logstash-core 1.5.3.snapshot1-java → 1.5.3.snapshot2-java

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.


This version of logstash-core might be problematic. Click here for more details.

checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: ba907769485a75b87b1b1853b43dc2c44823294a
4
- data.tar.gz: a9ac488f8a87e5e05cebeb5b9ae12e7eab9ecacc
3
+ metadata.gz: 167268ee29e6f1789d22217c70c8f9860f4c1c45
4
+ data.tar.gz: 480dd1f7ca4035fe7352d8a4e09eb1e5609de086
5
5
  SHA512:
6
- metadata.gz: 9bfa3d672055b2df6f56950618aaabfc65310408781ae50ce626de31a6a111d89717c4f2f7c6a3e07f83f2b81fb8139f84ebd14e68d23e36b607f1046022f5ae
7
- data.tar.gz: e21ad51d7681e03d4f532df182d6a7e21740373ba5825d9435f23eb83bf1b2c2187370a3da9acf0bcf6369ac6eb218c0ed95c9b4bde5b8a731c660a6e3e4bdcd
6
+ metadata.gz: aebae3223652b1e4c7605a20ad8ca0d9d4c30cc13160511c43e33e701925c269cb95f90c8d3685043e815b824eabaa335ca595e0bd574f0ec9e4d5c97a6f47a4
7
+ data.tar.gz: c7d4f1d085f6da87187a10d89f8f618aacc4135cc9526096d11297a675bfcf4b5f684ab2cd4e36faafbd9031be6da08dfda895bb7383d087bf072f16b792984f
@@ -33,7 +33,7 @@ class LogStash::Outputs::Base < LogStash::Plugin
33
33
  # Note that this setting may not be useful for all outputs.
34
34
  config :workers, :validate => :number, :default => 1
35
35
 
36
- attr_reader :worker_plugins
36
+ attr_reader :worker_plugins, :worker_queue
37
37
 
38
38
  public
39
39
  def workers_not_supported(message=nil)
@@ -1,3 +1,4 @@
1
1
  require "logstash/patches/bugfix_jruby_2558"
2
2
  require "logstash/patches/cabin"
3
3
  require "logstash/patches/profile_require_calls"
4
+ require "logstash/patches/stronger_openssl_defaults"
@@ -0,0 +1,62 @@
1
+
2
+ require "openssl"
3
+
4
+ # :nodoc:
5
+ class OpenSSL::SSL::SSLContext
6
+ # Wrap SSLContext.new to a stronger default settings.
7
+ class << self
8
+ alias_method :orig_new, :new
9
+ def new(*args)
10
+ c = orig_new(*args)
11
+
12
+ # MRI nor JRuby seem to actually invoke `SSLContext#set_params` by
13
+ # default, which makes the default ciphers (and other settings) not
14
+ # actually defaults. Oops!
15
+ # To force this, and force our (hopefully more secure) defaults on
16
+ # all things using openssl in Ruby, we will invoke set_params
17
+ # on all new SSLContext objects.
18
+ c.set_params
19
+ c
20
+ end
21
+ end
22
+
23
+ # This cipher selection comes from https://wiki.mozilla.org/Security/Server_Side_TLS
24
+ MOZILLA_INTERMEDIATE_CIPHERS = "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA"
25
+
26
+ # Returns the value that should be used for the default SSLContext options
27
+ #
28
+ # This is a method instead of a constant because some constants (like
29
+ # OpenSSL::SSL::OP_NO_COMPRESSION) may not be available in all Ruby
30
+ # versions/platforms.
31
+ def self.__default_options
32
+ # ruby-core is refusing to patch ruby's default openssl settings to be more
33
+ # secure, so let's fix that here. The next few lines setting options and
34
+ # ciphers come from jmhodges' proposed patch
35
+ ssloptions = OpenSSL::SSL::OP_ALL
36
+
37
+ # TODO(sissel): JRuby doesn't have this. Maybe work on a fix?
38
+ if defined?(OpenSSL::SSL::OP_DONT_INSERT_EMPTY_FRAGMENTS)
39
+ ssloptions &= ~OpenSSL::SSL::OP_DONT_INSERT_EMPTY_FRAGMENTS
40
+ end
41
+
42
+ # TODO(sissel): JRuby doesn't have this. Maybe work on a fix?
43
+ if defined?(OpenSSL::SSL::OP_NO_COMPRESSION)
44
+ ssloptions |= OpenSSL::SSL::OP_NO_COMPRESSION
45
+ end
46
+
47
+ # Disable SSLv2 and SSLv3. They are insecure and highly discouraged.
48
+ ssloptions |= OpenSSL::SSL::OP_NO_SSLv2 if defined?(OpenSSL::SSL::OP_NO_SSLv2)
49
+ ssloptions |= OpenSSL::SSL::OP_NO_SSLv3 if defined?(OpenSSL::SSL::OP_NO_SSLv3)
50
+ ssloptions
51
+ end
52
+
53
+ # Overwriting the DEFAULT_PARAMS const idea from here: https://www.ruby-lang.org/en/news/2014/10/27/changing-default-settings-of-ext-openssl/
54
+ remove_const(:DEFAULT_PARAMS) if const_defined?(:DEFAULT_PARAMS)
55
+ DEFAULT_PARAMS = {
56
+ :ssl_version => "SSLv23",
57
+ :verify_mode => OpenSSL::SSL::VERIFY_PEER,
58
+ :ciphers => MOZILLA_INTERMEDIATE_CIPHERS,
59
+ :options => __default_options # Not a constant because it's computed at start-time.
60
+ }
61
+
62
+ end
@@ -8,6 +8,7 @@ require "logstash/config/file"
8
8
  require "logstash/filters/base"
9
9
  require "logstash/inputs/base"
10
10
  require "logstash/outputs/base"
11
+ require "logstash/util/reporter"
11
12
 
