logstash-filter-cipher 2.0.5 → 2.0.6

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 0eb5010104970659f218f0ae28fca7cdc4b905ed
-  data.tar.gz: ef27f4ee0cc6671080ee77f4ac3a4701bc2abae1
+  metadata.gz: cbca0f8a8e9f7238c622ddddd6b3bea364bc7593
+  data.tar.gz: 25501d5359ee6bd2294ef782c9d24845fe0a7880
 SHA512:
-  metadata.gz: 4590b734899a0ea7e49e7fbff9ec7be1ada6881e2b9b0b130509cb968afd869a56c36329bff40356d54f1426ef91f045bd9277b3e0b45817549915b785e3915d
-  data.tar.gz: fead1ca35a6313c9201ed0cf8e0baa434bc9627a430a1b8d43bd2e2b104321f1a0d9a5f0ebb7608a2f05082c69ecf66b84c39df24b0d52ef4c07b1b93d130208
+  metadata.gz: 356b67cc860424b7da5c28f865de3faea3d1db4fdafee60cabcc64c960762319d39d6d8050cdcb182d0fea116d8893f476b1a14301558b9b37b2ed97eadc24ba
+  data.tar.gz: 9686860078d4b348ed59d19643cbc4d30dfbc60b13a604da32e41f0341e616031eef0c4e0e17cd92871a0aa0689cfa28921e60602ed88533c8da7cc77739ea3a

data/Gemfile

@@ -1,2 +1,11 @@
 source 'https://rubygems.org'
-gemspec
+
+gemspec
+
+logstash_path = ENV["LOGSTASH_PATH"] || "../../logstash"
+use_logstash_source = ENV["LOGSTASH_SOURCE"] && ENV["LOGSTASH_SOURCE"].to_s == "1"
+
+if Dir.exist?(logstash_path) && use_logstash_source
+  gem 'logstash-core', :path => "#{logstash_path}/logstash-core"
+  gem 'logstash-core-plugin-api', :path => "#{logstash_path}/logstash-core-plugin-api"
+end

data/LICENSE

@@ -1,4 +1,4 @@
-Copyright (c) 2012–2015 Elasticsearch <http://www.elastic.co>
+Copyright (c) 2012–2016 Elasticsearch <http://www.elastic.co>
 
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.

data/README.md

@@ -1,7 +1,6 @@
 # Logstash Plugin
 
-[![Build
-Status](http://build-eu-00.elastic.co/view/LS%20Plugins/view/LS%20Filters/job/logstash-plugin-filter-cipher-unit/badge/icon)](http://build-eu-00.elastic.co/view/LS%20Plugins/view/LS%20Filters/job/logstash-plugin-filter-cipher-unit/)
+[![Travis Build Status](https://travis-ci.org/logstash-plugins/logstash-filter-cipher.svg)](https://travis-ci.org/logstash-plugins/logstash-filter-cipher)
 
 This is a plugin for [Logstash](https://github.com/elastic/logstash).
 
