logstash-filter-forwarded 1.0.4 → 1.0.5
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +5 -5
- data/CHANGELOG.md +4 -0
- data/lib/logstash/filters/forwarded.rb +16 -16
- data/logstash-filter-forwarded.gemspec +1 -1
- data/spec/filters/forwarded_spec.rb +3 -3
- metadata +17 -15
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
|
-
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
2
|
+
SHA256:
|
|
3
|
+
metadata.gz: 0f1f500dbb7cc97b1db2a9afe092813613d05657f5157216bb9c315bd92a3532
|
|
4
|
+
data.tar.gz: 2ca815eb8a258526b17d76cf11f7b0a79956eea1d9cccdacc7b2b14b2dd764e4
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 85064a1bbc5b269be6502649408f36e5fccc2fd1927d323ad54e02f6ed31e2b76207fddcfe5e9ce585ab953388af1c86eef82714ae051dc175bb21ed1ffdabd5
|
|
7
|
+
data.tar.gz: a9208a31e127eeab8bbab09379e66c4b3886bd1cb87633d3b54312af2b054e29f95f6692c4a4e8c28192b04c48ba2eb2bf8b142c6e6c0bcf92cde983a9e3eeae
|
data/CHANGELOG.md
CHANGED
|
@@ -11,26 +11,26 @@ require "ipaddress" # needed for validity check
|
|
|
11
11
|
|
|
12
12
|
class LogStash::Filters::Forwarded < LogStash::Filters::Base
|
|
13
13
|
config_name "forwarded"
|
|
14
|
-
|
|
14
|
+
|
|
15
15
|
# The field containing the x-forwarded-for string
|
|
16
16
|
config :source, :validate => :string, :required => true
|
|
17
17
|
|
|
18
|
-
# list of ip patterns that private ips start with.
|
|
18
|
+
# list of ip patterns that private ips start with.
|
|
19
19
|
config :private_ipv4_prefixes, :validate => :array, :required => false, :default => ["10.0.0.0/8", "192.168.0.0/16" ,"172.16.0.0/12"]
|
|
20
20
|
|
|
21
21
|
# Private IP Addresses have the following ranges:
|
|
22
22
|
# 10.0.0.0 - 10.255.255.255
|
|
23
23
|
# 172.16.0.0 - 172.31.255.255
|
|
24
|
-
# 192.168.0.0 - 192.168.255.255
|
|
24
|
+
# 192.168.0.0 - 192.168.255.255
|
|
25
25
|
|
|
26
26
|
# The name of the new field containing client ip (optional)
|
|
27
27
|
config :target_client_ip, :validate => :string, :required => false, :default => "forwarded_client_ip"
|
|
28
28
|
|
|
29
29
|
# The name of the new field containing proxy list (optional)
|
|
30
30
|
config :target_proxy_list, :validate => :string, :required => false, :default => "forwarded_proxy_list"
|
|
31
|
-
|
|
31
|
+
|
|
32
32
|
public
|
|
33
|
-
def register
|
|
33
|
+
def register
|
|
34
34
|
@private_ipv4_ranges = @private_ipv4_prefixes.collect do | adress |
|
|
35
35
|
begin
|
|
36
36
|
IPAddr.new(adress)
|
|
@@ -52,11 +52,11 @@ class LogStash::Filters::Forwarded < LogStash::Filters::Base
|
|
|
52
52
|
return unless forwarded and !forwarded.empty?
|
|
53
53
|
|
|
54
54
|
client_ip, proxies = analyse(forwarded)
|
|
55
|
-
|
|
55
|
+
|
|
56
56
|
event.set(@target_client_ip, client_ip) if client_ip
|
|
57
57
|
event.set(@target_proxy_list, proxies) if proxies
|
|
58
|
-
filter_matched(event)
|
|
59
|
-
|
|
58
|
+
filter_matched(event)
|
|
59
|
+
|
|
60
60
|
rescue Exception => e
|
|
61
61
|
@logger.debug("Unknown error while looking up GeoIP data", :exception => e, :field => @source, :event => event)
|
|
62
62
|
# raise e
|
|
@@ -66,7 +66,7 @@ class LogStash::Filters::Forwarded < LogStash::Filters::Base
|
|
|
66
66
|
def analyse(ip)
|
|
67
67
|
return nil, nil if ip.nil?
