modsecurity_audit_log_parser 0.1.1 → 0.1.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.travis.yml +4 -1
- data/lib/modsecurity_audit_log_parser.rb +19 -13
- data/lib/modsecurity_audit_log_parser/version.rb +1 -1
- data/modsecurity_audit_log_parser.gemspec +0 -2
- metadata +4 -4
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 0bea7e861234b29f8067d0cea8f53d18c72cde3b
|
|
4
|
+
data.tar.gz: 35941aff0bee85e3123b5a4b53990f08e2630f7e
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 2f61b8a6ad41b42e325a28c2f42a5297fea066d1b43da3096733fda1f226511e49909627242832c53bf729cc18e84839cfa3dda579ed69dbc61c46e82dfc08b2
|
|
7
|
+
data.tar.gz: 7401e6dfccc01b8ec9c56a8b658bcc2f4f8703f77db5b31b785ec190f6c7457c3c051fd0c0eb06d586146cebacd80fb93acdc8c78fb0d97f7cc3f64ab30ac91b
|
data/.travis.yml
CHANGED
|
@@ -16,27 +16,29 @@ class ModsecurityAuditLogParser
|
|
|
16
16
|
|
|
17
17
|
MODSEC_TIMESTAMP_FORMAT = '%d/%b/%Y:%H:%M:%S %z'
|
|
18
18
|
def time
|
|
19
|
-
if
|
|
20
|
-
|
|
19
|
+
if ah = audit_log_header
|
|
20
|
+
if ts = ah.timestamp
|
|
21
|
+
DateTime.strptime(ts, MODSEC_TIMESTAMP_FORMAT).to_time.to_i rescue 0
|
|
22
|
+
end
|
|
21
23
|
end
|
|
22
24
|
end
|
|
23
25
|
|
|
24
26
|
[:timestamp, :unique_transaction_id, :source_ip_address, :source_port, :destination_ip_address, :destination_port].each do |name|
|
|
25
27
|
define_method(name) do
|
|
26
|
-
audit_log_header
|
|
28
|
+
audit_log_header.send(name)
|
|
27
29
|
end
|
|
28
30
|
end
|
|
29
31
|
|
|
30
32
|
def trailers
|
|
31
|
-
audit_log_trailer
|
|
33
|
+
audit_log_trailer.trailers
|
|
32
34
|
end
|
|
33
35
|
|
|
34
36
|
def rules
|
|
35
|
-
audit_log_trailer
|
|
37
|
+
audit_log_trailer.rules
|
|
36
38
|
end
|
|
37
39
|
|
|
38
40
|
def audit_log_header
|
|
39
|
-
@parts['A']
|
|
41
|
+
@parts['A'] || EMPTY_AUDIT_LOG_HEADER
|
|
40
42
|
end
|
|
41
43
|
|
|
42
44
|
def request_headers
|
|
@@ -56,7 +58,7 @@ class ModsecurityAuditLogParser
|
|
|
56
58
|
end
|
|
57
59
|
|
|
58
60
|
def audit_log_trailer
|
|
59
|
-
@parts['H']
|
|
61
|
+
@parts['H'] || EMPTY_AUDIT_LOG_TRAILER
|
|
60
62
|
end
|
|
61
63
|
|
|
62
64
|
def reduced_multipart_request_body
|
|
@@ -154,6 +156,7 @@ class ModsecurityAuditLogParser
|
|
|
154
156
|
hash[:destination_port] = @destination_port
|
|
155
157
|
end
|
|
156
158
|
end
|
|
159
|
+
EMPTY_AUDIT_LOG_HEADER = AuditLogHeaderPart.new
|
|
157
160
|
|
|
158
161
|
class RequestHeadersPart < ContentPart
|
|
159
162
|
register('B', self)
|
|
@@ -206,11 +209,13 @@ class ModsecurityAuditLogParser
|
|
|
206
209
|
end
|
|
207
210
|
|
|
208
211
|
def rules
|
|
209
|
-
if
|
|
210
|
-
pairs.
|
|
211
|
-
|
|
212
|
-
|
|
213
|
-
|
|
212
|
+
if message = @trailers[:Message]
|
|
213
|
+
if pairs = message.scan(/\[(\w+) "([^\\"]*(?:\\.[^\\"]*)*)"\]/)
|
|
214
|
+
pairs.inject({}) { |r, (k, v)|
|
|
215
|
+
r["rule_#{k}".intern] = v
|
|
216
|
+
r
|
|
217
|
+
}
|
|
218
|
+
end
|
|
214
219
|
end
|
|
215
220
|
end
|
|
216
221
|
|
|
@@ -221,6 +226,7 @@ class ModsecurityAuditLogParser
|
|
|
221
226
|
end
|
|
222
227
|
end
|
|
223
228
|
end
|
|
229
|
+
EMPTY_AUDIT_LOG_TRAILER = AuditLogTrailerPart.new
|
|
224
230
|
|
|
225
231
|
class ReducedMultipartRequestBodyPart < ContentPart
|
|
226
232
|
register('I', self)
|
|
@@ -269,8 +275,8 @@ class ModsecurityAuditLogParser
|
|
|
269
275
|
id, type = $1, $2
|
|
270
276
|
if @log.nil? or @log.id != id
|
|
271
277
|
@log = Log.new(id)
|
|
272
|
-
@records << @log
|
|
273
278
|
end
|
|
279
|
+
@records << @log if type == 'Z'
|
|
274
280
|
unless @targets.include?(type)
|
|
275
281
|
@part = nil
|
|
276
282
|
next
|
|
@@ -16,8 +16,6 @@ Gem::Specification.new do |spec|
|
|
|
16
16
|
spec.files = `git ls-files -z`.split("\x0").reject do |f|
|
|
17
17
|
f.match(%r{^(test|spec|features)/})
|
|
18
18
|
end
|
|
19
|
-
spec.bindir = "exe"
|
|
20
|
-
spec.executables = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
|
|
21
19
|
spec.require_paths = ["lib"]
|
|
22
20
|
|
|
23
21
|
spec.add_development_dependency "bundler", "~> 1.14"
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: modsecurity_audit_log_parser
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.1.
|
|
4
|
+
version: 0.1.2
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Hiroshi Nakamura
|
|
8
8
|
autorequire:
|
|
9
|
-
bindir:
|
|
9
|
+
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2017-05-
|
|
11
|
+
date: 2017-05-30 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: bundler
|
|
@@ -87,7 +87,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
87
87
|
version: '0'
|
|
88
88
|
requirements: []
|
|
89
89
|
rubyforge_project:
|
|
90
|
-
rubygems_version: 2.
|
|
90
|
+
rubygems_version: 2.2.5
|
|
91
91
|
signing_key:
|
|
92
92
|
specification_version: 4
|
|
93
93
|
summary: Modsecurity AuditLog parser library.
|