12
13
  class LogStash::Pipeline
13
14
 
@@ -252,6 +253,8 @@ class LogStash::Pipeline
252
253
  #
253
254
  # This method is intended to be called from another thread
254
255
  def shutdown
256
+ InflightEventsReporter.logger = @logger
257
+ InflightEventsReporter.start(@input_to_filter, @filter_to_output, @outputs)
255
258
  @input_threads.each do |thread|
256
259
  # Interrupt all inputs
257
260
  @logger.info("Sending shutdown signal to input thread", :thread => thread)
@@ -0,0 +1,27 @@
1
+ class InflightEventsReporter
2
+ def self.logger=(logger)
3
+ @logger = logger
4
+ end
5
+
6
+ def self.start(input_to_filter, filter_to_output, outputs)
7
+ Thread.new do
8
+ loop do
9
+ sleep 5
10
+ report(input_to_filter, filter_to_output, outputs)
11
+ end
12
+ end
13
+ end
14
+
15
+ def self.report(input_to_filter, filter_to_output, outputs)
16
+ report = {
17
+ "input_to_filter" => input_to_filter.size,
18
+ "filter_to_output" => filter_to_output.size,
19
+ "outputs" => []
20
+ }
21
+ outputs.each do |output|
22
+ next unless output.worker_queue && output.worker_queue.size > 0
23
+ report["outputs"] << [output.inspect, output.worker_queue.size]
24
+ end
25
+ @logger.warn ["INFLIGHT_EVENTS_REPORT", Time.now.iso8601, report]
26
+ end
27
+ end
@@ -1,4 +1,4 @@
1
- module UnicodeTrimmer
1
+ module LogStash::Util::UnicodeTrimmer
2
2
  # The largest possible unicode chars are 4 bytes
3
3
  # http://stackoverflow.com/questions/9533258/what-is-the-maximum-number-of-bytes-for-a-utf-8-encoded-character
4
4
  # http://tools.ietf.org/html/rfc3629
@@ -1,6 +1,6 @@
1
1
  # encoding: utf-8
2
2
  # The version of logstash.
3
- LOGSTASH_VERSION = "1.5.3.snapshot1"
3
+ LOGSTASH_VERSION = "1.5.3.snapshot2"
4
4
 
5
5
  # Note to authors: this should not include dashes because 'gem' barfs if
6
6
  # you include a dash in the version string.
@@ -0,0 +1,25 @@
1
+ require "logstash/patches"
2
+
3
+ describe "OpenSSL defaults" do
4
+ subject { OpenSSL::SSL::SSLContext.new }
5
+
6
+ # OpenSSL::SSL::SSLContext#ciphers returns an array of
7
+ # [ [ ciphername, version, bits, alg_bits ], [ ... ], ... ]
8
+
9
+ # List of cipher names
10
+ let(:ciphers) { subject.ciphers.map(&:first) }
11
+
12
+ # List of cipher encryption bit strength.
13
+ let(:encryption_bits) { subject.ciphers.map { |_, _, _, a| a } }
14
+
15
+ it "should not include any export ciphers" do
16
+ # SSLContext#ciphers returns an array of [ciphername, tlsversion, key_bits, alg_bits]
17
+ # Let's just check the cipher names
18
+ expect(ciphers).not_to be_any { |name| name =~ /EXPORT/ || name =~ /^EXP/ }
19
+ end
20
+
21
+ it "should not include any weak ciphers (w/ less than 128 bits in encryption algorithm)" do
22
+ # SSLContext#ciphers returns an array of [ciphername, tlsversion, key_bits, alg_bits]
23
+ expect(encryption_bits).not_to be_any { |bits| bits < 128 }
24
+ end
25
+ end
@@ -9,19 +9,21 @@ RSpec.configure do |config|
9
9
  end
10
10
 
11
11
  describe "truncating unicode strings correctly" do
12
+ subject { LogStash::Util::UnicodeTrimmer }
13
+
12
14
  context "with extra bytes before the snip" do
13
15
  let(:ustr) { "Testing «ταБЬℓσ»: 1<2 & 4+1>3, now 20% off!" }
14
16
 