|
|
68
68
|
# convert the x-forwarded-for string into an array of its comma separated value, if it isn't already.
|
|
69
|
-
ip_list = ip.is_a?(Array) ? ip : ip.downcase.split(",")
|
|
69
|
+
ip_list = ip.is_a?(Array) ? ip : ip.downcase.split(",")
|
|
70
70
|
|
|
71
71
|
# remove some well-known invalid values
|
|
72
72
|
ip_list = ip_list.map { |x| x.strip }.reject { |x| ["-", "unknown"].include? x}
|
|
@@ -76,20 +76,20 @@ class LogStash::Filters::Forwarded < LogStash::Filters::Base
|
|
|
76
76
|
|
|
77
77
|
# get the first public ip in the list
|
|
78
78
|
client_ip = get_client_ip(ip_list)
|
|
79
|
-
|
|
79
|
+
|
|
80
80
|
# remove the public / client ip from the list and use the remainder as the list of proxies involved.
|
|
81
|
-
proxies = ip_list.nil? ?
|
|
82
|
-
|
|
81
|
+
proxies = ip_list.nil? ? nil : ip_list - [client_ip]
|
|
82
|
+
|
|
83
83
|
return client_ip, proxies
|
|
84
84
|
end # def analyse
|
|
85
85
|
|
|
86
86
|
def get_client_ip(ip_array)
|
|
87
87
|
ip_array.each do | ip |
|
|
88
|
-
begin
|
|
88
|
+
begin
|
|
89
89
|
next if !IPAddress.valid? ip
|
|
90
90
|
|
|
91
|
-
ipo = IPAddr.new(ip)
|
|
92
|
-
is_private = ipo.ipv6? ? is_private_ipv6(ip) : is_private_ipv4(ipo)
|
|
91
|
+
ipo = IPAddr.new(ip)
|
|
92
|
+
is_private = ipo.ipv6? ? is_private_ipv6(ip) : is_private_ipv4(ipo)
|
|
93
93
|
return ip if !is_private
|
|
94
94
|
rescue => e
|
|
95
95
|
# not a valid ip, moving on.
|
|
@@ -104,7 +104,7 @@ class LogStash::Filters::Forwarded < LogStash::Filters::Base
|
|
|
104
104
|
tokens = ip.split(":")
|
|
105
105
|
if tokens.size <=2 then tokens[0] else ip end
|
|
106
106
|
end
|
|
107
|
-
|
|
107
|
+
|
|
108
108
|
def is_private_ipv6(ip)
|
|
109
109
|
ip.start_with?("fd") || ip.start_with?("fc")
|
|
110
110
|
end # is_private_ipv6
|
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
Gem::Specification.new do |s|
|
|
2
2
|
|
|
3
3
|
s.name = 'logstash-filter-forwarded'
|
|
4
|
-
s.version = '1.0.
|
|
4
|
+
s.version = '1.0.5'
|
|
5
5
|
s.licenses = ['Apache License (2.0)']
|
|
6
6
|
s.summary = "$summary"
|
|
7
7
|
s.description = "This gem is a Logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/logstash-plugin install gemname. This gem is not a stand-alone program"
|
|
@@ -6,16 +6,16 @@ require "logstash/timestamp"
|
|
|
6
6
|
describe LogStash::Filters::Forwarded do
|
|
7
7
|
|
|
8
8
|
let(:plugin) { LogStash::Filters::Forwarded.new("source" => "message") }
|
|
9
|
-
|
|
9
|
+
|
|
10
10
|
before do
|
|
11
11
|
plugin.register
|
|
12
12
|
plugin.filter(event)
|
|
13
13
|
end
|
|
14
|
-
|
|
14
|
+
|
|
15
15
|
# Private IP Addresses have the following ranges:
|
|
16
16
|
#10.0.0.0 - 10.255.255.255
|
|
17
17
|
#172.16.0.0 - 172.31.255.255
|
|
18
|
-
#192.168.0.0 - 192.168.255.255
|
|
18
|
+
#192.168.0.0 - 192.168.255.255
|
|
19
19
|
|
|
20
20
|
|
|
21
21
|
context "1) multiple client ips" do
|
metadata
CHANGED
|
@@ -1,22 +1,22 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: logstash-filter-forwarded
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.0.
