logstash-filter-forwarded 1.0.4 → 1.0.5

Sign up to get free protection for your applications and to get access to all the features.
Files changed (6) hide show
  1. checksums.yaml +5 -5
  2. data/CHANGELOG.md +4 -0
  3. data/lib/logstash/filters/forwarded.rb +16 -16
  4. data/logstash-filter-forwarded.gemspec +1 -1
  5. data/spec/filters/forwarded_spec.rb +3 -3
  6. metadata +17 -15
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
- SHA1:
3
- metadata.gz: 9836c06be1410c903946dd50caa1db25579a8b9b
4
- data.tar.gz: 8d1113c740982044469e4b3ca019d4ef5de091fc
2
+ SHA256:
3
+ metadata.gz: 0f1f500dbb7cc97b1db2a9afe092813613d05657f5157216bb9c315bd92a3532
4
+ data.tar.gz: 2ca815eb8a258526b17d76cf11f7b0a79956eea1d9cccdacc7b2b14b2dd764e4
5
5
  SHA512:
6
- metadata.gz: b3564a029f707a9e3985572c9dadc97c3cbce86db446d6e552217119fad0262ae7993bd22f2f746d264f70cdb471d6538321cc665b366080bbd2ebce318dfdd4
7
- data.tar.gz: 12f5ccc4062b569e666bf57f7dd8553c73eac3aaa6d4b7d9f705f0ab5506140433296b4a4fab3d9555c40c4c4aa5e5a1a1024a70cc6465e16247ac6cf318075f
6
+ metadata.gz: 85064a1bbc5b269be6502649408f36e5fccc2fd1927d323ad54e02f6ed31e2b76207fddcfe5e9ce585ab953388af1c86eef82714ae051dc175bb21ed1ffdabd5
7
+ data.tar.gz: a9208a31e127eeab8bbab09379e66c4b3886bd1cb87633d3b54312af2b054e29f95f6692c4a4e8c28192b04c48ba2eb2bf8b142c6e6c0bcf92cde983a9e3eeae
data/CHANGELOG.md CHANGED
@@ -1,3 +1,7 @@
1
+ ### v1.0.5
2
+
3
+ Don't set the proxy list as an event field if it is empty.
4
+
1
5
  ### v1.0.4
2
6
 
3
7
  Remove port numbers from ip addresses
data/lib/logstash/filters/forwarded.rb CHANGED
@@ -11,26 +11,26 @@ require "ipaddress" # needed for validity check
11
11
 
12
12
  class LogStash::Filters::Forwarded < LogStash::Filters::Base
13
13
  config_name "forwarded"
14
-
14
+
15
15
  # The field containing the x-forwarded-for string
16
16
  config :source, :validate => :string, :required => true
17
17
 
18
- # list of ip patterns that private ips start with.
18
+ # list of ip patterns that private ips start with.
19
19
  config :private_ipv4_prefixes, :validate => :array, :required => false, :default => ["10.0.0.0/8", "192.168.0.0/16" ,"172.16.0.0/12"]
20
20
 
21
21
  # Private IP Addresses have the following ranges:
22
22
  # 10.0.0.0 - 10.255.255.255
23
23
  # 172.16.0.0 - 172.31.255.255
24
- # 192.168.0.0 - 192.168.255.255
24
+ # 192.168.0.0 - 192.168.255.255
25
25
 
26
26
  # The name of the new field containing client ip (optional)
27
27
  config :target_client_ip, :validate => :string, :required => false, :default => "forwarded_client_ip"
28
28
 
29
29
  # The name of the new field containing proxy list (optional)
30
30
  config :target_proxy_list, :validate => :string, :required => false, :default => "forwarded_proxy_list"
31
-
31
+
32
32
  public
33
- def register
33
+ def register
34
34
  @private_ipv4_ranges = @private_ipv4_prefixes.collect do | adress |
35
35
  begin
36
36
  IPAddr.new(adress)
@@ -52,11 +52,11 @@ class LogStash::Filters::Forwarded < LogStash::Filters::Base
52
52
  return unless forwarded and !forwarded.empty?
53
53
 