@@ -56,7 +55,12 @@ gem "logstash-filter-awesome", :path => "/your/local/logstash-filter-awesome"
 ```
 - Install plugin
 ```sh
+# Logstash 2.3 and higher
+bin/logstash-plugin install --no-verify
+
+# Prior to Logstash 2.3
 bin/plugin install --no-verify
+
 ```
 - Run Logstash with your plugin
 ```sh
@@ -74,7 +78,12 @@ gem build logstash-filter-awesome.gemspec
 ```
 - Install the plugin from the Logstash home
 ```sh
-bin/plugin install /your/local/plugin/logstash-filter-awesome.gem
+# Logstash 2.3 and higher
+bin/logstash-plugin install --no-verify
+
+# Prior to Logstash 2.3
+bin/plugin install --no-verify
+
 ```
 - Start Logstash and proceed to test the plugin
 

data/docs/index.asciidoc

@@ -0,0 +1,243 @@
+:plugin: cipher
+:type: filter
+
+///////////////////////////////////////////
+START - GENERATED VARIABLES, DO NOT EDIT!
+///////////////////////////////////////////
+:version: %VERSION%
+:release_date: %RELEASE_DATE%
+:changelog_url: %CHANGELOG_URL%
+:include_path: ../../../../logstash/docs/include
+///////////////////////////////////////////
+END - GENERATED VARIABLES, DO NOT EDIT!
+///////////////////////////////////////////
+
+[id="plugins-{type}-{plugin}"]
+
+=== Cipher filter plugin
+
+include::{include_path}/plugin_header.asciidoc[]
+
+==== Description
+
+This filter parses a source and apply a cipher or decipher before
+storing it in the target.
+
+
+[id="plugins-{type}s-{plugin}-options"]
+==== Cipher Filter Configuration Options
+
+This plugin supports the following configuration options plus the <<plugins-{type}s-{plugin}-common-options>> described later.
+
+[cols="<,<,<",options="header",]
+|=======================================================================
+|Setting |Input type|Required
+| <<plugins-{type}s-{plugin}-algorithm>> |<<string,string>>|Yes
+| <<plugins-{type}s-{plugin}-base64>> |<<boolean,boolean>>|No
+| <<plugins-{type}s-{plugin}-cipher_padding>> |<<string,string>>|No
+| <<plugins-{type}s-{plugin}-iv_random_length>> |<<number,number>>|No
+| <<plugins-{type}s-{plugin}-key>> |<<string,string>>|No
+| <<plugins-{type}s-{plugin}-key_pad>> |<<,>>|No
+| <<plugins-{type}s-{plugin}-key_size>> |<<number,number>>|No
+| <<plugins-{type}s-{plugin}-max_cipher_reuse>> |<<number,number>>|No
+| <<plugins-{type}s-{plugin}-mode>> |<<string,string>>|Yes
+| <<plugins-{type}s-{plugin}-source>> |<<string,string>>|No
+| <<plugins-{type}s-{plugin}-target>> |<<string,string>>|No
+|=======================================================================
+
+Also see <<plugins-{type}s-{plugin}-common-options>> for a list of options supported by all
+filter plugins.
+
+&nbsp;
+
+[id="plugins-{type}s-{plugin}-algorithm"]
+===== `algorithm` 
+
+  * This is a required setting.
+  * Value type is <<string,string>>
+  * There is no default value for this setting.
+
+The cipher algorithm
+
+A list of supported algorithms can be obtained by
+[source,ruby]
+    puts OpenSSL::Cipher.ciphers
+
+[id="plugins-{type}s-{plugin}-base64"]
+===== `base64` 
+
+  * Value type is <<boolean,boolean>>
+  * Default value is `true`
+
+Do we have to perform a `base64` decode or encode?
+
+If we are decrypting, `base64` decode will be done before.
+If we are encrypting, `base64` will be done after.
+
+
+[id="plugins-{type}s-{plugin}-cipher_padding"]
+===== `cipher_padding` 
+
+  * Value type is <<string,string>>
+  * There is no default value for this setting.
+
+Cipher padding to use. Enables or disables padding.
+
+By default encryption operations are padded using standard block padding
+and the padding is checked and removed when decrypting. If the pad
+parameter is zero then no padding is performed, the total amount of data
+encrypted or decrypted must then be a multiple of the block size or an
+error will occur.
+
+See EVP_CIPHER_CTX_set_padding for further information.
+
+We are using Openssl jRuby which uses default padding to PKCS5Padding
+If you want to change it, set this parameter. If you want to disable
+it, Set this parameter to 0
+[source,ruby]
+    filter { cipher { cipher_padding => 0 }}
+
+[id="plugins-{type}s-{plugin}-iv"]
+===== `iv`  (DEPRECATED)
+
+  * DEPRECATED WARNING: This configuration item is deprecated and may not be available in future versions.
+  * Value type is <<string,string>>
+  * There is no default value for this setting.
+
+The initialization vector to use (statically hard-coded). For
+a random IV see the iv_random_length property
+
+NOTE: If iv_random_length is set, it takes precedence over any value set for "iv"
+
+The cipher modes CBC, CFB, OFB and CTR all need an "initialization
+vector", or short, IV. ECB mode is the only mode that does not require
+an IV, but there is almost no legitimate use case for this mode
+because of the fact that it does not sufficiently hide plaintext patterns.
+
+For AES algorithms set this to a 16 byte string.
+[source,ruby]
+    filter { cipher { iv => "1234567890123456" }}
+
+Deprecated: Please use `iv_random_length` instead
+
+[id="plugins-{type}s-{plugin}-iv_random_length"]
+===== `iv_random_length` 
+
+  * Value type is <<number,number>>
+  * There is no default value for this setting.
+
+Force an random IV to be used per encryption invocation and specify
+the length of the random IV that will be generated via:
+
+      OpenSSL::Random.random_bytes(int_length)
+
+If iv_random_length is set, it takes precedence over any value set for "iv"
