logstash-filter-geoip 2.0.2 → 2.0.3

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: d6d3ed720866de9974ee6775d0bfa8f74890f948
-  data.tar.gz: f939c45c25b5613f3e9083662771b74db3d0c057
+  metadata.gz: e4fabe098f9ced70d73a826e6c9d85e50092b0ec
+  data.tar.gz: d73e071f69b23f2d19ad414a7b01e1d697c8f567
 SHA512:
-  metadata.gz: 82e4995ed91331d40bafa049f1dba0d114383dab7a346a9240242d89f981178532b69a38c15777b20c828d2f9747580ca4510ed4655ddf209302381f1b6da1b6
-  data.tar.gz: 03fcf6c544302ca9222bebe7f6182ba7b0a7a0d351c3c4adf5a36fee28f0c832d1f4543df6392dea9d89f72fa3de95b8a9b563a116b8354a336ea6627982388f
+  metadata.gz: 1836cb3e6392c03892624d5c95fbfedeee16f50f99b0eeaeea63d0f1a3bf5b1ac72089902151a2cdfa5e2abd5e1ba907b24aadf6351f519c0ff504b01cfc7423
+  data.tar.gz: d7ca6a1a6e2745b599c5f2470e6ef023fff8d4bef0690d02feba9735a0e766bcea52465f65c3a1658e6cae1f666d2241a510c732d5fae198bb3bab1f4f8d3255

data/CHANGELOG.md

@@ -1,5 +1,14 @@
+## 2.0.3
+ - Fix Issue 50, incorrect data returned when geo lookup fails
+
+## 2.0.2
+ - Update core dependency in gemspec
+
+## 2.0.1
+ - Remove filter? call
+
 ## 2.0.0
- - Plugins were updated to follow the new shutdown semantic, this mainly allows Logstash to instruct input plugins to terminate gracefully, 
+ - Plugins were updated to follow the new shutdown semantic, this mainly allows Logstash to instruct input plugins to terminate gracefully,
    instead of using Thread.raise on the plugins' threads. Ref: https://github.com/elastic/logstash/pull/3895
  - Dependency on logstash-core update to 2.0
 
@@ -8,4 +17,4 @@
 * 1.1.1
   - Lazy-load LRU cache
 * 1.1.0
-  - Add LRU cache
+  - Add LRU cache

data/CONTRIBUTORS

@@ -16,6 +16,7 @@ Contributors:
 * Suyog Rao (suyograo)
 * Vincent Batts (vbatts)
 * avleen
+* Guy Boertje (guyboertje)
 
 Note: If you've sent us patches, bug reports, or otherwise contributed to
 Logstash, and you aren't on the list above and want to be, please let us know

data/README.md

@@ -1,5 +1,8 @@
 # Logstash Plugin
 
+[![Build
+Status](http://build-eu-00.elastic.co/view/LS%20Plugins/view/LS%20Filters/job/logstash-plugin-filter-geoip-unit/badge/icon)](http://build-eu-00.elastic.co/view/LS%20Plugins/view/LS%20Filters/job/logstash-plugin-filter-geoip-unit/)
+
 This is a plugin for [Logstash](https://github.com/elastic/logstash).
 
 It is fully free and fully open source. The license is Apache 2.0, meaning you are pretty much free to use it however you want in whatever way.

data/lib/logstash/filters/geoip.rb

@@ -12,7 +12,7 @@ require "lru_redux"
 # http://geojson.org/geojson-spec.html[GeoJSON] format. Additionally,
 # the default Elasticsearch template provided with the
 # <<plugins-outputs-elasticsearch,`elasticsearch` output>> maps
-# the `[geoip][location]` field to an https://www.elastic.co/guide/en/elasticsearch/reference/current/mapping-geo-point-type.html#_mapping_options[Elasticsearch geo_point].
+# the `[geoip][location]` field to an https://www.elastic.co/guide/en/elasticsearch/reference/1.7/mapping-geo-point-type.html#_mapping_options[Elasticsearch geo_point].
 #
 # As this field is a `geo_point` _and_ it is still valid GeoJSON, you get
 # the awesomeness of Elasticsearch's geospatial query, facet and filter functions
@@ -124,22 +124,25 @@ class LogStash::Filters::GeoIP < LogStash::Filters::Base
 
   public
   def filter(event)
-    
+
     geo_data = nil
 
     geo_data = get_geo_data(event)
 
-    return if geo_data.nil? || !geo_data.respond_to?(:to_hash)
-
-    apply_geodata(geo_data, event)
+    # defense against GeoIP code returning something that can't be made a hash
+    return unless geo_data.respond_to?(:to_hash)
 
-    filter_matched(event)
+    event[@target] = {} if event[@target].nil?
+    geo_data_hash = geo_data.to_hash
+    # don't do anything more if the lookup result is empty
+    if !geo_data_hash.empty?
+      apply_geodata(geo_data_hash, event)
+      filter_matched(event)
+    end
   end # def filter
 
