logstash-filter-jwt-skw 1.0.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml ADDED
@@ -0,0 +1,7 @@
1
+ ---
2
+ SHA256:
3
+ metadata.gz: 5638827378cabdb717b44fb2640693564b327b1da4c24c219f7c56ee96ddd5fe
4
+ data.tar.gz: 90db4f8124e4b903aacbb9d00a295d46b55edd9ddfcf63651871cce0351d6378
5
+ SHA512:
6
+ metadata.gz: f3652615428d330c5e229dd33d4fd690ff835a89efdd82339e267edaedc7ff290d6c1bcbcf0c32dec305e7729ccaca17d1647a8a4d5cdf84954cdf4e464bc4af
7
+ data.tar.gz: 4e46354e3546dffae2ceecdf87e9d8547c6e30a430e382ea4c3e9cdb3a93cba9370c00a6c987b423699cdd5f7ef2b46929d26d8896d289c2313a8903d03cef2b
data/CHANGELOG.md ADDED
@@ -0,0 +1,2 @@
1
+ ## 0.1.0
2
+ - Plugin created with the logstash plugin generator
data/CONTRIBUTORS ADDED
@@ -0,0 +1,10 @@
1
+ The following is a list of people who have contributed ideas, code, bug
2
+ reports, or in general have helped logstash along its way.
3
+
4
+ Contributors:
5
+ * Bharat Raj Arutla - bharatraj.arutla@gmail.com
6
+
7
+ Note: If you've sent us patches, bug reports, or otherwise contributed to
8
+ Logstash, and you aren't on the list above and want to be, please let us know
9
+ and we'll make sure you're here. Contributions from folks like you are what make
10
+ open source awesome.
data/DEVELOPER.md ADDED
@@ -0,0 +1,2 @@
1
+ # logstash-filter-jwt_decode
2
+ Example filter plugin. This should help bootstrap your effort to write your own filter plugin!
data/Gemfile ADDED
@@ -0,0 +1,3 @@
1
+ source 'https://rubygems.org'
2
+ gemspec
3
+
data/LICENSE ADDED
@@ -0,0 +1,11 @@
1
+ Licensed under the Apache License, Version 2.0 (the "License");
2
+ you may not use this file except in compliance with the License.
3
+ You may obtain a copy of the License at
4
+
5
+ http://www.apache.org/licenses/LICENSE-2.0
6
+
7
+ Unless required by applicable law or agreed to in writing, software
8
+ distributed under the License is distributed on an "AS IS" BASIS,
9
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
10
+ See the License for the specific language governing permissions and
11
+ limitations under the License.
data/README.md ADDED
@@ -0,0 +1,86 @@
1
+ # Logstash Plugin
2
+
3
+ This is a plugin for [Logstash](https://github.com/elastic/logstash).
4
+
5
+ It is fully free and fully open source. The license is Apache 2.0, meaning you are pretty much free to use it however you want in whatever way.
6
+
7
+ ## Documentation
8
+
9
+ Logstash provides infrastructure to automatically generate documentation for this plugin. We use the asciidoc format to write documentation so any comments in the source code will be first converted into asciidoc and then into html. All plugin documentation are placed under one [central location](http://www.elastic.co/guide/en/logstash/current/).
10
+
11
+ - For formatting code or config example, you can use the asciidoc `[source,ruby]` directive
12
+ - For more asciidoc formatting tips, see the excellent reference here https://github.com/elastic/docs#asciidoc-guide
13
+
14
+ ## Need Help?
15
+
16
+ Need help? Try #logstash on freenode IRC or the https://discuss.elastic.co/c/logstash discussion forum.
17
+
18
+ ## Developing
19
+
20
+ ### 1. Plugin Developement and Testing
21
+
22
+ #### Code
23
+ - To get started, you'll need JRuby with the Bundler gem installed.
24
+
25
+ - Create a new plugin or clone and existing from the GitHub [logstash-plugins](https://github.com/logstash-plugins) organization. We also provide [example plugins](https://github.com/logstash-plugins?query=example).
