File Coverage

blib/lib/App/Spoor/AccessEntryParser.pm
Criterion Covered Total %
statement 47 47 100.0
branch 12 12 100.0
condition 6 6 100.0
subroutine 8 8 100.0
pod 1 1 100.0
total 74 74 100.0


line stmt bran cond sub pod time code
1             package App::Spoor::AccessEntryParser;
2              
3 2     2   170560 use v5.10;
  2         11  
4 2     2   11 use strict;
  2         4  
  2         39  
5 2     2   9 use warnings;
  2         4  
  2         47  
6 2     2   10 use utf8;
  2         4  
  2         13  
7              
8             =head1 NAME
9              
10             App::Spoor::AccessEntryParser
11              
12             =head1 VERSION
13              
14             Version 0.02
15              
16             =cut
17              
18             our $VERSION = '0.02';
19              
20              
21             =head1 SYNOPSIS
22              
23             This package contains the necessary functionality to parse CPanel access log entries.
24              
25             =head1 SUBROUTINES/METHODS
26              
27             =head2 parse
28              
29             This subroutine accepts a single line from a CPanel access log (as a string) and returns a reference to a hash
30             representation of that entry.
31              
32             The hash representation contains the following elements when the entry could be successfully parsed:
33              
34             =over 2
35              
36             =item * type: This is hardcoded to 'access'
37              
38             =item * log_time: A DateTime instance representing the time of the log entry
39              
40             =item * event: A description of the event that the entry refers to - can be one of forward_added_partial_ip, forward_removed, unrecognised.
41              
42             =item * ip: The IP address listed in the entry
43              
44             =item * credential: The user performing the request
45              
46             =item * context: The context within which the operation is being performed can be either 'mailbox' or 'unrecognised'
47              
48             =item * status: The status of the request can be one of 'success' or 'failed'
49              
50             =back
51              
52             If the entry could not be successfully parsed, it will contain the following items:
53              
54             =over 2
55              
56             =item * type: This is hardcoded to 'access'
57              
58             =item * event: This is hardcoded to 'unrecognised'.
59              
60             =back
61              
62             =cut
63              
64             sub parse {
65 2     2   1422 use DateTime::Format::Strptime;
  2         1061199  
  2         12  
66 2     2   1314 use URI::Escape qw( uri_unescape );
  2         2841  
  2         320  
67              
68 22     22 1 5847 my $log_entry = shift;
69 22         92 my $level;
70             my $event;
71 22         0 my $status;
72 22         0 my $forward_recipient;
73 22         0 my %result;
74 22         77 my $date_parser = DateTime::Format::Strptime->new(pattern => '%m/%d/%Y:%H:%M:%S %z', on_error => 'croak');
75              
76 22 100       28269 if ($log_entry =~ /
77             \A
78             (?<ip>\S+)\s
79             -\s
80             (?<username>.+)\s
81             \[(?<timestamp>[^\]]+)\]\s
82             "(?<http_request>[^"]+)"\s
83             (?<response_code>\d{3})\s
84             /x) {
85 2     2   991 my $log_time = $date_parser->parse_datetime($+{timestamp})->epoch();
  2         912  
  2         631  
  20         135  
86 20         15157 my $credential = uri_unescape($+{username});
87 20         453 my $ip = $+{ip};
88 20         89 my $http_request = $+{http_request};
89 20         75 my $response_code = $+{response_code};
90              
91 20 100       68 if ($credential =~ /@/) {
92 16         27 $level = 'mailbox';
93             } else {
94 4         6 $level = 'unrecognised';
95             }
96              
97 20 100       43 if ($response_code eq '200') {
98 16         25 $status = 'success';
99             } else {
100 4         8 $status = 'failed';
101             }
102              
103 20 100 100     165 if ($credential =~ /@/ && $http_request =~ /\APOST.+doaddfwd.html/) {
    100 100        
104 4         15 $event = 'forward_added_partial_ip';
105             } elsif (
106             $credential =~ /@/ &&
107             $http_request =~ /\AGET.+dodelfwd.html\?.*emaildest=(?<forward_recipient>[^\s?]+)/
108             ) {
109 4         8 $event = 'forward_removed';
110 4         14 $forward_recipient = uri_unescape($+{forward_recipient});
111             } else {
112 12         20 $event = 'unrecognised';
113             }
114              
115 20         168 %result = (
116             type => 'access',
117             log_time => $log_time,
118             event => $event,
119             ip => $ip,
120             credential => $credential,
121             context => $level,
122             status => $status,
123             );
124              
125 20 100       58 $result{forward_recipient} = $forward_recipient if($forward_recipient);
126             } else {
127 2         9 %result = (
128             type => 'access',
129             event => 'unrecognised',
130             );
131             }
132              
133 22         855 \%result;
134             }
135              
136             =head1 AUTHOR
137              
138             Rory McKinley, C<< <rorymckinley at capefox.co> >>
139              
140             =head1 BUGS
141              
142             Please report any bugs or feature requests to C<bug-app-spoor at rt.cpan.org>, or through
143             the web interface at L<https://rt.cpan.org/NoAuth/ReportBug.html?Queue=App-Spoor>. I will be notified, and then you'll
144             automatically be notified of progress on your bug as I make changes.
