mirror of
https://github.com/openappsec/openappsec.git
synced 2025-09-29 11:16:30 +03:00
Apr 27th Update
This commit is contained in:
Ned Wright
@@ -149,8 +149,8 @@ Report::getSyslog() const
|
||||
}
|
||||
time_stamp += "Z";
|
||||
|
||||
string origin_syslog = origin.getSyslog();
|
||||
string event_data_syslog = event_data.getSyslog();
|
||||
string origin_syslog = origin.getSyslogAndCef();
|
||||
string event_data_syslog = event_data.getSyslogAndCef();
|
||||
string agent_id = "cpnano-agent-" + Singleton::Consume<I_AgentDetails>::by<Report>()->getAgentId();
|
||||
auto service_name = Singleton::Consume<I_Environment>::by<Report>()->get<string>("Service Name");
|
||||
|
||||
@@ -189,6 +189,12 @@ Report::getCef() const
|
||||
CefReport report;
|
||||
auto service_name = Singleton::Consume<I_Environment>::by<Report>()->get<string>("Service Name");
|
||||
|
||||
auto i_time = Singleton::Consume<I_TimeGet>::by<Report>();
|
||||
string time_stamp = i_time->getWalltimeStr(time);
|
||||
if (time_stamp.size() > 7 && time_stamp[time_stamp.size() - 7] == '.') {
|
||||
time_stamp.erase(time_stamp.size() - 3); // downscale micro-sec resollution to milli-sec
|
||||
}
|
||||
|
||||
if (service_name.ok()) {
|
||||
string tmp = service_name.unpack();
|
||||
tmp.erase(remove(tmp.begin(), tmp.end(), ' '), tmp.end());
|
||||
@@ -205,9 +211,10 @@ Report::getCef() const
|
||||
report.pushMandatory(title);
|
||||
report.pushMandatory(TagAndEnumManagement::convertToString(priority));
|
||||
|
||||
string origin_cef = origin.getCef();
|
||||
string event_data_cef = event_data.getCef();
|
||||
string origin_cef = origin.getSyslogAndCef();
|
||||
string event_data_cef = event_data.getSyslogAndCef();
|
||||
|
||||
report.pushExtension("eventTime=" + time_stamp);
|
||||
if (!origin_cef.empty()) {
|
||||
report.pushExtension(origin_cef);
|
||||
}
|
||||
|
||||
@@ -570,8 +570,8 @@ TEST_F(ReportTest, testSyslogWithoutServiceName)
|
||||
EXPECT_EQ(
|
||||
report.getSyslog(),
|
||||
"<133>1 0:0:0.123Z cpnano-agent-001 UnnamedNanoService - 0 - "
|
||||
"title='Log Test' agent='Secret' eventTraceId='' eventSpanId='' "
|
||||
"issuingEngineVersion='' serviceName='Unnamed Nano Service' serviceId='' serviceFamilyId=''"
|
||||
"title='Log Test' agent=\"Secret\" eventTraceId=\"\" eventSpanId=\"\" "
|
||||
"issuingEngineVersion=\"\" serviceName=\"Unnamed Nano Service\" serviceId=\"\" serviceFamilyId=\"\""
|
||||
);
|
||||
}
|
||||
|
||||
@@ -604,13 +604,17 @@ TEST_F(ReportTest, testSyslog)
|
||||
vector<vector<string>> f1 = { { "a", "b"}, {"1", "2"} };
|
||||
|
||||
report << LogField("ArrayOfArraies", f1);
|
||||
report << LogField("DataWithNewLine", "new\r\nline");
|
||||
report << LogField("DataWithQuote", "data'bla");
|
||||
|
||||
string result =
|
||||
string("<133>1 0:0:0.123Z cpnano-agent-001 AccessControlApp - 1 - "
|
||||
"title='Log Test' agent='Secret'") +
|
||||
" eventTraceId='' eventSpanId='' issuingEngineVersion=''" +
|
||||
" serviceName='Access Control App' serviceId='' serviceFamilyId=''" +
|
||||
string(" ArrayOfArraies='[ [ a, b ], [ 1, 2 ] ]'");
|
||||
"title='Log Test' agent=\"Secret\"") +
|
||||
" eventTraceId=\"\" eventSpanId=\"\" issuingEngineVersion=\"\"" +
|
||||
" serviceName=\"Access Control App\" serviceId=\"\" serviceFamilyId=\"\"" +
|
||||
string(" ArrayOfArraies=\"[ [ a, b \\], [ 1, 2 \\] \\]\"") +
|
||||
string(" DataWithNewLine=\"new\\r\\nline\"") +
|
||||
string(" DataWithQuote=\"data\\'bla\"");
|
||||
|
||||
EXPECT_EQ(report.getSyslog(), result);
|
||||
}
|
||||
@@ -643,11 +647,14 @@ TEST_F(ReportTest, testCef)
|
||||
);
|
||||
report.addToOrigin(another_origin);
|
||||
|
||||
report << LogField("DataWithQuote", "data'bla");
|
||||
|
||||
EXPECT_EQ(
|
||||
report.getCef(),
|
||||
"CEF:0|Check Point|AccessControlApp||Event Driven|Log Test|Low|"
|
||||
"agent=Secret eventTraceId= eventSpanId= issuingEngineVersion="
|
||||
" serviceName=Access Control App serviceId= serviceFamilyId= Bond=1"
|
||||
"eventTime=0:0:0.123 agent=\"Secret\" eventTraceId=\"\" eventSpanId=\"\" issuingEngineVersion=\"\""
|
||||
" serviceName=\"Access Control App\" serviceId=\"\""
|
||||
" serviceFamilyId=\"\" Bond=\"1\" DataWithQuote=\"data\\'bla\""
|
||||
);
|
||||
}
|
||||
|
||||
|
||||
@@ -103,7 +103,8 @@ TagAndEnumManagement::convertStringToTag(const string &tag)
|
||||
{"NGINX Server", ReportIS::Tags::WEB_SERVER_NGINX},
|
||||
{"Kong Server", ReportIS::Tags::WEB_SERVER_KONG},
|
||||
{"Embedded Deployment", ReportIS::Tags::DEPLOYMENT_EMBEDDED},
|
||||
{"Kubernetes Deployment", ReportIS::Tags::DEPLOYMENT_K8S}
|
||||
{"Kubernetes Deployment", ReportIS::Tags::DEPLOYMENT_K8S},
|
||||
{"Layer 7 Access Control", ReportIS::Tags::LAYER_7_ACCESS_CONTROL}
|
||||
};
|
||||
|
||||
auto report_is_tag = strings_to_tags.find(tag);
|
||||
@@ -300,7 +301,8 @@ EnumArray<Tags, string> TagAndEnumManagement::tags_translation_arr {
|
||||
"NGINX Server",
|
||||
"Kong Server",
|
||||
"Embedded Deployment",
|
||||
"Kubernetes Deployment"
|
||||
"Kubernetes Deployment",
|
||||
"Layer 7 Access Control"
|
||||
};
|
||||
|
||||
EnumArray<AudienceTeam, string> TagAndEnumManagement::audience_team_translation {
|
||||
|
||||
Reference in New Issue
Block a user