_a
+      [
+        self.http_method,
+        self.url.to_s,
+        headers: self.headers
+      ]
+    end
+
+    # Marshal serialization support.
+    #
+    # @return [Hash] the hash ready to be serialized in Marshal.
+    def marshal_dump
+      {
+        http_method: http_method,
+        body: body,
+        headers: headers,
+        path: path,
+        host: host
+      }
+    end
+
+    # Marshal serialization support.
+    # Restores the instance variables according to the +serialised+.
+    # @param serialised [Hash] the serialised object.
+    def marshal_load(serialised)
+      self.http_method = serialised[:http_method]
+      self.body = serialised[:body]
+      self.headers = serialised[:headers]
+      self.path = serialised[:path]
+      self.host = serialised[:host]
+    end
+  end
+end