54
54
  client_ip, proxies = analyse(forwarded)
55
-
55
+
56
56
  event.set(@target_client_ip, client_ip) if client_ip
57
57
  event.set(@target_proxy_list, proxies) if proxies
58
- filter_matched(event)
59
-
58
+ filter_matched(event)
59
+
60
60
  rescue Exception => e
61
61
  @logger.debug("Unknown error while looking up GeoIP data", :exception => e, :field => @source, :event => event)
62
62
  # raise e
@@ -66,7 +66,7 @@ class LogStash::Filters::Forwarded < LogStash::Filters::Base
66
66
  def analyse(ip)
67
67
  return nil, nil if ip.nil?
68
68
  # convert the x-forwarded-for string into an array of its comma separated value, if it isn't already.
69
- ip_list = ip.is_a?(Array) ? ip : ip.downcase.split(",")
69
+ ip_list = ip.is_a?(Array) ? ip : ip.downcase.split(",")
70
70
 
71
71
  # remove some well-known invalid values
72
72
  ip_list = ip_list.map { |x| x.strip }.reject { |x| ["-", "unknown"].include? x}
@@ -76,20 +76,20 @@ class LogStash::Filters::Forwarded < LogStash::Filters::Base
76
76
 
77
77
  # get the first public ip in the list
78
78
  client_ip = get_client_ip(ip_list)
79
-
79
+
80
80
  # remove the public / client ip from the list and use the remainder as the list of proxies involved.
81
- proxies = ip_list.nil? ? [] : ip_list - [client_ip]
82
-
81
+ proxies = ip_list.nil? ? nil : ip_list - [client_ip]
82
+
83
83
  return client_ip, proxies
84
84
  end # def analyse
85
85
 
86
86
  def get_client_ip(ip_array)
87
87
  ip_array.each do | ip |
88
- begin
88
+ begin
89
89
  next if !IPAddress.valid? ip
90
90
 
91
- ipo = IPAddr.new(ip)
92
- is_private = ipo.ipv6? ? is_private_ipv6(ip) : is_private_ipv4(ipo)
91
+ ipo = IPAddr.new(ip)
92
+ is_private = ipo.ipv6? ? is_private_ipv6(ip) : is_private_ipv4(ipo)
93
93
  return ip if !is_private
94
94
  rescue => e
95
95
  # not a valid ip, moving on.
@@ -104,7 +104,7 @@ class LogStash::Filters::Forwarded < LogStash::Filters::Base
104
104
  tokens = ip.split(":")
105
105
  if tokens.size <=2 then tokens[0] else ip end
106
106
  end
107
-
107
+
108
108
  def is_private_ipv6(ip)
109
109
  ip.start_with?("fd") || ip.start_with?("fc")
110
110
  end # is_private_ipv6
data/logstash-filter-forwarded.gemspec CHANGED
@@ -1,7 +1,7 @@
1
1
  Gem::Specification.new do |s|
2
2
 
3
3
  s.name = 'logstash-filter-forwarded'
4
- s.version = '1.0.4'
4
+ s.version = '1.0.5'
5
5
  s.licenses = ['Apache License (2.0)']
6
6
  s.summary = "$summary"
7
7
  s.description = "This gem is a Logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/logstash-plugin install gemname. This gem is not a stand-alone program"
data/spec/filters/forwarded_spec.rb CHANGED
@@ -6,16 +6,16 @@ require "logstash/timestamp"
6
6
  describe LogStash::Filters::Forwarded do
7
7
 
8
8
  let(:plugin) { LogStash::Filters::Forwarded.new("source" => "message") }
9
-
9
+
10
10
  before do
11
11
  plugin.register
12
12
  plugin.filter(event)
13
13
  end
14
-
14
+
15
15
  # Private IP Addresses have the following ranges:
16
16
  #10.0.0.0 - 10.255.255.255
17
17
  #172.16.0.0 - 172.31.255.255
18
- #192.168.0.0 - 192.168.255.255
18
+ #192.168.0.0 - 192.168.255.255
19
19
 