26
+
27
+ - Install dependencies
28
+ ```sh
29
+ bundle install
30
+ ```
31
+
32
+ #### Test
33
+
34
+ - Update your dependencies
35
+
36
+ ```sh
37
+ bundle install
38
+ ```
39
+
40
+ - Run tests
41
+
42
+ ```sh
43
+ bundle exec rspec
44
+ ```
45
+
46
+ ### 2. Running your unpublished Plugin in Logstash
47
+
48
+ #### 2.1 Run in a local Logstash clone
49
+
50
+ - Edit Logstash `Gemfile` and add the local plugin path, for example:
51
+ ```ruby
52
+ gem "logstash-filter-awesome", :path => "/your/local/logstash-filter-awesome"
53
+ ```
54
+ - Install plugin
55
+ ```sh
56
+ bin/logstash-plugin install --no-verify
57
+ ```
58
+ - Run Logstash with your plugin
59
+ ```sh
60
+ bin/logstash -e 'filter {awesome {}}'
61
+ ```
62
+ At this point any modifications to the plugin code will be applied to this local Logstash setup. After modifying the plugin, simply rerun Logstash.
63
+
64
+ #### 2.2 Run in an installed Logstash
65
+
66
+ You can use the same **2.1** method to run your plugin in an installed Logstash by editing its `Gemfile` and pointing the `:path` to your local plugin development directory or you can build the gem and install it using:
67
+
68
+ - Build your plugin gem
69
+ ```sh
70
+ gem build logstash-filter-awesome.gemspec
71
+ ```
72
+ - Install the plugin from the Logstash home
73
+ ```sh
74
+ bin/logstash-plugin install /your/local/plugin/logstash-filter-awesome.gem
75
+ ```
76
+ - Start Logstash and proceed to test the plugin
77
+
78
+ ## Contributing
79
+
80
+ All contributions are welcome: ideas, patches, documentation, bug reports, complaints, and even something you drew up on a napkin.
81
+
82
+ Programming is not a required skill. Whatever you've seen about open source and maintainers or community members saying "send patches or die" - you will not see that here.
83
+
84
+ It is more important to the community that you are able to contribute.
85
+
86
+ For more information about contributing, see the [CONTRIBUTING](https://github.com/elastic/logstash/blob/master/CONTRIBUTING.md) file.
@@ -0,0 +1,81 @@
1
+ # encoding: utf-8
2
+ require "logstash/filters/base"
3
+ require "logstash/namespace"
4
+ require "jwt"
5
+ require "openssl"
6
+ require "base64"
7
+ require 'digest/sha1'
8
+
9
+ class LogStash::Filters::JWTDecode < LogStash::Filters::Base
10
+
11
+ config_name "jwt_decode"
12
+
13
+ config :match, :validate => :string, :required => true
14
+ config :extract_fields, :validate => :hash, :required => true
15
+
16
+ public
17
+ def register
18
+ if @key && !@signature_alg
19
+ raise LogStash::ConfigurationError, "signature_alg has to be specified if key is present "
20
+ end
21
+ end
22
+
23
+ public
24
+ def filter(event)
25
+ begin
26
+ public_key = "-----BEGIN PUBLIC KEY-----\nMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAxvq3+W1TPTG2vl86PQJy\nG+ePJG2NSwURBV/MtHrg0ScS4dpvgs3z5bz55jqYdsLe461RVxYOzHLa1bJKqIuu\nxVFhIfDFDDJ4vHKukBopybJz2qflDoi2k6D22gGXAFO/EQrX8duoVbBCxwj1VJp7\nLj8l4MO+3Hu4HTyuiMH5O91l0O6GK8O4iyfp8KSHXKqly1luEZlyINH9wLKGSVyY\ndPs0hAFz3AIRb6XNbx7wVRocijaO56bioDqyuyjdid8HHSDnv4ibPkcciKhsXvOJ\n7AZaqvKT5iRlTbeo+tSXI8ahsFdXiYVvFHFsyQwpBkWgqhao3II9RJe5EQcq5DIp\ntjPGyQn6GLrBzN/YHh8gimBSFSLkobPJsISB9z5iFibUfoJ8BxVZrQ13x5GSc7wn\nLoRa2GmEkxoJGClHG5bFZyRe2yPMvK8b8lBGk4/7va34jcgkzblTp2voBHy02xfz\nVl8uRtGdgDRUjBkHaf5VWaEjyuroqyaFsHrP2ooEEbEuEwC/jKUdZhUPblZYAija\nrwg4zh9HehSqHPdAYYa26KA6cmEGmXHKKtH+18cc1VfMRiKSAL1/hnR1P6zRuSCs\nWVuX/oZJ0CWMtnC4+E2DWv/oGgG1C9xnYSgOwUiV+bQV5hFUCyyHxPB8BTPQqE1X\naE/qEUay+gZGFjv0qCm2JrsCAwEAAQ==\n-----END PUBLIC KEY-----\n"