-  def apply_geodata(geo_data,event)
-    geo_data_hash = geo_data.to_hash
+  def apply_geodata(geo_data_hash, event)
     geo_data_hash.delete(:request)
-    event[@target] = {} if event[@target].nil?
     if geo_data_hash.key?(:latitude) && geo_data_hash.key?(:longitude)
       # If we have latitude and longitude values, add the location field as GeoJSON array
       geo_data_hash[:location] = [ geo_data_hash[:longitude].to_f, geo_data_hash[:latitude].to_f ]
@@ -164,14 +167,18 @@ class LogStash::Filters::GeoIP < LogStash::Filters::Base
   end
 
   def get_geo_data(event)
+    # pure function, must control return value
+    result = {}
     ip = event[@source]
     ip = ip.first if ip.is_a? Array
-
-    get_geo_data_for_ip(ip)
-  rescue SocketError => e
-    @logger.error("IP Field contained invalid IP address or hostname", :field => @source, :event => event)
-  rescue StandardError => e
-    @logger.error("Unknown error while looking up GeoIP data", :exception => e, :field => @source, :event => event)
+    begin
+      result = get_geo_data_for_ip(ip)
+    rescue SocketError => e
+      @logger.error("IP Field contained invalid IP address or hostname", :field => @source, :event => event)
+    rescue StandardError => e
+      @logger.error("Unknown error while looking up GeoIP data", :exception => e, :field => @source, :event => event)
+    end
+    result
   end
 
   def get_geo_data_for_ip(ip)

data/logstash-filter-geoip.gemspec

@@ -1,7 +1,7 @@
 Gem::Specification.new do |s|
 
   s.name            = 'logstash-filter-geoip'
-  s.version         = '2.0.2'
+  s.version         = '2.0.3'
   s.licenses        = ['Apache License (2.0)']
   s.summary         = "$summary"
   s.description     = "This gem is a logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/plugin install gemname. This gem is not a stand-alone program"

data/spec/filters/geoip_spec.rb

@@ -2,6 +2,7 @@ require "logstash/devutils/rspec/spec_helper"
 require "logstash/filters/geoip"
 
 ASNDB = ::Dir.glob(::File.expand_path("../../vendor/", ::File.dirname(__FILE__))+"/GeoIPASNum*.dat").first
+CITYDB = ::Dir.glob(::File.expand_path("../../vendor/", ::File.dirname(__FILE__))+"/GeoLiteCity*.dat").first
 
 describe LogStash::Filters::GeoIP do
 
@@ -31,7 +32,7 @@ describe LogStash::Filters::GeoIP do
       filter {
         geoip {
           source => "ip"
-          #database => "vendor/geoip/GeoLiteCity.dat"
+          #database => "#{CITYDB}"
         }
       }
     CONFIG
@@ -54,32 +55,42 @@ describe LogStash::Filters::GeoIP do
     end
   end
 
-  describe "Specify the target" do
+  describe "normal operations" do
     config <<-CONFIG
       filter {
         geoip {
           source => "ip"
-          #database => "vendor/geoip/GeoLiteCity.dat"
+          #database => "#{CITYDB}"
           target => src_ip
+          add_tag => "done"
         }
       }
     CONFIG
 
-    sample("ip" => "8.8.8.8") do
-      insist { subject }.include?("src_ip")
+    context "when specifying the target" do
 
-      expected_fields = %w(ip country_code2 country_code3 country_name
-                           continent_code region_name city_name postal_code
-                           latitude longitude dma_code area_code timezone
-                           location )
-      expected_fields.each do |f|
-        insist { subject["src_ip"] }.include?(f)
+      sample("ip" => "8.8.8.8") do
+        expect(subject).to include("src_ip")
+
+        expected_fields = %w(ip country_code2 country_code3 country_name
+                             continent_code region_name city_name postal_code
+                             latitude longitude dma_code area_code timezone
+                             location )
+        expected_fields.each do |f|
+          expect(subject["src_ip"]).to include(f)
+        end
+      end
+
+      sample("ip" => "127.0.0.1") do
+        # assume geoip fails on localhost lookups
+        expect(subject).not_to include("src_ip")
       end
     end
 
-    sample("ip" => "127.0.0.1") do
-      # assume geoip fails on localhost lookups
-      reject { subject }.include?("src_ip")
+    context "when specifying add_tag" do
+      sample("ip" => "8.8.8.8") do
+        expect(subject["tags"]).to include("done")
+      end
     end
   end
 
