logstash-filter-cidr 3.0.1-java → 3.1.1-java

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 89eecd70d9c1be0d9a0bc35a8f5d30455e5e7910
-  data.tar.gz: 3701266a7423de28509ff85ee77585e920dd0a6f
+  metadata.gz: 16d1dadb28a2ff882cdcc397343743086bcd7fcd
+  data.tar.gz: 8d4890ac0bdf992a1932249e5e1dc039f10f7292
 SHA512:
-  metadata.gz: 536ca051afef22b7fa5ee4d66cc1dad42254c8f99e02795326a6059331f77ccb1463e36d5d9f2d4530c3d47f0329dcf779c0ab7befb54d5a3bc0fc37897846a3
-  data.tar.gz: 1aee1f5d2ff46b5c08bc68e696e85e98ff11d65e57ea5c0b38cc3d2b8d1a6f959df3595083feb5ad75f6ad8fac8b397eaab338e4018f35aa8ff78e1a6d6fe843
+  metadata.gz: 537f8f95bf8caf7c3f4467eed40ffc4bfbe66c3b095140ea6a71d4b2ffe31ac875357a257fdc339ca83e9026fcc784de13e96b1b6a1f3f5d7c802a4ab0345d5d
+  data.tar.gz: b9e297c2810303ee4daad4da798b8fe71000510acc768f4bc38e0f30760e6b6fb10fba14205a9c70c134819f7f581c1ffc1ecc88609c5ad70451aa5690429ffa

data/CHANGELOG.md

@@ -1,3 +1,11 @@
+## 3.1.1
+  - Fix some documentation issues
+
+## 3.1.0
+ - feature: New options 'network_path', 'separator', and
+   'refresh_interval' used for optionally storing the list
+   of networks in an auto-reloaded file.
+
 ## 3.0.0
  - breaking: Updated plugin to use new Java Event APIs
 

data/CONTRIBUTORS

@@ -11,6 +11,7 @@ Contributors:
 * Pier-Hugues Pellerin (ph)
 * Richard Pijnenburg (electrical)
 * Suyog Rao (suyograo)
+* Victor Renan Covalski Junes (VictorCovalski)
 
 Note: If you've sent us patches, bug reports, or otherwise contributed to
 Logstash, and you aren't on the list above and want to be, please let us know

data/docs/index.asciidoc

@@ -12,7 +12,7 @@ START - GENERATED VARIABLES, DO NOT EDIT!
 END - GENERATED VARIABLES, DO NOT EDIT!
 ///////////////////////////////////////////
 
-[id="plugins-{type}-{plugin}"]
+[id="plugins-{type}s-{plugin}"]
 
 === Cidr filter plugin
 
@@ -35,6 +35,9 @@ This plugin supports the following configuration options plus the <<plugins-{typ
 |Setting |Input type|Required
 | <<plugins-{type}s-{plugin}-address>> |<<array,array>>|No
 | <<plugins-{type}s-{plugin}-network>> |<<array,array>>|No
+| <<plugins-{type}s-{plugin}-network_path>> |a valid filesystem path|No
+| <<plugins-{type}s-{plugin}-refresh_interval>>| <<number,number>>|No
+| <<plugins-{type}s-{plugin}-separator>> |<<string,string>>|No
 |=======================================================================
 
 Also see <<plugins-{type}s-{plugin}-common-options>> for a list of options supported by all
@@ -43,7 +46,7 @@ filter plugins.
 &nbsp;
 
 [id="plugins-{type}s-{plugin}-address"]
-===== `address` 
+===== `address`
 
   * Value type is <<array,array>>
   * Default value is `[]`
@@ -59,7 +62,7 @@ The IP address(es) to check with. Example:
     }
 
 [id="plugins-{type}s-{plugin}-network"]
-===== `network` 
+===== `network`
 
   * Value type is <<array,array>>
   * Default value is `[]`
@@ -75,6 +78,37 @@ The IP network(s) to check against. Example:
     }
 
 
+[id="plugins-{type}s-{plugin}-network_path"]
+===== `network_path`
+
+  * Value type is <<path,path>>
+  * There is no default value for this setting.
+
+The full path of the external file containing the networks the filter should check with.
+Networks are separated by a separator character defined in `separator`.
+[source,ruby]
+    192.168.1.0/24
+    192.167.0.0/16	
+NOTE: It is an error to specify both `network` and `network_path`.
+
+[id="plugins-{type}s-{plugin}-refresh_interval"]
+===== `refresh_interval`
+
+  * Value type is <<number,number>>
+  * Default value is `600`
+
+When using an external file, this setting will indicate how frequently
+(in seconds) Logstash will check the file for updates.
+
+
+[id="plugins-{type}s-{plugin}-separator"]
+===== `separator`
+
+  * Value type is <<string,string>>
+  * Default value is `\n`
+
+Separator character used for parsing networks from the external file
+specified by `network_path`. Defaults to newline `\n` character.
 
