logstash-input-box_enterprise 0.1.0 → 0.2.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 46bc9c2e0e9ce97c7b006ef796c9b7c9eb9ff4c7
-  data.tar.gz: 4650dba0a79d54e40e36b6f5a4180171fc250c3e
+  metadata.gz: 3504d37c52e6b6f95c2814951c6cfef1a5224097
+  data.tar.gz: 21d3ab79f1ccf32afe524a0689e0f2997910b8ea
 SHA512:
-  metadata.gz: 7b75b18a4a08cc9792d69fa6058b5683ea5ae8156e3cf9a806a9e644b48d6ed1263363ffe54ccc948bfd9bace352f95ce7bc7880a9cff362a21063c1cc0f148c
-  data.tar.gz: 71bc121295ea12a04795ff8052ef047c23b65155937eb4f24e6373abedd73475edb07a4899be62b81155d3c6b081c6304319e2ddd350b76a1d8a1257e3493bca
+  metadata.gz: e6abbff8d3b78b36d284d979e7b6fd95c57442f20522a5328b8c0c1b15dd528240276a7b3dd39f6b7f888f88fffe1ebf7d7b3b39b84b952803392236e6e02808
+  data.tar.gz: e1561615e9371383ea3c4db31393917a26021710c4f66f11067c72fca5dbae96eda4c38ce90360f03b9459081a1da40fdc65f0eecb4a24513e4caf4a3ca0aded

data/CHANGELOG.md

@@ -1,2 +1,4 @@
+## 0.2.0
+  - Updated plugin with 2.4x and 5x compat
 ## 0.1.0
   - Plugin created with the logstash plugin generator

data/lib/logstash/inputs/box_enterprise.rb

@@ -512,11 +512,17 @@ class LogStash::Inputs::BoxEnterprise < LogStash::Inputs::Base
   def handle_unknown_error(queue,response, requested_url, exec_time)
     @continue = false
 
+    begin
+      parsed_message = JSON.parse(response.body)["message"]
+    rescue
+      parsed_message = "No message provided"
+    end
+
     event_hash = {
       "Box-Plugin-Status" => "Box.com server error",
       "Box-Error-Headers" => response.headers,
       "Box-Error-Code"  => response.code,
-      "Box=Error-Msg" =>  JSON.parse(response.body)["message"],
+      "Box=Error-Msg" =>  parsed_message,
       "Box-Error-Raw-Msg" =>  response.body
       }
 

data/logstash-input-box_enterprise.gemspec

@@ -1,6 +1,6 @@
 Gem::Specification.new do |s|
   s.name          = 'logstash-input-box_enterprise'
-  s.version       = '0.1.0'
+  s.version       = '0.2.1'
   s.licenses      = ['Apache License (2.0)']
   s.summary       = 'This plugin fetches enterprise events from Box.com to ship to a siem'
   s.description   = 'For SIEMs that do not have the capability to pull the log events from Box.com, this plugin can do the push and push to the SIEM'
@@ -18,14 +18,13 @@ Gem::Specification.new do |s|
   s.metadata = { "logstash_plugin" => "true", "logstash_group" => "input" }
 
   # Gem dependencies
-  #s.add_runtime_dependency "logstash-core-plugin-api", ">= 1.60", "<= 2.99"
-  # Retaining logstash 2.4 compat
-  s.add_runtime_dependency "logstash-core-plugin-api", "~> 1.0"
+  s.add_runtime_dependency "logstash-core-plugin-api", ">= 1.60", "<= 2.99"
+  #s.add_runtime_dependency "logstash-core-plugin-api", "~> 1.0" # Retaining logstash 2.4 compat
   s.add_runtime_dependency 'logstash-codec-plain'
   s.add_runtime_dependency 'stud', '~> 0.0.22'
-  # Retaining logstash 2.4 compat
-  s.add_runtime_dependency 'logstash-mixin-http_client', ">= 2.2.4", "< 3.0.0"
-  #s.add_runtime_dependency 'logstash-mixin-http_client', ">= 2.2.4", "< 7.0.0"
+  #s.add_runtime_dependency 'logstash-mixin-http_client', ">= 2.2.4", "< 3.0.0" # Retaining logstash 2.4 compat
+  s.add_runtime_dependency 'logstash-mixin-http_client', ">= 2.2.4", "< 7.0.0" # Logstash Production
+  #s.add_runtime_dependency 'logstash-mixin-http_client', ">= 5.2.0", "< 7.0.0" # Logstash 5x+
   s.add_runtime_dependency 'manticore', ">=0.6.1"
   s.add_runtime_dependency 'rufus-scheduler', "~>3.0.9"
   s.add_runtime_dependency 'jwt', '~> 1.5', '>= 1.5.6'
@@ -34,5 +33,7 @@ Gem::Specification.new do |s|
   s.add_development_dependency 'logstash-codec-json'
   s.add_development_dependency 'flores'
   s.add_development_dependency 'timecop'
+  s.add_development_dependency 'rake', "~> 12.1.0"
+  s.add_development_dependency 'kramdown', "~> 1.14.0"
 
