fluent-auditify 0.1.0

data/lib/fluent/auditify/plugin/conf_in_monitor_agent.rb

@@ -0,0 +1,18 @@
+require 'fluent/config/error'
+require 'fluent/auditify/plugin/conf'
+
+module Fluent::Auditify::Plugin
+  class ConfInMonitorAgent < Conf
+    Fluent::Auditify::Plugin.register_conf('in_monitor_agent', self)
+
+    def supported_platform?
+      :any
+    end
+
+    def initialize
+    end
+
+    def parse(conf, options={})
+    end
+  end
+end

data/lib/fluent/auditify/plugin/conf_in_sample.rb

@@ -0,0 +1,18 @@
+require 'fluent/config/error'
+require 'fluent/auditify/plugin/conf'
+
+module Fluent::Auditify::Plugin
+  class ConfInSample < Conf
+    Fluent::Auditify::Plugin.register_conf('in_sample', self)
+
+    def supported_platform?
+      :any
+    end
+
+    def initialize
+    end
+
+    def parse(conf, options={})
+    end
+  end
+end

data/lib/fluent/auditify/plugin/conf_in_syslog.rb

@@ -0,0 +1,18 @@
+require 'fluent/config/error'
+require 'fluent/auditify/plugin/conf'
+
+module Fluent::Auditify::Plugin
+  class ConfInSyslog < Conf
+    Fluent::Auditify::Plugin.register_conf('in_syslog', self)
+
+    def supported_platform?
+      :any
+    end
+
+    def initialize
+    end
+
+    def parse(conf, options={})
+    end
+  end
+end

data/lib/fluent/auditify/plugin/conf_in_tail.rb

@@ -0,0 +1,18 @@
+require 'fluent/config/error'
+require 'fluent/auditify/plugin/conf'
+
+module Fluent::Auditify::Plugin
+  class ConfInTail < Conf
+    Fluent::Auditify::Plugin.register_conf('in_tail', self)
+
+    def supported_platform?
+      :any
+    end
+
+    def initialize
+    end
+
+    def parse(conf, options={})
+    end
+  end
+end

data/lib/fluent/auditify/plugin/conf_in_tcp.rb

@@ -0,0 +1,18 @@
+require 'fluent/config/error'
+require 'fluent/auditify/plugin/conf'
+
+module Fluent::Auditify::Plugin
+  class ConfInTcp < Conf
+    Fluent::Auditify::Plugin.register_conf('in_tcp', self)
+
+    def supported_platform?
+      :any
+    end
+
+    def initialize
+    end
+
+    def parse(conf, options={})
+    end
+  end
+end

data/lib/fluent/auditify/plugin/conf_in_udp.rb

@@ -0,0 +1,18 @@
+require 'fluent/config/error'
+require 'fluent/auditify/plugin/conf'
+
+module Fluent::Auditify::Plugin
+  class ConfInUdp < Conf
+    Fluent::Auditify::Plugin.register_conf('in_udp', self)
+
+    def supported_platform?
+      :any
+    end
+
+    def initialize
+    end
+
+    def parse(conf, options={})
+    end
+  end
+end

data/lib/fluent/auditify/plugin/conf_in_unix.rb

@@ -0,0 +1,18 @@
+require 'fluent/config/error'
+require 'fluent/auditify/plugin/conf'
+
+module Fluent::Auditify::Plugin
+  class ConfInUnix < Conf
+    Fluent::Auditify::Plugin.register_conf('in_unix', self)
+
+    def supported_platform?
+      :any
+    end
+
+    def initialize
+    end
+
+    def parse(conf, options={})
+    end
+  end
+end

