logstash-input-box_enterprise 0.1.0 → 0.2.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +2 -0
- data/lib/logstash/inputs/box_enterprise.rb +7 -1
- data/logstash-input-box_enterprise.gemspec +8 -7
- data/spec/inputs/box_enterprise_spec.rb +13 -0
- metadata +42 -8
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 3504d37c52e6b6f95c2814951c6cfef1a5224097
|
|
4
|
+
data.tar.gz: 21d3ab79f1ccf32afe524a0689e0f2997910b8ea
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: e6abbff8d3b78b36d284d979e7b6fd95c57442f20522a5328b8c0c1b15dd528240276a7b3dd39f6b7f888f88fffe1ebf7d7b3b39b84b952803392236e6e02808
|
|
7
|
+
data.tar.gz: e1561615e9371383ea3c4db31393917a26021710c4f66f11067c72fca5dbae96eda4c38ce90360f03b9459081a1da40fdc65f0eecb4a24513e4caf4a3ca0aded
|
data/CHANGELOG.md
CHANGED
|
@@ -512,11 +512,17 @@ class LogStash::Inputs::BoxEnterprise < LogStash::Inputs::Base
|
|
|
512
512
|
def handle_unknown_error(queue,response, requested_url, exec_time)
|
|
513
513
|
@continue = false
|
|
514
514
|
|
|
515
|
+
begin
|
|
516
|
+
parsed_message = JSON.parse(response.body)["message"]
|
|
517
|
+
rescue
|
|
518
|
+
parsed_message = "No message provided"
|
|
519
|
+
end
|
|
520
|
+
|
|
515
521
|
event_hash = {
|
|
516
522
|
"Box-Plugin-Status" => "Box.com server error",
|
|
517
523
|
"Box-Error-Headers" => response.headers,
|
|
518
524
|
"Box-Error-Code" => response.code,
|
|
519
|
-
"Box=Error-Msg" =>
|
|
525
|
+
"Box=Error-Msg" => parsed_message,
|
|
520
526
|
"Box-Error-Raw-Msg" => response.body
|
|
521
527
|
}
|
|
522
528
|
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
Gem::Specification.new do |s|
|
|
2
2
|
s.name = 'logstash-input-box_enterprise'
|
|
3
|
-
s.version = '0.1
|
|
3
|
+
s.version = '0.2.1'
|
|
4
4
|
s.licenses = ['Apache License (2.0)']
|
|
5
5
|
s.summary = 'This plugin fetches enterprise events from Box.com to ship to a siem'
|
|
6
6
|
s.description = 'For SIEMs that do not have the capability to pull the log events from Box.com, this plugin can do the push and push to the SIEM'
|
|
@@ -18,14 +18,13 @@ Gem::Specification.new do |s|
|
|
|
18
18
|
s.metadata = { "logstash_plugin" => "true", "logstash_group" => "input" }
|
|
19
19
|
|
|
20
20
|
# Gem dependencies
|
|
21
|
-
|
|
22
|
-
# Retaining logstash 2.4 compat
|
|
23
|
-
s.add_runtime_dependency "logstash-core-plugin-api", "~> 1.0"
|
|
21
|
+
s.add_runtime_dependency "logstash-core-plugin-api", ">= 1.60", "<= 2.99"
|
|
22
|
+
#s.add_runtime_dependency "logstash-core-plugin-api", "~> 1.0" # Retaining logstash 2.4 compat
|
|
24
23
|
s.add_runtime_dependency 'logstash-codec-plain'
|
|
25
24
|
s.add_runtime_dependency 'stud', '~> 0.0.22'
|
|
26
|
-
# Retaining logstash 2.4 compat
|
|
27
|
-
s.add_runtime_dependency 'logstash-mixin-http_client', ">= 2.2.4", "<
|
|
28
|
-
#s.add_runtime_dependency 'logstash-mixin-http_client', ">=
|
|
25
|
+
#s.add_runtime_dependency 'logstash-mixin-http_client', ">= 2.2.4", "< 3.0.0" # Retaining logstash 2.4 compat
|
|
26
|
+
s.add_runtime_dependency 'logstash-mixin-http_client', ">= 2.2.4", "< 7.0.0" # Logstash Production
|
|
27
|
+
#s.add_runtime_dependency 'logstash-mixin-http_client', ">= 5.2.0", "< 7.0.0" # Logstash 5x+
|
|
29
28
|
s.add_runtime_dependency 'manticore', ">=0.6.1"
|
|
30
29
|
s.add_runtime_dependency 'rufus-scheduler', "~>3.0.9"
|
|
31
30
|
s.add_runtime_dependency 'jwt', '~> 1.5', '>= 1.5.6'
|
|
@@ -34,5 +33,7 @@ Gem::Specification.new do |s|
|
|
|
34
33
|
s.add_development_dependency 'logstash-codec-json'
|
|
35
34
|
s.add_development_dependency 'flores'
|
|
36
35
|
s.add_development_dependency 'timecop'
|
|
36
|
+
s.add_development_dependency 'rake', "~> 12.1.0"
|
|
37
|
+
s.add_development_dependency 'kramdown', "~> 1.14.0"