+
+Enabling this will force the plugin to generate a unique
+random IV for each encryption call. This random IV will be prepended to the
+encrypted result bytes and then base64 encoded. On decryption "iv_random_length" must
+also be set to utilize this feature. Random IV's are better than statically
+hardcoded IVs
+
+For AES algorithms you can set this to a 16
+[source,ruby]
+    filter { cipher { iv_random_length => 16 }}
+
+[id="plugins-{type}s-{plugin}-key"]
+===== `key` 
+
+  * Value type is <<string,string>>
+  * There is no default value for this setting.
+
+The key to use
+
+NOTE: If you encounter an error message at runtime containing the following:
+
+"java.security.InvalidKeyException: Illegal key size: possibly you need to install 
+Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files for your JRE"
+
+Please read the following: https://github.com/jruby/jruby/wiki/UnlimitedStrengthCrypto
+
+
+[id="plugins-{type}s-{plugin}-key_pad"]
+===== `key_pad` 
+
+  * Value type is <<string,string>>
+  * Default value is `"\u0000"`
+
+The character used to pad the key
+
+[id="plugins-{type}s-{plugin}-key_size"]
+===== `key_size` 
+
+  * Value type is <<number,number>>
+  * Default value is `16`
+
+The key size to pad
+
+It depends of the cipher algorithm. If your key doesn't need
+padding, don't set this parameter
+
+Example, for AES-128, we must have 16 char long key. AES-256 = 32 chars 
+[source,ruby]
+    filter { cipher { key_size => 16 }
+
+
+[id="plugins-{type}s-{plugin}-max_cipher_reuse"]
+===== `max_cipher_reuse` 
+
+  * Value type is <<number,number>>
+  * Default value is `1`
+
+If this is set the internal Cipher instance will be
+re-used up to @max_cipher_reuse times before being
+reset() and re-created from scratch. This is an option
+for efficiency where lots of data is being encrypted
+and decrypted using this filter. This lets the filter
+avoid creating new Cipher instances over and over
+for each encrypt/decrypt operation.
+
+This is optional, the default is no re-use of the Cipher
+instance and max_cipher_reuse = 1 by default
+[source,ruby]
+    filter { cipher { max_cipher_reuse => 1000 }}
+
+[id="plugins-{type}s-{plugin}-mode"]
+===== `mode` 
+
+  * This is a required setting.
+  * Value type is <<string,string>>
+  * There is no default value for this setting.
+
+Encrypting or decrypting some data
+
+Valid values are encrypt or decrypt
+
+[id="plugins-{type}s-{plugin}-source"]
+===== `source` 
+
+  * Value type is <<string,string>>
+  * Default value is `"message"`
+
+The field to perform filter
+
+Example, to use the @message field (default) :
+[source,ruby]
+    filter { cipher { source => "message" } }
+
+[id="plugins-{type}s-{plugin}-target"]
+===== `target` 
+
+  * Value type is <<string,string>>
+  * Default value is `"message"`
+
+The name of the container to put the result
+
+Example, to place the result into crypt :
+[source,ruby]
+    filter { cipher { target => "crypt" } }
+
+
+
+[id="plugins-{type}s-{plugin}-common-options"]
+include::{include_path}/{type}.asciidoc[]

data/logstash-filter-cipher.gemspec

@@ -1,17 +1,17 @@
 Gem::Specification.new do |s|
 
   s.name            = 'logstash-filter-cipher'
-  s.version         = '2.0.5'
+  s.version         = '2.0.6'
   s.licenses        = ['Apache License (2.0)']
   s.summary         = "This filter parses a source and apply a cipher or decipher before storing it in the target"
-  s.description     = "This gem is a logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/plugin install gemname. This gem is not a stand-alone program"
+  s.description     = "This gem is a Logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/logstash-plugin install gemname. This gem is not a stand-alone program"
   s.authors         = ["Elastic"]
   s.email           = 'info@elastic.co'
   s.homepage        = "http://www.elastic.co/guide/en/logstash/current/index.html"
   s.require_paths = ["lib"]
 
   # Files
-  s.files = Dir['lib/**/*','spec/**/*','vendor/**/*','*.gemspec','*.md','CONTRIBUTORS','Gemfile','LICENSE','NOTICE.TXT']
+  s.files = Dir["lib/**/*","spec/**/*","*.gemspec","*.md","CONTRIBUTORS","Gemfile","LICENSE","NOTICE.TXT", "vendor/jar-dependencies/**/*.jar", "vendor/jar-dependencies/**/*.rb", "VERSION", "docs/**/*"]
 
   # Tests
   s.test_files = s.files.grep(%r{^(test|spec|features)/})

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: logstash-filter-cipher
 version: !ruby/object:Gem::Version
-  version: 2.0.5
+  version: 2.0.6
 platform: ruby
 authors:
 - Elastic
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2016-03-24 00:00:00.000000000 Z
+date: 2017-06-23 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   requirement: !ruby/object:Gem::Requirement
@@ -38,7 +38,7 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
-description: This gem is a logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/plugin install gemname. This gem is not a stand-alone program
+description: This gem is a Logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/logstash-plugin install gemname. This gem is not a stand-alone program
 email: info@elastic.co
 executables: []
 extensions: []
@@ -50,6 +50,7 @@ files:
 - LICENSE
 - NOTICE.TXT
 - README.md
+- docs/index.asciidoc
 - lib/logstash/filters/cipher.rb
 - logstash-filter-cipher.gemspec
 - spec/filters/cipher_spec.rb