27
+ matchStr = @match.gsub("Bearer ", "")
28
+
29
+ rsa_public_key = OpenSSL::PKey::RSA.new(public_key)
30
+
31
+ if not @key
32
+ decoded_token = JWT.decode event.get(matchStr), nil, false
33
+ else
34
+ decoded_token = JWT.decode event.get(matchStr), rsa_public_key, true, { algorithm: 'RS512' }
35
+ end
36
+
37
+ @extract_fields.each do |k, v|
38
+ event.set(k , getValueFromDecodedToken(v, decoded_token[1]))
39
+ end
40
+ rescue JWT::ExpiredSignature => e
41
+ event.set("JWT_PARSER_ERROR","ExpiredSignature #{e}")
42
+ rescue JWT::VerificationError => e
43
+ event.set("JWT_PARSER_ERROR","VerificationError #{e}")
44
+ rescue JWT::ImmatureSignature => e
45
+ event.set("JWT_PARSER_ERROR","ImmatureSignature #{e}")
46
+ rescue JWT::InvalidIssuerError => e
47
+ event.set("JWT_PARSER_ERROR","InvalidIssuerError #{e}")
48
+ rescue JWT::InvalidAudError => e
49
+ event.set("JWT_PARSER_ERROR","InvalidAudError #{e}")
50
+ rescue JWT::InvalidJtiError => e
51
+ event.set("JWT_PARSER_ERROR","InvalidJtiError #{e}")
52
+ rescue JWT::InvalidIatError => e
53
+ event.set("JWT_PARSER_ERROR","InvalidIatError #{e}")
54
+ rescue JWT::InvalidSubError => e
55
+ event.set("JWT_PARSER_ERROR","InvalidSubError #{e}")
56
+ rescue JWT::DecodeError => e
57
+ event.set("JWT_PARSER_ERROR", "DecodeError #{e} ")
58
+ end
59
+ filter_matched(event)
60
+ end
61
+
62
+ private
63
+ def getValueFromDecodedToken(key, decoded_token)
64
+ key.split(".").each do |val, index|
65
+ if decoded_token.nil?
66
+ return nil
67
+ end
68
+ decoded_token = decrypt(decoded_token[val])
69
+ end
70
+ return decoded_token;
71
+ end
72
+
73
+ private
74
+ def decrypt(value)
75
+ keystring = "73A5664AB43ECC61893ADD8D37D166B62D7F438B1A65CB1CE7EF9C1E25BDC8A3"
76
+ cipher = OpenSSL::Cipher.new("AES-128-ECB").decrypt
77
+ cipher.key = Digest::SHA1.digest(keystring)[0,16]
78
+ crypt = cipher.update(Base64.decode64(value)) + cipher.final
79
+ return crypt;
80
+ end
81
+ end
@@ -0,0 +1,24 @@
1
+ Gem::Specification.new do |s|
2
+ s.name = 'logstash-filter-jwt-skw'
3
+ s.version = '1.0.0'
4
+ s.licenses = ['Apache-2.0']
5
+ s.summary = 'Logstash filter plugin'
6
+ s.description = 'Logstash filter plugin'
7
+ s.homepage = ''
8
+ s.authors = ['']
9
+ s.email = 'thallesrv1@gmail.com'
10
+ s.require_paths = ['lib']
11
+
12
+ # Files
13
+ s.files = Dir['lib/**/*','spec/**/*','vendor/**/*','*.gemspec','*.md','CONTRIBUTORS','Gemfile','LICENSE','NOTICE.TXT']
14
+ # Tests
15
+ s.test_files = s.files.grep(%r{^(test|spec|features)/})
16
+
17
+ # Special flag to let us know this is actually a logstash plugin
18
+ s.metadata = { "logstash_plugin" => "true", "logstash_group" => "filter" }
19
+
20
+ # Gem dependencies
21