15
17
  it "should truncate to exact byte boundaries when possible" do
16
- expect(UnicodeTrimmer.trim_bytes(ustr, 21).bytesize).to eql(21)
18
+ expect(subject.trim_bytes(ustr, 21).bytesize).to eql(21)
17
19
  end
18
20
 
19
21
  it "should truncate below the bytesize when splitting a byte" do
20
- expect(UnicodeTrimmer.trim_bytes(ustr, 20).bytesize).to eql(18)
22
+ expect(subject.trim_bytes(ustr, 20).bytesize).to eql(18)
21
23
  end
22
24
 
23
25
  it "should not truncate the string when the bytesize is already OK" do
24
- expect(UnicodeTrimmer.trim_bytes(ustr, ustr.bytesize)).to eql(ustr)
26
+ expect(subject.trim_bytes(ustr, ustr.bytesize)).to eql(ustr)
25
27
  end
26
28
  end
27
29
 
@@ -29,15 +31,15 @@ describe "truncating unicode strings correctly" do
29
31
  let(:ustr) { ": 1<2 & 4+1>3, now 20% off! testing «ταБЬℓσ»" }
30
32
 
31
33
  it "should truncate to exact byte boundaries when possible" do
32
- expect(UnicodeTrimmer.trim_bytes(ustr, 21).bytesize).to eql(21)
34
+ expect(subject.trim_bytes(ustr, 21).bytesize).to eql(21)
33
35
  end
34
36
 
35
37
  it "should truncate below the bytesize when splitting a byte" do
36
- expect(UnicodeTrimmer.trim_bytes(ustr, 52).bytesize).to eql(51)
38
+ expect(subject.trim_bytes(ustr, 52).bytesize).to eql(51)
37
39
  end
38
40
 
39
41
  it "should not truncate the string when the bytesize is already OK" do
40
- expect(UnicodeTrimmer.trim_bytes(ustr, ustr.bytesize)).to eql(ustr)
42
+ expect(subject.trim_bytes(ustr, ustr.bytesize)).to eql(ustr)
41
43
  end
42
44
  end
43
45
 
@@ -47,7 +49,7 @@ describe "truncating unicode strings correctly" do
47
49
  let(:expected_range) { (size - 4)..size }
48
50
 
49
51
  stress_it "should be near the boundary of requested size" do
50
- expect(expected_range).to include(UnicodeTrimmer.trim_bytes(text, size).bytesize)
52
+ expect(expected_range).to include(subject.trim_bytes(text, size).bytesize)
51
53
  end
52
54
  end
53
55
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: logstash-core
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.5.3.snapshot1
4
+ version: 1.5.3.snapshot2
5
5
  platform: java
6
6
  authors:
7
7
  - Jordan Sissel
@@ -10,7 +10,7 @@ authors:
10
10
  autorequire:
11
11
  bindir: bin
12
12
  cert_chain: []
13
- date: 2015-07-10 00:00:00.000000000 Z
13
+ date: 2015-07-13 00:00:00.000000000 Z
14
14
  dependencies:
15
15
  - !ruby/object:Gem::Dependency
16
16
  name: cabin
@@ -201,6 +201,7 @@ files:
201
201
  - lib/logstash/patches/cabin.rb
202
202
  - lib/logstash/patches/profile_require_calls.rb
203
203
  - lib/logstash/patches/rubygems.rb
204
+ - lib/logstash/patches/stronger_openssl_defaults.rb
204
205
  - lib/logstash/pipeline.rb
205
206
  - lib/logstash/plugin.rb
206
207
  - lib/logstash/program.rb
@@ -219,6 +220,7 @@ files:
219
220
  - lib/logstash/util/password.rb
220
221
  - lib/logstash/util/plugin_version.rb
221
222
  - lib/logstash/util/prctl.rb
223
+ - lib/logstash/util/reporter.rb
222
224
  - lib/logstash/util/require-helper.rb
223
225
  - lib/logstash/util/retryable.rb
224
226
  - lib/logstash/util/socket_peer.rb
@@ -242,6 +244,7 @@ files:
242
244
  - spec/lib/logstash/java_integration_spec.rb
243
245
  - spec/license_spec.rb
244
246
  - spec/logstash/agent_spec.rb
247
+ - spec/logstash/patches_spec.rb
245
248
  - spec/outputs/base_spec.rb
246
249
  - spec/spec_helper.rb
247
250
  - spec/util/accessors_spec.rb
@@ -293,6 +296,7 @@ test_files:
293
296
  - spec/lib/logstash/java_integration_spec.rb
294
297
  - spec/license_spec.rb
295
298
  - spec/logstash/agent_spec.rb
299
+ - spec/logstash/patches_spec.rb
296
300
  - spec/outputs/base_spec.rb
297
301
  - spec/spec_helper.rb
298
302
  - spec/util/accessors_spec.rb