data/lib/fluent/auditify/plugin/conf_mask_secrets.rb

@@ -0,0 +1,83 @@
+require 'fluent/config/error'
+require 'fluent/config/v1_parser'
+require 'fluent/auditify/plugin/conf'
+require 'fluent/auditify/parser/v1config'
+require 'fluent/auditify/parsletutil'
+
+module Fluent::Auditify::Plugin
+  class MaskSecrets < Conf
+    Fluent::Auditify::Plugin.register_conf('mask_secrets', self)
+
+    MASK_TABLE = {
+      # generic
+      'private_key_passphrase' =>'YOUR_PRIVATE_KEY_PASSPHRASE',
+      'ca_private_key_passphrase' => 'YOUR_CA_PRIVATE_KEY_PASSPHRASE',
+      'password' => 'YOUR_PASSWORD',
+      'shared_key' => 'YOUR_SHARED_KEY',
+      # s3
+      'aws_key_id' => 'YOUR_AWS_KEY_ID',
+      'aws_sec_key' => 'YOUR_AWS_SEC_KEY',
+      's3_bucket' => 'YOUR_S3_BUCKET',
+    }
+
+    def supported_platform?
+      :any
+    end
+
+    def mask_body(body)
+      modified_body = []
+      body.each do |child|
+        key = child[:name].to_s
+        if MASK_TABLE.keys.include?(key)
+          child[:value].instance_variable_set(:@str, MASK_TABLE[key])
+          modified_body << {name: child[:name],
+                            value: child[:value]}
+        else
+          if child[:section]
+            # process section
+            modified_body << mask_section(child)
+          else
+            modified_body << child
+          end
+        end
+      end
+      modified_body
+    end
+
+    def mask_section(section)
+      {section: section[:section],
+       body: mask_body(section[:body]),
+       name: section[:name]}
+    end
+
+    def parse(conf, options={})
+      begin
+        content = file_get_contents(conf)
+        root = Fluent::Config::V1Parser.parse(content, conf)
+        modified = []
+        begin
+          parser = Fluent::Auditify::Parser::V1ConfigParser.new
+          object = parser.parse(File.read(conf))
+
+          object.each_with_index do |directive, index|
+            if directive[:source] or directive[:match] # input or output plugin
+              directive[:body] = mask_body(directive[:body])
+              modified << directive
+            else
+              modified << directive
+            end
+          end
+          polish(modified)
+          if options[:mask_only]
+            util = Fluent::Auditify::ParsletUtil.new
+            util.export(modified)
+          end
+        rescue => e
+          puts e.parse_failure_cause.ascii_tree
+        end
+      rescue => e
+        log.error("parse error: #{e.message}")
+      end
+    end
+  end
+end

data/lib/fluent/auditify/plugin/conf_out_buffer.rb

@@ -0,0 +1,18 @@
+require 'fluent/config/error'
+require 'fluent/auditify/plugin/conf'
+
+module Fluent::Auditify::Plugin
+  class ConfOutBuffer < Conf
+    Fluent::Auditify::Plugin.register_conf('out_buffer', self)
+
+    def supported_platform?
+      :any
+    end
+
+    def initialize
+    end
+
+    def parse(conf, options={})
+    end
+  end
+end

data/lib/fluent/auditify/plugin/conf_out_copy.rb

@@ -0,0 +1,18 @@
+require 'fluent/config/error'
+require 'fluent/auditify/plugin/conf'
+
+module Fluent::Auditify::Plugin
+  class ConfOutCopy < Conf
+    Fluent::Auditify::Plugin.register_conf('out_copy', self)
+
+    def supported_platform?
+      :any
+    end
+
+    def initialize
+    end
+
+    def parse(conf, options={})
+    end
+  end
+end

data/lib/fluent/auditify/plugin/conf_out_exec.rb

@@ -0,0 +1,18 @@
+require 'fluent/config/error'
+require 'fluent/auditify/plugin/conf'
+
+module Fluent::Auditify::Plugin
+  class ConfOutExec < Conf
+    Fluent::Auditify::Plugin.register_conf('out_exec', self)
+
+    def supported_platform?
+      :any
+    end
+
+    def initialize
+    end
+
+    def parse(conf, options={})
+    end
+  end
+end

data/lib/fluent/auditify/plugin/conf_out_exec_filter.rb

@@ -0,0 +1,18 @@
+require 'fluent/config/error'
+require 'fluent/auditify/plugin/conf'
+
+module Fluent::Auditify::Plugin
+  class ConfOutExecFilter < Conf
+    Fluent::Auditify::Plugin.register_conf('out_exec_filter', self)
+
+    def supported_platform?
+      :any
+    end
+
+    def initialize
+    end
+
+    def parse(conf, options={})
+    end
+  end
+end