 [id="plugins-{type}s-{plugin}-common-options"]
-include::{include_path}/{type}.asciidoc[]
+include::{include_path}/{type}.asciidoc[]

data/lib/logstash/filters/cidr.rb

@@ -3,11 +3,11 @@ require "logstash/filters/base"
 require "logstash/namespace"
 require "ipaddr"
 
-
 # The CIDR filter is for checking IP addresses in events against a list of
 # network blocks that might contain it. Multiple addresses can be checked
 # against multiple networks, any match succeeds. Upon success additional tags
 # and/or fields can be added to the event.
+java_import 'java.util.concurrent.locks.ReentrantReadWriteLock'
 
 class LogStash::Filters::CIDR < LogStash::Filters::Base
 
@@ -35,11 +35,90 @@ class LogStash::Filters::CIDR < LogStash::Filters::Base
   #     }
   config :network, :validate => :array, :default => []
 
+  # The full path of the external file containing the IP network(s) to check against. Example:
+  # [source,ruby]
+  #     filter {
+  #       %PLUGIN% {
+  #         add_tag => [ "linklocal" ]
+  #         address => [ "%{clientip}" ]
+  #         network_path => "/etc/logstash/networks"
+  #       }
+  #     }
+  # NOTE: it is an error to specify both 'network' and 'network_path'.
+  config :network_path, :validate => :path
+
+  # When using a network list from a file, this setting will indicate
+  # how frequently (in seconds) Logstash will check the file for
+  # updates.
+  config :refresh_interval, :validate => :number, :default => 600
+
+  # The separator character used in the encoding of the external file
+  # pointed by network_path.
+  config :separator, :validate => :string, :default => "\n"
+
   public
   def register
-    # Nothing
+    rw_lock = java.util.concurrent.locks.ReentrantReadWriteLock.new
+    @read_lock = rw_lock.readLock
+    @write_lock = rw_lock.writeLock
+
+    if @network_path && !@network.empty? #checks if both network and network path are defined in configuration options
+      raise LogStash::ConfigurationError, I18n.t(
+        "logstash.agent.configuration.invalid_plugin_register",
+        :plugin => "filter",
+        :type => "cidr",
+        :error => "The configuration options 'network' and 'network_path' are mutually exclusive"
+      )
+    end
+
+    if @network_path
+      @next_refresh = Time.now + @refresh_interval
+      lock_for_write { load_file }
+    end
   end # def register
 
+  def lock_for_write
+    @write_lock.lock
+    begin
+      yield
+    ensure
+      @write_lock.unlock
+    end
+  end # def lock_for_write
+
+  def lock_for_read #ensuring only one thread updates the network block list
+    @read_lock.lock
+    begin
+      yield
+    ensure
+      @read_lock.unlock
+    end
+  end #def lock_for_read
+
+  def needs_refresh?
+    @next_refresh < Time.now
+  end # def needs_refresh
+
+  def load_file
+    begin
+      temporary = File.open(@network_path, "r") {|file| file.read.split(@separator)}
+      if !temporary.empty? #ensuring the file was parsed correctly
+        @network_list = temporary
+      end
+    rescue
+      if @network_list #if the list was parsed successfully before
+        @logger.error("Error while opening/parsing the file")
+      else
+        raise LogStash::ConfigurationError, I18n.t(
+          "logstash.agent.configuration.invalid_plugin_register",
+          :plugin => "filter",
+          :type => "cidr",
+          :error => "The file containing the network list is invalid, please check the separator character or permissions for the file."
+        )
+      end
+    end
+  end #def load_file
+
   public
   def filter(event)
     address = @address.collect do |a|
@@ -52,16 +131,40 @@ class LogStash::Filters::CIDR < LogStash::Filters::Base
     end
     address.compact!
 
-    network = @network.collect do |n|
-      begin
-        IPAddr.new(event.sprintf(n))
-      rescue ArgumentError => e
-        @logger.warn("Invalid IP network, skipping", :network => n, :event => event)
-        nil
+    if @network_path #in case we are getting networks from an external file
+      if needs_refresh?
+        lock_for_write do
+          if needs_refresh?
+            load_file
+            @next_refresh = Time.now() + @refresh_interval
+          end
+        end #end lock
+      end #end refresh from file
+
+      network = @network_list.collect do |n|
+        begin
+          lock_for_read do
+            IPAddr.new(n)
+          end
+        rescue ArgumentError => e
+          @logger.warn("Invalid IP network, skipping", :network => n, :event => event)
+          nil
+        end
+      end
+
+    else #networks come from array in config file
+
+      network = @network.collect do |n|
+        begin
+          IPAddr.new(event.sprintf(n))
+        rescue ArgumentError => e
+          @logger.warn("Invalid IP network, skipping", :network => n, :event => event)
+          nil
+        end
       end
     end
-    network.compact!
 
