modsecurity_audit_log_parser 0.1.1 → 0.1.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.travis.yml +4 -1
- data/lib/modsecurity_audit_log_parser.rb +19 -13
- data/lib/modsecurity_audit_log_parser/version.rb +1 -1
- data/modsecurity_audit_log_parser.gemspec +0 -2
- metadata +4 -4
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 0bea7e861234b29f8067d0cea8f53d18c72cde3b
|
|
4
|
+
data.tar.gz: 35941aff0bee85e3123b5a4b53990f08e2630f7e
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 2f61b8a6ad41b42e325a28c2f42a5297fea066d1b43da3096733fda1f226511e49909627242832c53bf729cc18e84839cfa3dda579ed69dbc61c46e82dfc08b2
|
|
7
|
+
data.tar.gz: 7401e6dfccc01b8ec9c56a8b658bcc2f4f8703f77db5b31b785ec190f6c7457c3c051fd0c0eb06d586146cebacd80fb93acdc8c78fb0d97f7cc3f64ab30ac91b
|
data/.travis.yml
CHANGED
|
@@ -16,27 +16,29 @@ class ModsecurityAuditLogParser
|
|
|
16
16
|
|
|
17
17
|
MODSEC_TIMESTAMP_FORMAT = '%d/%b/%Y:%H:%M:%S %z'
|
|
18
18
|
def time
|
|
19
|
-
if
|
|
20
|
-
|
|
19
|
+
if ah = audit_log_header
|
|
20
|
+
if ts = ah.timestamp
|
|
21
|
+
DateTime.strptime(ts, MODSEC_TIMESTAMP_FORMAT).to_time.to_i rescue 0
|
|
22
|
+
end
|
|
21
23
|
end
|
|
22
24
|
end
|
|
23
25
|
|
|
24
26
|
[:timestamp, :unique_transaction_id, :source_ip_address, :source_port, :destination_ip_address, :destination_port].each do |name|
|
|
25
27
|
define_method(name) do
|
|
26
|
-
audit_log_header
|
|
28
|
+
audit_log_header.send(name)
|
|
27
29
|
end
|
|
28
30
|
end
|
|
29
31
|
|
|
30
32
|
def trailers
|
|
31
|
-
audit_log_trailer
|
|
33
|
+
audit_log_trailer.trailers
|
|
32
34
|
end
|
|
33
35
|
|
|
34
36
|
def rules
|
|
35
|
-
audit_log_trailer
|
|
37
|
+
audit_log_trailer.rules
|
|
36
38
|
end
|
|
37
39
|
|
|
38
40
|
def audit_log_header
|
|
39
|
-
@parts['A']
|
|
41
|
+
@parts['A'] || EMPTY_AUDIT_LOG_HEADER
|
|
40
42
|
end
|
|
41
43
|
|
|
42
44
|
def request_headers
|
|
@@ -56,7 +58,7 @@ class ModsecurityAuditLogParser
|
|
|
56
58
|
end
|
|
57
59
|
|
|
58
60
|
def audit_log_trailer
|
|
59
|
-
@parts['H']
|
|
61
|
+
@parts['H'] || EMPTY_AUDIT_LOG_TRAILER
|
|
60
62
|
end
|
|
61
63
|
|
|
62
64
|
def reduced_multipart_request_body
|
|
@@ -154,6 +156,7 @@ class ModsecurityAuditLogParser
|
|
|
154
156
|
hash[:destination_port] = @destination_port
|
|
155
157
|
end
|
|
156
158
|
end
|
|
159
|
+
EMPTY_AUDIT_LOG_HEADER = AuditLogHeaderPart.new
|
|
157
160
|
|
|
158
161
|
class RequestHeadersPart < ContentPart
|
|
159
162
|
register('B', self)
|
|
@@ -206,11 +209,13 @@ class ModsecurityAuditLogParser
|
|
|
206
209
|
end
|
|
207
210
|
|
|
208
211
|
def rules
|
|
209
|
-
if
|
|
210
|
-
pairs.
|
|
211
|
-
|
|
212
|
-
|
|
213
|
-
|
|
212
|
+
if message = @trailers[:Message]
|
|
213
|
+
if pairs = message.scan(/\[(\w+) "([^\\"]*(?:\\.[^\\"]*)*)"\]/)
|
|
214
|
+
pairs.inject({}) { |r, (k, v)|
|
|
215
|
+
r["rule_#{k}".intern] = v
|
|
216
|
+
r
|
|
217
|
+
}
|
|
218
|
+
end
|
|
214
219
|
end
|
|
215
220
|
end
|
|
216
221
|
|
|
@@ -221,6 +226,7 @@ class ModsecurityAuditLogParser
|
|
|
221
226
|
end
|
|
222
227
|
end
|
|
223
228
|
end
|
|
229
|
+
EMPTY_AUDIT_LOG_TRAILER = AuditLogTrailerPart.new
|
|
224
230
|
|
|
225
231
|
class ReducedMultipartRequestBodyPart < ContentPart
|
|
226
232
|
register('I', self)
|
|
@@ -269,8 +275,8 @@ class ModsecurityAuditLogParser
|
|
|
269
275
|
id, type = $1, $2
|
|
270
276
|
if @log.nil? or @log.id != id
|
|
271
277
|
@log = Log.new(id)
|
|
272
|
-
@records << @log
|
|
273
278
|
end
|
|
279
|
+
@records << @log if type == 'Z'
|
|
274
280
|
unless @targets.include?(type)
|
|
275
281
|
@part = nil
|
|
276
282
|
next
|
|
@@ -16,8 +16,6 @@ Gem::Specification.new do |spec|
|
|
|
16
16
|
spec.files = `git ls-files -z`.split("\x0").reject do |f|
|
|
17
17
|
f.match(%r{^(test|spec|features)/})
|
|
18
18
|
end
|
|
19
|
-
spec.bindir = "exe"
|
|
20
|
-
spec.executables = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
|
|
21
19
|
spec.require_paths = ["lib"]
|
|
22
20
|
|
|
23
21
|
spec.add_development_dependency "bundler", "~> 1.14"
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: modsecurity_audit_log_parser
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.1.
|
|
4
|
+
version: 0.1.2
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Hiroshi Nakamura
|
|
8
8
|
autorequire:
|
|
9
|
-
bindir:
|
|
9
|
+
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2017-05-
|
|
11
|
+
date: 2017-05-30 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: bundler
|
|
@@ -87,7 +87,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
87
87
|
version: '0'
|
|
88
88
|
requirements: []
|
|
89
89
|
rubyforge_project:
|
|
90
|
-
rubygems_version: 2.
|
|
90
|
+
rubygems_version: 2.2.5
|
|
91
91
|
signing_key:
|
|
92
92
|
specification_version: 4
|
|
93
93
|
summary: Modsecurity AuditLog parser library.
|