data/lib/fluent/auditify/plugin/conf_out_file.rb

@@ -0,0 +1,18 @@
+require 'fluent/config/error'
+require 'fluent/auditify/plugin/conf'
+
+module Fluent::Auditify::Plugin
+  class ConfOutFile < Conf
+    Fluent::Auditify::Plugin.register_conf('out_file', self)
+
+    def supported_platform?
+      :any
+    end
+
+    def initialize
+    end
+
+    def parse(conf, options={})
+    end
+  end
+end

data/lib/fluent/auditify/plugin/conf_out_forward.rb

@@ -0,0 +1,18 @@
+require 'fluent/config/error'
+require 'fluent/auditify/plugin/conf'
+
+module Fluent::Auditify::Plugin
+  class ConfOutForward < Conf
+    Fluent::Auditify::Plugin.register_conf('out_forward', self)
+
+    def supported_platform?
+      :any
+    end
+
+    def initialize
+    end
+
+    def parse(conf, options={})
+    end
+  end
+end

data/lib/fluent/auditify/plugin/conf_out_http.rb

@@ -0,0 +1,18 @@
+require 'fluent/config/error'
+require 'fluent/auditify/plugin/conf'
+
+module Fluent::Auditify::Plugin
+  class ConfOutHttp < Conf
+    Fluent::Auditify::Plugin.register_conf('out_http', self)
+
+    def supported_platform?
+      :any
+    end
+
+    def initialize
+    end
+
+    def parse(conf, options={})
+    end
+  end
+end

data/lib/fluent/auditify/plugin/conf_out_null.rb

@@ -0,0 +1,18 @@
+require 'fluent/config/error'
+require 'fluent/auditify/plugin/conf'
+
+module Fluent::Auditify::Plugin
+  class ConfOutNull < Conf
+    Fluent::Auditify::Plugin.register_conf('out_null', self)
+
+    def supported_platform?
+      :any
+    end
+
+    def initialize
+    end
+
+    def parse(conf, options={})
+    end
+  end
+end

data/lib/fluent/auditify/plugin/conf_out_relabel.rb

@@ -0,0 +1,18 @@
+require 'fluent/config/error'
+require 'fluent/auditify/plugin/conf'
+
+module Fluent::Auditify::Plugin
+  class ConfOutRelabel < Conf
+    Fluent::Auditify::Plugin.register_conf('out_relabel', self)
+
+    def supported_platform?
+      :any
+    end
+
+    def initialize
+    end
+
+    def parse(conf, options={})
+    end
+  end
+end

data/lib/fluent/auditify/plugin/conf_out_rewrite_tag_filter.rb

@@ -0,0 +1,18 @@
+require 'fluent/config/error'
+require 'fluent/auditify/plugin/conf'
+
+module Fluent::Auditify::Plugin
+  class ConfOutRewriteTagFilter < Conf
+    Fluent::Auditify::Plugin.register_conf('out_rewrite_tag_filter', self)
+
+    def supported_platform?
+      :any
+    end
+
+    def initialize
+    end
+
+    def parse(conf, options={})
+    end
+  end
+end

data/lib/fluent/auditify/plugin/conf_out_roundrobin.rb

@@ -0,0 +1,18 @@
+require 'fluent/config/error'
+require 'fluent/auditify/plugin/conf'
+
+module Fluent::Auditify::Plugin
+  class ConfOutRoundrobin < Conf
+    Fluent::Auditify::Plugin.register_conf('out_roundrobin', self)
+
+    def supported_platform?
+      :any
+    end
+
+    def initialize
+    end
+
+    def parse(conf, options={})
+    end
+  end
+end