+    network.compact! #clean nulls
     # Try every combination of address and network, first match wins
     address.product(network).each do |a, n|
       @logger.debug("Checking IP inclusion", :address => a, :network => n)

data/logstash-filter-cidr.gemspec

@@ -1,7 +1,7 @@
 Gem::Specification.new do |s|
 
   s.name            = 'logstash-filter-cidr'
-  s.version         = '3.0.1'
+  s.version         = '3.1.1'
   s.platform        = 'java'
   s.licenses        = ['Apache License (2.0)']
   s.summary         = "The CIDR filter is for checking IP addresses in events against a list of network blocks that might contain it."

data/spec/files/network

@@ -0,0 +1,2 @@
+192.168.1.0/24
+200.17.160.0/24

data/spec/files/network-comma

@@ -0,0 +1 @@
+192.168.0.0/16,10.1.1.0/24

data/spec/filters/cidr_spec.rb

@@ -3,6 +3,8 @@ require "logstash/filters/cidr"
 
 describe LogStash::Filters::CIDR do
 
+  let(:config) { Hash.new }
+  subject { described_class.new(config) }
   # IPV4
   describe "IPV4 match test" do
     config <<-CONFIG
@@ -16,7 +18,7 @@ describe LogStash::Filters::CIDR do
     CONFIG
 
     sample("clientip" => "192.168.0.30") do
-      insist { subject.get("tags") }.include?("matched") 
+      insist { subject.get("tags") }.include?("matched")
     end
   end
 
@@ -32,7 +34,7 @@ describe LogStash::Filters::CIDR do
     CONFIG
 
     sample("clientip" => "123.52.122.33") do
-       insist { subject.get("tags") }.nil?
+      insist { subject.get("tags") }.nil?
     end
   end
 
@@ -99,8 +101,59 @@ describe LogStash::Filters::CIDR do
     CONFIG
 
     sample("clientip" => "fd82:0:0:0:0:0:0:1") do
-       insist { subject.get("tags") }.nil?
+      insist { subject.get("tags") }.nil?
+    end
+  end
+
+  describe "Load network list from a file" do
+
+    let(:network_path) {File.join(File.dirname(__FILE__), "..", "files", "network")}
+    let(:config) do
+      "filter { cidr { network_path => \"#{network_path}\" address => \"%{clientip}\" add_tag => \[\"matched\"] }}"
+    end
+
+    sample("clientip" => "192.168.1.1") do
+      insist { subject.get("tags") }.include?("matched")
+    end
+
+    sample("clientip" => "200.17.160.201") do
+      insist { subject.get("tags") }.include?("matched")
+    end
+
+    sample("clientip" => "10.1.2.1") do
+      insist { subject.get("tags").nil? }
+    end
+  end
+
+  describe "Try different separator character" do
+
+    let(:network_path) {File.join(File.dirname(__FILE__), "..", "files", "network-comma")}
+    let(:config) do
+      "filter { cidr { network_path => \"#{network_path}\" address => \"%{clientip}\" add_tag => \[\"matched\"] separator => \",\" }}"
+    end
+
+    sample("clientip" => "192.168.1.25") do
+      insist { subject.get("tags").include?("matched")}
     end
+
+    sample("clientip" => "192.167.1.1") do
+      insist { subject.get("tags").nil? }
+    end
+
   end
 
+  describe "general configuration" do
+    let(:network_path) {File.join(File.dirname(__FILE__), "..", "files", "network")}
+    let(:config) do
+      {
+        "clientip"       => "192.168.1.1",
+        "network"        => ["192.168.1.0/24"],
+        "network_path"   => network_path,
+        "add_tag"        => ["matched"]
+      }
+    end
+    it "raises an exception if both 'network' and 'network_path' are set" do
+      expect { subject.register }.to raise_error(LogStash::ConfigurationError)
+    end
+  end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: logstash-filter-cidr
 version: !ruby/object:Gem::Version
-  version: 3.0.1
+  version: 3.1.1
 platform: java
 authors:
 - Elastic
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2017-06-23 00:00:00.000000000 Z
+date: 2017-08-15 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   requirement: !ruby/object:Gem::Requirement
@@ -59,6 +59,8 @@ files:
 - docs/index.asciidoc
 - lib/logstash/filters/cidr.rb
 - logstash-filter-cidr.gemspec
+- spec/files/network
+- spec/files/network-comma
 - spec/filters/cidr_spec.rb
 homepage: http://www.elastic.co/guide/en/logstash/current/index.html
 licenses:
@@ -87,4 +89,6 @@ signing_key:
 specification_version: 4
 summary: The CIDR filter is for checking IP addresses in events against a list of network blocks that might contain it.
 test_files:
+- spec/files/network
+- spec/files/network-comma
 - spec/filters/cidr_spec.rb