|
|
37
38
|
|
|
38
39
|
end
|
|
@@ -173,6 +173,18 @@ describe LogStash::Inputs::BoxEnterprise do
|
|
|
173
173
|
subject.register
|
|
174
174
|
end
|
|
175
175
|
|
|
176
|
+
# This test fixes a bug where handle_unknown_error would generate an exception whenever the response_body was empty.
|
|
177
|
+
describe "#handle_unknown_error" do
|
|
178
|
+
|
|
179
|
+
let(:response_headers) { {:error => "there is an error status", "www-authenticate"=>"Bearer realm=\"Service\", error=\"insufficient_scope\", error_description=\"The request requires higher privileges than provided by the access token.\"", "age"=>"2", "connection"=>"keep-alive"} }
|
|
180
|
+
let(:response) { Manticore::StubbedResponse.stub(body: "", headers: response_headers, code: 500).call }
|
|
181
|
+
|
|
182
|
+
it "builds an event with an empty body" do
|
|
183
|
+
expect(subject).to receive(:apply_metadata)
|
|
184
|
+
expect(subject).to receive(:decorate)
|
|
185
|
+
subject.send(:handle_unknown_error, queue, response, nil, nil)
|
|
186
|
+
end
|
|
187
|
+
end
|
|
176
188
|
describe "#run" do
|
|
177
189
|
it "should setup a scheduler" do
|
|
178
190
|
|
|
@@ -208,6 +220,7 @@ describe LogStash::Inputs::BoxEnterprise do
|
|
|
208
220
|
|
|
209
221
|
allow(subject).to receive(:decorate)
|
|
210
222
|
expect(subject.instance_variable_get(:@logger)).to receive(:error)
|
|
223
|
+
allow(response).to receive(:times_retried) { 0 }
|
|
211
224
|
subject.send(:handle_success, queue, response, auth_token, requested_url, exec_time)
|
|
212
225
|
expect(subject.instance_variable_get(:@continue)).to be(false)
|
|
213
226
|
|
metadata
CHANGED
|
@@ -1,29 +1,35 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: logstash-input-box_enterprise
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.1
|
|
4
|
+
version: 0.2.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- SRA
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2019-03-09 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
requirement: !ruby/object:Gem::Requirement
|
|
15
15
|
requirements:
|
|
16
|
-
- - "
|
|
16
|
+
- - ">="
|
|
17
17
|
- !ruby/object:Gem::Version
|
|
18
|
-
version: '1.
|
|
18
|
+
version: '1.60'
|
|
19
|
+
- - "<="
|
|
20
|
+
- !ruby/object:Gem::Version
|
|
21
|
+
version: '2.99'
|
|
19
22
|
name: logstash-core-plugin-api
|
|
20
23
|
prerelease: false
|
|
21
24
|
type: :runtime
|
|
22
25
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
26
|
requirements:
|
|
24
|
-
- - "
|
|
27
|
+
- - ">="
|
|
28
|
+
- !ruby/object:Gem::Version
|
|
29
|
+
version: '1.60'
|
|
30
|
+
- - "<="
|
|
25
31
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: '
|
|
32
|
+
version: '2.99'
|
|
27
33
|
- !ruby/object:Gem::Dependency
|
|
28
34
|
requirement: !ruby/object:Gem::Requirement
|
|
29
35
|
requirements:
|
|
@@ -60,7 +66,7 @@ dependencies:
|
|
|
60
66
|
version: 2.2.4
|
|
61
67
|
- - "<"
|
|
62
68
|
- !ruby/object:Gem::Version
|
|
63
|
-
version:
|
|
69
|
+
version: 7.0.0
|
|
64
70
|
name: logstash-mixin-http_client
|
|
65
71
|
prerelease: false
|
|
66
72
|
type: :runtime
|
|
@@ -71,7 +77,7 @@ dependencies:
|
|
|
71
77
|
version: 2.2.4
|
|
72
78
|
- - "<"
|
|
73
79
|
- !ruby/object:Gem::Version
|
|
74
|
-
version:
|
|
80
|
+
version: 7.0.0
|
|
75
81
|
- !ruby/object:Gem::Dependency
|
|
76
82
|
requirement: !ruby/object:Gem::Requirement
|
|
77
83
|
requirements:
|
|
@@ -176,6 +182,34 @@ dependencies:
|
|
|
176
182
|
- - ">="
|
|
177
183
|
- !ruby/object:Gem::Version
|
|
178
184
|
version: '0'
|
|
185
|
+
- !ruby/object:Gem::Dependency
|
|
186
|
+
requirement: !ruby/object:Gem::Requirement
|
|
187
|
+
requirements:
|
|
188
|
+
- - "~>"
|
|
189
|
+
- !ruby/object:Gem::Version
|
|
190
|
+
version: 12.1.0
|
|
191
|
+
name: rake
|
|
192
|
+
prerelease: false
|
|
193
|
+
type: :development
|
|
194
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
195
|
+
requirements:
|
|
196
|
+
- - "~>"
|
|
197
|
+
- !ruby/object:Gem::Version
|
|
198
|
+
version: 12.1.0
|
|
199
|
+
- !ruby/object:Gem::Dependency
|
|
200
|
+
requirement: !ruby/object:Gem::Requirement
|
|
201
|
+
requirements:
|
|
202
|
+
- - "~>"
|
|
203
|
+
- !ruby/object:Gem::Version
|
|
204
|
+
version: 1.14.0
|
|
205
|
+
name: kramdown
|
|
206
|
+
prerelease: false
|
|
207
|
+
type: :development
|
|
208
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
209
|
+
requirements:
|
|
210
|
+
- - "~>"
|
|
211
|
+
- !ruby/object:Gem::Version
|
|
212
|
+
version: 1.14.0
|
|
179
213
|
description: For SIEMs that do not have the capability to pull the log events from Box.com, this plugin can do the push and push to the SIEM
|
|
180
214
|
email: info@securityriskadvisors.com
|
|
181
215
|
executables: []
|