|
|
4
|
+
version: 1.0.5
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Inga Feick
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2019-07-09 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
requirement: !ruby/object:Gem::Requirement
|
|
15
15
|
requirements:
|
|
16
|
-
- -
|
|
16
|
+
- - ">="
|
|
17
17
|
- !ruby/object:Gem::Version
|
|
18
18
|
version: '1.60'
|
|
19
|
-
- - <=
|
|
19
|
+
- - "<="
|
|
20
20
|
- !ruby/object:Gem::Version
|
|
21
21
|
version: '2.99'
|
|
22
22
|
name: logstash-core-plugin-api
|
|
@@ -24,16 +24,16 @@ dependencies:
|
|
|
24
24
|
type: :runtime
|
|
25
25
|
version_requirements: !ruby/object:Gem::Requirement
|
|
26
26
|
requirements:
|
|
27
|
-
- -
|
|
27
|
+
- - ">="
|
|
28
28
|
- !ruby/object:Gem::Version
|
|
29
29
|
version: '1.60'
|
|
30
|
-
- - <=
|
|
30
|
+
- - "<="
|
|
31
31
|
- !ruby/object:Gem::Version
|
|
32
32
|
version: '2.99'
|
|
33
33
|
- !ruby/object:Gem::Dependency
|
|
34
34
|
requirement: !ruby/object:Gem::Requirement
|
|
35
35
|
requirements:
|
|
36
|
-
- -
|
|
36
|
+
- - ">="
|
|
37
37
|
- !ruby/object:Gem::Version
|
|
38
38
|
version: '0'
|
|
39
39
|
name: ipaddress
|
|
@@ -41,13 +41,13 @@ dependencies:
|
|
|
41
41
|
type: :runtime
|
|
42
42
|
version_requirements: !ruby/object:Gem::Requirement
|
|
43
43
|
requirements:
|
|
44
|
-
- -
|
|
44
|
+
- - ">="
|
|
45
45
|
- !ruby/object:Gem::Version
|
|
46
46
|
version: '0'
|
|
47
47
|
- !ruby/object:Gem::Dependency
|
|
48
48
|
requirement: !ruby/object:Gem::Requirement
|
|
49
49
|
requirements:
|
|
50
|
-
- -
|
|
50
|
+
- - ">="
|
|
51
51
|
- !ruby/object:Gem::Version
|
|
52
52
|
version: '0'
|
|
53
53
|
name: logstash-devutils
|
|
@@ -55,10 +55,12 @@ dependencies:
|
|
|
55
55
|
type: :development
|
|
56
56
|
version_requirements: !ruby/object:Gem::Requirement
|
|
57
57
|
requirements:
|
|
58
|
-
- -
|
|
58
|
+
- - ">="
|
|
59
59
|
- !ruby/object:Gem::Version
|
|
60
60
|
version: '0'
|
|
61
|
-
description: This gem is a Logstash plugin required to be installed on top of the
|
|
61
|
+
description: This gem is a Logstash plugin required to be installed on top of the
|
|
62
|
+
Logstash core pipeline using $LS_HOME/bin/logstash-plugin install gemname. This
|
|
63
|
+
gem is not a stand-alone program
|
|
62
64
|
email: inga.feick@trivago.com
|
|
63
65
|
executables: []
|
|
64
66
|
extensions: []
|
|
@@ -85,19 +87,19 @@ require_paths:
|
|
|
85
87
|
- lib
|
|
86
88
|
required_ruby_version: !ruby/object:Gem::Requirement
|
|
87
89
|
requirements:
|
|
88
|
-
- -
|
|
90
|
+
- - ">="
|
|
89
91
|
- !ruby/object:Gem::Version
|
|
90
92
|
version: '0'
|
|
91
93
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
92
94
|
requirements:
|
|
93
|
-
- -
|
|
95
|
+
- - ">="
|
|
94
96
|
- !ruby/object:Gem::Version
|
|
95
97
|
version: '0'
|
|
96
98
|
requirements: []
|
|
97
99
|
rubyforge_project:
|
|
98
|
-
rubygems_version: 2.
|
|
100
|
+
rubygems_version: 2.7.6
|
|
99
101
|
signing_key:
|
|
100
102
|
specification_version: 4
|
|
101
|
-
summary: $summary
|
|
103
|
+
summary: "$summary"
|
|
102
104
|
test_files:
|
|
103
105
|
- spec/filters/forwarded_spec.rb
|