20
20
 
21
21
  context "1) multiple client ips" do
metadata CHANGED
@@ -1,22 +1,22 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: logstash-filter-forwarded
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.0.4
4
+ version: 1.0.5
5
5
  platform: ruby
6
6
  authors:
7
7
  - Inga Feick
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2017-10-04 00:00:00.000000000 Z
11
+ date: 2019-07-09 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  requirement: !ruby/object:Gem::Requirement
15
15
  requirements:
16
- - - '>='
16
+ - - ">="
17
17
  - !ruby/object:Gem::Version
18
18
  version: '1.60'
19
- - - <=
19
+ - - "<="
20
20
  - !ruby/object:Gem::Version
21
21
  version: '2.99'
22
22
  name: logstash-core-plugin-api
@@ -24,16 +24,16 @@ dependencies:
24
24
  type: :runtime
25
25
  version_requirements: !ruby/object:Gem::Requirement
26
26
  requirements:
27
- - - '>='
27
+ - - ">="
28
28
  - !ruby/object:Gem::Version
29
29
  version: '1.60'
30
- - - <=
30
+ - - "<="
31
31
  - !ruby/object:Gem::Version
32
32
  version: '2.99'
33
33
  - !ruby/object:Gem::Dependency
34
34
  requirement: !ruby/object:Gem::Requirement
35
35
  requirements:
36
- - - '>='
36
+ - - ">="
37
37
  - !ruby/object:Gem::Version
38
38
  version: '0'
39
39
  name: ipaddress
@@ -41,13 +41,13 @@ dependencies:
41
41
  type: :runtime
42
42
  version_requirements: !ruby/object:Gem::Requirement
43
43
  requirements:
44
- - - '>='
44
+ - - ">="
45
45
  - !ruby/object:Gem::Version
46
46
  version: '0'
47
47
  - !ruby/object:Gem::Dependency
48
48
  requirement: !ruby/object:Gem::Requirement
49
49
  requirements:
50
- - - '>='
50
+ - - ">="
51
51
  - !ruby/object:Gem::Version
52
52
  version: '0'
53
53
  name: logstash-devutils
@@ -55,10 +55,12 @@ dependencies:
55
55
  type: :development
56
56
  version_requirements: !ruby/object:Gem::Requirement
57
57
  requirements:
58
- - - '>='
58
+ - - ">="
59
59
  - !ruby/object:Gem::Version
60
60
  version: '0'
61
- description: This gem is a Logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/logstash-plugin install gemname. This gem is not a stand-alone program
61
+ description: This gem is a Logstash plugin required to be installed on top of the
62
+ Logstash core pipeline using $LS_HOME/bin/logstash-plugin install gemname. This
63
+ gem is not a stand-alone program
62
64
  email: inga.feick@trivago.com
63
65
  executables: []
64
66
  extensions: []
@@ -85,19 +87,19 @@ require_paths:
85
87
  - lib
86
88
  required_ruby_version: !ruby/object:Gem::Requirement
87
89
  requirements:
88
- - - '>='
90
+ - - ">="
89
91
  - !ruby/object:Gem::Version
90
92
  version: '0'
91
93
  required_rubygems_version: !ruby/object:Gem::Requirement
92
94
  requirements:
93
- - - '>='
95
+ - - ">="
94
96
  - !ruby/object:Gem::Version
95
97
  version: '0'
96
98
  requirements: []
97
99
  rubyforge_project:
98
- rubygems_version: 2.4.5
100
+ rubygems_version: 2.7.6
99
101
  signing_key:
100
102
  specification_version: 4
101
- summary: $summary
103
+ summary: "$summary"
102
104
  test_files:
103
105
  - spec/filters/forwarded_spec.rb