data/lib/fluent/auditify/plugin/conf_out_secondary_file.rb

@@ -0,0 +1,18 @@
+require 'fluent/config/error'
+require 'fluent/auditify/plugin/conf'
+
+module Fluent::Auditify::Plugin
+  class ConfOutSecondaryFile < Conf
+    Fluent::Auditify::Plugin.register_conf('out_secondary_file', self)
+
+    def supported_platform?
+      :any
+    end
+
+    def initialize
+    end
+
+    def parse(conf, options={})
+    end
+  end
+end

data/lib/fluent/auditify/plugin/conf_out_stdout.rb

@@ -0,0 +1,18 @@
+require 'fluent/config/error'
+require 'fluent/auditify/plugin/conf'
+
+module Fluent::Auditify::Plugin
+  class ConfOutStdout < Conf
+    Fluent::Auditify::Plugin.register_conf('out_stdout', self)
+
+    def supported_platform?
+      :any
+    end
+
+    def initialize
+    end
+
+    def parse(conf, options={})
+    end
+  end
+end

data/lib/fluent/auditify/plugin/conf_plugin_params.rb

@@ -0,0 +1,93 @@
+require 'fluent/config/error'
+require 'fluent/auditify/plugin/conf'
+require 'fluent/auditify/parser/v1config'
+require 'fluent/config/v1_parser'
+require 'yaml'
+begin
+  require 'fluent/version'
+  if Gem::Version.new(Fluent::VERSION) > Gem::Version.new('1.15.0')
+    require 'fluent/config/yaml_parser'
+  end
+rescue LoadError
+end
+require 'term/ansicolor'
+
+module Fluent::Auditify::Plugin
+  class ConfPluginParams < Conf
+    Fluent::Auditify::Plugin.register_conf('params', self)
+
+    def supported_platform?
+      :any
+    end
+
+    def supported_file_extension?
+      [:conf, :yaml, :yml]
+    end
+
+    def initialize
+      super
+    end
+
+    def parse(conf_path, options={})
+      @options.merge!(options) unless options.empty?
+      if conf_path.end_with?('.yaml', '.yml')
+      else conf_path.end_with?('.conf')
+        process_conf(conf_path, options)
+      end
+    end
+
+    def process_conf(conf_path, options={})
+      content = file_get_contents(conf_path)
+      @parser = Fluent::Auditify::Parser::V1ConfigParser.new
+      object = @parser.parse(content)
+
+      root = Fluent::Config::V1Parser.parse(content, conf_path)
+      nth_source = 0
+      root.elements.collect do |element|
+        case element.name
+        when 'source'
+          # parse
+          type = 'input'
+          plugin_name = element['@type']
+          plugin_spec = plugin_defs(type, plugin_name)
+          element.keys.each do |param|
+            unless plugin_spec.key?(param)
+              if @options[:config_version] == :v1
+                next if param == '@type'
+                source = @parser.find_nth_element('source', nth: nth_source + 1, elements: object)
+                source[:body].each do |pair|
+                  if pair[:name] == 'type' and pair[:value] == plugin_name
+                    num = pair[:value].line_and_column.first
+                    lines = file_get_contents(conf_path, lines: true)
+                    guilty(:warn, "<#{param}> is deprecated, use @type instead",
+                           {path: conf_path, line: num,
+                            content: lines[num],
+                            suggest: lines[num - 1][:content].sub(/type/, '@type'),
+                            category: :params, plugin: :params})
+                  elsif pair[:name] == param and not pair.key?(:value)
+                    # only key (use default value)
+                    guilty(:error, "unknown <#{param}> parameter", {path: conf_path, category: :params, plugin: :params})
+                  end
+                end
+                next
+              elsif options[:config_version] == :v0
+                next if param == 'type'
+                guilty(:error, "unknown <#{param}> parameter", {path: conf_path, category: :params, plugin: :params})
+                next
+              end
+            end
+          end
+          # directive such as <parse>
+          if Gem::Version.new(Fluent::VERSION) >= Gem::Version.new('1.7.0')
+            # Until Fluentd < 1.7.x, spec does not contain supported section
+            element.elements.each do |section|
+              unless plugin_spec.key?(section.name)
+                guilty(:error, "unknown <#{section.name}> directive", {path: conf_path, category: :params, plugin: :params})
+              end
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/fluent/auditify/plugin/conf_plugin_type.rb