@@ -104,6 +115,7 @@ describe LogStash::Filters::GeoIP do
       end
       insist { checked } > 0
     end
+
     sample("ip" => "189.2.0.0") do
       checked = 0
       expected_fields.each do |f|
@@ -181,18 +193,45 @@ describe LogStash::Filters::GeoIP do
             }
           }
         CONFIG
-
-    context "should not raise an error" do
+    describe "should not raise an error" do
       sample("ip" => "-") do
-        expect{
-          subject
-          }.to_not raise_error
+        expect{ subject }.to_not raise_error
       end
 
       sample("ip" => "~") do
-        expect{
-          subject
-          }.to_not raise_error
+        expect{ subject }.to_not raise_error
+      end
+    end
+
+    describe "filter method outcomes" do
+      let(:plugin) { LogStash::Filters::GeoIP.new("source" => "message", "add_tag" => "done", "database" => ASNDB) }
+      let(:event) { LogStash::Event.new("message" => ipstring) }
+
+      before do
+        plugin.register
+        plugin.filter(event)
+      end
+
+      context "when the bad IP is N/A" do
+        # regression test for issue https://github.com/logstash-plugins/logstash-filter-geoip/issues/50
+        let(:ipstring) { "N/A" }
+
+        it "should set the target field to an empty hash" do
+          expect(event["geoip"]).to eq({})
+        end
+
+        it "should not have added any tags" do
+          expect(event["tags"]).to be_nil
+        end
+      end
+
+      context "when the bad IP is two ip comma separated" do
+        # regression test for issue https://github.com/logstash-plugins/logstash-filter-geoip/issues/51
+        let(:ipstring) { "123.45.67.89,61.160.232.222" }
+
+        it "should set the target field to an empty hash" do
+          expect(event["geoip"]).to eq({})
+        end
       end
     end
 
@@ -232,10 +271,10 @@ describe LogStash::Filters::GeoIP do
     end
 
     it "should dup the objects" do
-      event = {}
-      alt_event = {}
-      plugin.apply_geodata(geo_data, event)
-      plugin.apply_geodata(geo_data, alt_event)
+      event = { "geoip" => {} }
+      alt_event = { "geoip" => {} }
+      plugin.apply_geodata(geo_data.to_hash, event)
+      plugin.apply_geodata(geo_data.to_hash, alt_event)
 
       event["geoip"].each do |k,v|
         alt_v = alt_event["geoip"][k]

metadata

@@ -1,17 +1,18 @@
 --- !ruby/object:Gem::Specification
 name: logstash-filter-geoip
 version: !ruby/object:Gem::Version
-  version: 2.0.2
+  version: 2.0.3
 platform: ruby
 authors:
 - Elastic
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2015-10-14 00:00:00.000000000 Z
+date: 2015-11-16 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
-  requirement: !ruby/object:Gem::Requirement
+  name: logstash-core
+  version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '>='
       - !ruby/object:Gem::Version
@@ -19,10 +20,7 @@ dependencies:
     - - <
       - !ruby/object:Gem::Version
         version: 3.0.0
-  name: logstash-core
-  prerelease: false
-  type: :runtime
-  version_requirements: !ruby/object:Gem::Requirement
+  requirement: !ruby/object:Gem::Requirement
     requirements:
     - - '>='
       - !ruby/object:Gem::Version
@@ -30,65 +28,67 @@ dependencies:
     - - <
       - !ruby/object:Gem::Version
         version: 3.0.0
+  prerelease: false
+  type: :runtime
 - !ruby/object:Gem::Dependency
+  name: geoip
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: 1.3.2
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - '>='
       - !ruby/object:Gem::Version
         version: 1.3.2
-  name: geoip
   prerelease: false
   type: :runtime
+- !ruby/object:Gem::Dependency
+  name: lru_redux
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ~>
       - !ruby/object:Gem::Version
-        version: 1.3.2
-- !ruby/object:Gem::Dependency
+        version: 1.1.0
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ~>
       - !ruby/object:Gem::Version
         version: 1.1.0
-  name: lru_redux
   prerelease: false
   type: :runtime
+- !ruby/object:Gem::Dependency
+  name: logstash-devutils
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - '>='
       - !ruby/object:Gem::Version
-        version: 1.1.0
-- !ruby/object:Gem::Dependency
+        version: '0'
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - '>='
       - !ruby/object:Gem::Version
         version: '0'
-  name: logstash-devutils
   prerelease: false
   type: :development
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - '>='
-      - !ruby/object:Gem::Version
-        version: '0'
 description: This gem is a logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/plugin install gemname. This gem is not a stand-alone program
 email: info@elastic.co
 executables: []
 extensions: []
 extra_rdoc_files: []
 files:
+- lib/logstash/filters/geoip.rb
+- spec/filters/geoip_spec.rb
+- vendor/GeoLiteCity-2013-01-18.dat
+- vendor/GeoIPASNum-2014-02-12.dat
+- logstash-filter-geoip.gemspec
 - CHANGELOG.md
+- README.md
 - CONTRIBUTORS
 - Gemfile
 - LICENSE
 - NOTICE.TXT
-- README.md
-- lib/logstash/filters/geoip.rb
-- logstash-filter-geoip.gemspec
-- spec/filters/geoip_spec.rb
-- vendor/GeoIPASNum-2014-02-12.dat
-- vendor/GeoLiteCity-2013-01-18.dat
 homepage: http://www.elastic.co/guide/en/logstash/current/index.html
 licenses:
 - Apache License (2.0)
@@ -111,7 +111,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project:
-rubygems_version: 2.4.8
+rubygems_version: 2.1.9
 signing_key:
 specification_version: 4
 summary: $summary