145              
146             =head1 SUPPORT
147              
148             You can find documentation for this module with the perldoc command.
149              
150             perldoc App::Spoor::AccessEntryParser
151              
152             You can also look for information at:
153              
154             =over 4
155              
156             =item * RT: CPAN's request tracker (report bugs here)
157              
158             L<https://rt.cpan.org/NoAuth/Bugs.html?Dist=App-Spoor>
159              
160             =item * AnnoCPAN: Annotated CPAN documentation
161              
162             L<http://annocpan.org/dist/App-Spoor>
163              
164             =item * CPAN Ratings
165              
166             L<https://cpanratings.perl.org/d/App-Spoor>
167              
168             =item * Search CPAN
169              
170             L<https://metacpan.org/release/App-Spoor>
171              
172             =back
173              
174             =head1 LICENSE AND COPYRIGHT
175              
176             Copyright 2019 Rory McKinley.
177              
178             This program is free software; you can redistribute it and/or modify it
179             under the terms of the the Artistic License (2.0). You may obtain a
180             copy of the full license at:
181              
182             L<http://www.perlfoundation.org/artistic_license_2_0>
183              
184             Any use, modification, and distribution of the Standard or Modified
185             Versions is governed by this Artistic License. By using, modifying or
186             distributing the Package, you accept this license. Do not use, modify,
187             or distribute the Package, if you do not accept this license.
188              
189             If your Modified Version has been derived from a Modified Version made
190             by someone other than you, you are nevertheless required to ensure that
191             your Modified Version complies with the requirements of this license.
192              
193             This license does not grant you the right to use any trademark, service
194             mark, tradename, or logo of the Copyright Holder.
195              
196             This license includes the non-exclusive, worldwide, free-of-charge
197             patent license to make, have made, use, offer to sell, sell, import and
198             otherwise transfer the Package with respect to any patent claims
199             licensable by the Copyright Holder that are necessarily infringed by the
200             Package. If you institute patent litigation (including a cross-claim or
201             counterclaim) against any party alleging that the Package constitutes
202             direct or contributory patent infringement, then this Artistic License
203             to you shall terminate on the date that such litigation is filed.
204              
205             Disclaimer of Warranty: THE PACKAGE IS PROVIDED BY THE COPYRIGHT HOLDER
206             AND CONTRIBUTORS "AS IS' AND WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES.
207             THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
208             PURPOSE, OR NON-INFRINGEMENT ARE DISCLAIMED TO THE EXTENT PERMITTED BY
209             YOUR LOCAL LAW. UNLESS REQUIRED BY LAW, NO COPYRIGHT HOLDER OR
210             CONTRIBUTOR WILL BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, OR
211             CONSEQUENTIAL DAMAGES ARISING IN ANY WAY OUT OF THE USE OF THE PACKAGE,
212             EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
213              
214              
215             =cut
216              
217             1; # End of App::Spoor::AccessEntryParser