@@ -0,0 +1,113 @@
+require 'fluent/config/error'
+begin
+  require 'fluent/config/yaml_parser'
+rescue LoadError
+end
+require 'fluent/config/v1_parser'
+require 'fluent/auditify/plugin/conf'
+require 'fluent/auditify/parser/v1config'
+require 'open3'
+
+module Fluent::Auditify::Plugin
+  class ConfPluginType < Conf
+    Fluent::Auditify::Plugin.register_conf('type', self)
+
+    def supported_platform?
+      :any
+    end
+
+    def supported_file_extension?
+      [:conf, :yaml, :yml]
+    end
+
+    def initialize
+      super
+    end
+
+    def plugin_info
+      {
+        name: 'plugin_type',
+        summary: 'Detect whether wrong plugin name was specified or not',
+        description: 'Detect whether wrong plugin name was specified or not in each directives. Typically it can detect the case that @type forward in filter directive.'
+      }
+    end
+
+    def parse(conf_path, options={})
+      if yaml?(conf_path)
+        raise NotImplementedError
+      else conf?(conf_path)
+        process_conf(conf_path, options)
+      end
+    end
+
+    private
+    
+    def process_conf(conf_path, options={})
+      content = file_get_contents(conf_path)
+      @parser = Fluent::Auditify::Parser::V1ConfigParser.new
+      object = @parser.parse(content)
+      root = Fluent::Config::V1Parser.parse(content, conf_path)
+      root.elements.each_with_index do |element, index|
+        case element.name
+        when 'source'
+          # parse
+          type = 'input'
+        when 'filter'
+          type = 'filter'
+          plugin_name = element['@type']
+          plugin_spec = plugin_defs(type, plugin_name)
+          if plugin_spec.empty?
+            input_spec = plugin_defs('input', plugin_name)
+            output_spec = plugin_defs('output', plugin_name)
+            if input_spec.empty? and output_spec.empty?
+              guilty(:error, "unknown <#{plugin_name}> filter plugin", {path: conf_path, category: :syntax, plugin: :type})
+            else
+              unless input_spec.empty?
+                guess_type = 'input'
+              end
+              unless output_spec.empty?
+                guess_type = 'output'
+              end
+              filter = @parser.find_nth_element('filter', nth: index + 1, elements: object)
+              filter[:body].each do |pair|
+                if pair[:name] == '@type' and pair[:value] == plugin_name
+                  num = pair[:value].line_and_column.first
+                  lines = file_get_contents(conf_path, lines: true)
+                  guilty(:error, "unknown <#{plugin_name}> filter plugin. Did you mean '@type #{plugin_name}' as #{guess_type} plugin?",
+                         {path: conf_path, line: num, content: lines[num - 1], category: :syntax, plugin: :type})
+                end
+              end
+            end
+          end
+        when 'match'
+          type = 'output'
+          plugin_name = element['@type']
+          plugin_spec = plugin_defs(type, plugin_name)
+          if plugin_spec.empty?
+            input_spec = plugin_defs('input', plugin_name)
+            filter_spec = plugin_defs('filter', plugin_name)
+            if input_spec.empty? and filter_spec.empty?
+              guilty(:error, "unknown <#{plugin_name}> output plugin", {path: conf_path, category: :syntax, plugin: :type})
+            else
+              unless input_spec.empty?
+                guess_type = 'input'
+              end
+              unless filter_spec.empty?
+                guess_type = 'filter'
+              end
+              output = @parser.find_nth_element('output', nth: index + 1, elements: object)
+              output[:body].each do |pair|
+                if pair[:name] == '@type' and pair[:value] == plugin_name
+                  num = pair[:value].line_and_column.first
+                  lines = file_get_contents(conf_path, lines: true)
+                  guilty(:error, "unknown <#{plugin_name}> output plugin. Did you mean '@type #{plugin_name}' as #{guess_type} plugin?",
+                         {path: conf_path, line: num, content: lines[num - 1], category: :syntax, plugin: :type})
+                end
+              end
+            end
+          end
+        end
+      end
+    end
+  end
+end