 end

data/spec/inputs/box_enterprise_spec.rb

@@ -173,6 +173,18 @@ describe LogStash::Inputs::BoxEnterprise do
       subject.register
     end
 
+    # This test fixes a bug where handle_unknown_error would generate an exception whenever the response_body was empty.
+    describe "#handle_unknown_error" do
+
+      let(:response_headers) { {:error => "there is an error status", "www-authenticate"=>"Bearer realm=\"Service\", error=\"insufficient_scope\", error_description=\"The request requires higher privileges than provided by the access token.\"", "age"=>"2", "connection"=>"keep-alive"} }
+      let(:response) { Manticore::StubbedResponse.stub(body: "", headers: response_headers, code: 500).call }
+
+      it "builds an event with an empty body" do 
+        expect(subject).to receive(:apply_metadata)
+        expect(subject).to receive(:decorate)
+        subject.send(:handle_unknown_error, queue, response, nil, nil)
+      end
+    end
     describe "#run" do
       it "should setup a scheduler" do
         
@@ -208,6 +220,7 @@ describe LogStash::Inputs::BoxEnterprise do
 
         allow(subject).to receive(:decorate)
         expect(subject.instance_variable_get(:@logger)).to receive(:error)
+        allow(response).to receive(:times_retried) { 0 }
         subject.send(:handle_success, queue, response, auth_token, requested_url, exec_time)
         expect(subject.instance_variable_get(:@continue)).to be(false)
 

metadata

@@ -1,29 +1,35 @@
 --- !ruby/object:Gem::Specification
 name: logstash-input-box_enterprise
 version: !ruby/object:Gem::Version
-  version: 0.1.0
+  version: 0.2.1
 platform: ruby
 authors:
 - SRA
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2017-10-20 00:00:00.000000000 Z
+date: 2019-03-09 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '1.0'
+        version: '1.60'
+    - - "<="
+      - !ruby/object:Gem::Version
+        version: '2.99'
   name: logstash-core-plugin-api
   prerelease: false
   type: :runtime
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '1.60'
+    - - "<="
       - !ruby/object:Gem::Version
-        version: '1.0'
+        version: '2.99'
 - !ruby/object:Gem::Dependency
   requirement: !ruby/object:Gem::Requirement
     requirements:
@@ -60,7 +66,7 @@ dependencies:
         version: 2.2.4
     - - "<"
       - !ruby/object:Gem::Version
-        version: 3.0.0
+        version: 7.0.0
   name: logstash-mixin-http_client
   prerelease: false
   type: :runtime
@@ -71,7 +77,7 @@ dependencies:
         version: 2.2.4
     - - "<"
       - !ruby/object:Gem::Version
-        version: 3.0.0
+        version: 7.0.0
 - !ruby/object:Gem::Dependency
   requirement: !ruby/object:Gem::Requirement
     requirements:
@@ -176,6 +182,34 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 12.1.0
+  name: rake
+  prerelease: false
+  type: :development
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 12.1.0
+- !ruby/object:Gem::Dependency
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.14.0
+  name: kramdown
+  prerelease: false
+  type: :development
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.14.0
 description: For SIEMs that do not have the capability to pull the log events from Box.com, this plugin can do the push and push to the SIEM
 email: info@securityriskadvisors.com
 executables: []