modsecurity_audit_log_parser 0.1.1 → 0.1.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 3fde4e6ff7aa635c2e8a201d4dc084b98137cf50
4
- data.tar.gz: b572628e316eac2d617af827c3cd3b01d6978d8c
3
+ metadata.gz: 0bea7e861234b29f8067d0cea8f53d18c72cde3b
4
+ data.tar.gz: 35941aff0bee85e3123b5a4b53990f08e2630f7e
5
5
  SHA512:
6
- metadata.gz: c9dd71d05960a666d82a5f773dd4dc2ba3ad28ae9e57aca275c1c614241fb045cd8bb44bbb05697ee835b5596f306f77a017fba64391dbf27bd27d5214fc228f
7
- data.tar.gz: 16688e2e480054bc6ec21ff62e4c47e85041d45a7269a37659e3c2ee1add75e558b3264c101c1f9b8af9c98fb5ec2f5fe9c288b102d342e1b834f56c4efd8f44
6
+ metadata.gz: 2f61b8a6ad41b42e325a28c2f42a5297fea066d1b43da3096733fda1f226511e49909627242832c53bf729cc18e84839cfa3dda579ed69dbc61c46e82dfc08b2
7
+ data.tar.gz: 7401e6dfccc01b8ec9c56a8b658bcc2f4f8703f77db5b31b785ec190f6c7457c3c051fd0c0eb06d586146cebacd80fb93acdc8c78fb0d97f7cc3f64ab30ac91b
data/.travis.yml CHANGED
@@ -1,5 +1,8 @@
1
1
  sudo: false
2
2
  language: ruby
3
3
  rvm:
4
- - 2.4.0
4
+ - 2.1.10
5
+ - 2.2.7
6
+ - 2.3.4
7
+ - 2.4.1
5
8
  before_install: gem install bundler -v 1.14.3
@@ -16,27 +16,29 @@ class ModsecurityAuditLogParser
16
16
 
17
17
  MODSEC_TIMESTAMP_FORMAT = '%d/%b/%Y:%H:%M:%S %z'
18
18
  def time
19
- if ts = audit_log_header&.timestamp
20
- DateTime.strptime(ts, MODSEC_TIMESTAMP_FORMAT).to_time.to_i rescue 0
19
+ if ah = audit_log_header
20
+ if ts = ah.timestamp
21
+ DateTime.strptime(ts, MODSEC_TIMESTAMP_FORMAT).to_time.to_i rescue 0
22
+ end
21
23
  end
22
24
  end
23
25
 
24
26
  [:timestamp, :unique_transaction_id, :source_ip_address, :source_port, :destination_ip_address, :destination_port].each do |name|
25
27
  define_method(name) do
26
- audit_log_header&.send(name)
28
+ audit_log_header.send(name)
27
29
  end
28
30
  end
29
31
 
30
32
  def trailers
31
- audit_log_trailer&.trailers
33
+ audit_log_trailer.trailers
32
34
  end
33
35
 
34
36
  def rules
35
- audit_log_trailer&.rules
37
+ audit_log_trailer.rules
36
38
  end
37
39
 
38
40
  def audit_log_header
39
- @parts['A']
41
+ @parts['A'] || EMPTY_AUDIT_LOG_HEADER
40
42
  end
41
43
 
42
44
  def request_headers
@@ -56,7 +58,7 @@ class ModsecurityAuditLogParser
56
58
  end
57
59
 
58
60
  def audit_log_trailer
59
- @parts['H']
61
+ @parts['H'] || EMPTY_AUDIT_LOG_TRAILER
60
62
  end
61
63
 
62
64
  def reduced_multipart_request_body
@@ -154,6 +156,7 @@ class ModsecurityAuditLogParser
154
156
  hash[:destination_port] = @destination_port
155
157
  end
156
158
  end
159
+ EMPTY_AUDIT_LOG_HEADER = AuditLogHeaderPart.new
157
160
 
158
161
  class RequestHeadersPart < ContentPart
159
162
  register('B', self)
@@ -206,11 +209,13 @@ class ModsecurityAuditLogParser
206
209
  end
207
210
 
208
211
  def rules
209
- if pairs = @trailers[:Message]&.scan(/\[(\w+) "([^\\"]*(?:\\.[^\\"]*)*)"\]/)
210
- pairs.inject({}) { |r, (k, v)|
211
- r["rule_#{k}".intern] = v
212
- r
213
- }
212
+ if message = @trailers[:Message]
213
+ if pairs = message.scan(/\[(\w+) "([^\\"]*(?:\\.[^\\"]*)*)"\]/)
214
+ pairs.inject({}) { |r, (k, v)|
215
+ r["rule_#{k}".intern] = v
216
+ r
217
+ }
218
+ end
214
219
  end
215
220
  end
216
221
 
@@ -221,6 +226,7 @@ class ModsecurityAuditLogParser
221
226
  end
222
227
  end
223
228
  end
229
+ EMPTY_AUDIT_LOG_TRAILER = AuditLogTrailerPart.new
224
230
 
225
231
  class ReducedMultipartRequestBodyPart < ContentPart
226
232
  register('I', self)
@@ -269,8 +275,8 @@ class ModsecurityAuditLogParser
269
275
  id, type = $1, $2
270
276
  if @log.nil? or @log.id != id
271
277
  @log = Log.new(id)
272
- @records << @log
273
278
  end
279
+ @records << @log if type == 'Z'
274
280
  unless @targets.include?(type)
275
281
  @part = nil
276
282
  next
@@ -1,3 +1,3 @@
1
1
  class ModsecurityAuditLogParser
2
- VERSION = '0.1.1'
2
+ VERSION = '0.1.2'
3
3
  end
@@ -16,8 +16,6 @@ Gem::Specification.new do |spec|
16
16
  spec.files = `git ls-files -z`.split("\x0").reject do |f|
17
17
  f.match(%r{^(test|spec|features)/})
18
18
  end
19
- spec.bindir = "exe"
20
- spec.executables = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
21
19
  spec.require_paths = ["lib"]
22
20
 
23
21
  spec.add_development_dependency "bundler", "~> 1.14"
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: modsecurity_audit_log_parser
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.1
4
+ version: 0.1.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - Hiroshi Nakamura
8
8
  autorequire:
9
- bindir: exe
9
+ bindir: bin
10
10
  cert_chain: []
11
- date: 2017-05-26 00:00:00.000000000 Z
11
+ date: 2017-05-30 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: bundler
@@ -87,7 +87,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
87
87
  version: '0'
88
88
  requirements: []
89
89
  rubyforge_project:
90
- rubygems_version: 2.6.8
90
+ rubygems_version: 2.2.5
91
91
  signing_key:
92
92
  specification_version: 4
93
93
  summary: Modsecurity AuditLog parser library.