+ s.add_runtime_dependency "logstash-core-plugin-api", "~> 2.0"
22
+ s.add_development_dependency 'logstash-devutils'
23
+ s.add_runtime_dependency 'jwt',"=2.5.0"
24
+ end
@@ -0,0 +1,89 @@
1
+ # encoding: utf-8
2
+ require_relative '../spec_helper'
3
+ require "logstash/filters/jwt_decode"
4
+ require "jwt"
5
+
6
+ describe LogStash::Filters::JWTDecode do
7
+
8
+ context "Configuration Validations " do
9
+ describe " No match field" do
10
+ it "Expect LogStash::ConfigurationError" do
11
+ expect{
12
+ filter = setup_filter({
13
+ "extract_fields" => {"business_id" => "user.busId"}
14
+ })
15
+ }.to raise_error(LogStash::ConfigurationError)
16
+ end
17
+ end
18
+
19
+ describe " No extract_fields" do
20
+ it "Expect LogStash::ConfigurationError" do
21
+ expect{
22
+ filter = setup_filter({
23
+ "match" => "token"
24
+ })
25
+ }.to raise_error(LogStash::ConfigurationError)
26
+ end
27
+ end
28
+
29
+ describe " No signature_alg defined for key" do
30
+ it "Expect LogStash::ConfigurationError" do
31
+ expect{
32
+ filter = setup_filter({
33
+ "match" => "token",
34
+ "extract_fields" => {"name" => "user.name", "id" => "user.id"},
35
+ "key" => "SECRET",
36
+ "signature_alg"=> nil
37
+ })
38
+ }.to raise_error(LogStash::ConfigurationError)
39
+ end
40
+ end
41
+
42
+ describe " Invalid Key" do
43
+ it "Expect VerificationError" do
44
+ filter = setup_filter({
45
+ "match" => "token",
46
+ "extract_fields" => {"name" => "user.name", "id" => "user.id"},
47
+ "key" => "SECRET123",
48
+ "signature_alg"=>"HS256"
49
+ })
50
+ event = start_event({"token" => "eyJhbGciOiJIUzI1NiJ9.eyJ1c2VyIjp7Im5hbWUiOiJ0ZXN0TmFtZSIsImlkIjo0fX0.5fs1Ghwm9rtN2GaB66bhTLbYrEAuBxh4s46uOyX6Zos"})
51
+ filter.filter(event)
52
+ expect(event.get("JWT_PARSER_ERROR")).to eq("VerificationError")
53
+ end
54
+ end
55
+
56
+ end
57
+
58
+ context "Check Decode token" do
59
+ describe " Decode token with no key " do
60
+ it "Decode token with no key" do
61
+ filter = setup_filter({
62
+ "match" => "token",
63
+ "extract_fields" => {"name" => "user.name", "id" => "user.id"}
64
+ })
65
+ event = start_event({"token" => "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyIjp7Im5hbWUiOiJ0ZXN0TmFtZSIsImlkIjo0fX0.P_GRg4n5J7ka3SQKG308clou9OuyxLxAj6V7kb7NcQQ"})
66
+ filter.filter(event)
67
+ expect(event.get("id")).to eq(4)
68
+ expect(event.get("name")).to eq("testName")
69
+ end
70
+ end
71
+
72
+ describe " Decode token with key " do
73
+ it "Decode token with no key" do
74
+ filter = setup_filter({
75
+ "match" => "token",
76
+ "extract_fields" => {"name" => "user.name", "id" => "user.id"},
77
+ "key" => "SECRET",
78
+ "signature_alg"=>"HS256"
79
+ })
80
+ event = start_event({"token" => "eyJhbGciOiJIUzI1NiJ9.eyJ1c2VyIjp7Im5hbWUiOiJ0ZXN0TmFtZSIsImlkIjo0fX0.5fs1Ghwm9rtN2GaB66bhTLbYrEAuBxh4s46uOyX6Zos"})
81
+ filter.filter(event)
82
+ expect(event.get("id")).to eq(4)
83
+ expect(event.get("name")).to eq("testName")
84
+ end
85
+ end
86
+
87
+ end
88
+
89
+ end
@@ -0,0 +1,17 @@
1
+ # encoding: utf-8
2
+ require "logstash/devutils/rspec/spec_helper"
3
+ require "logstash/filters/jwt_decode"
4
+
5
+ def event(data = {})
6
+ LogStash::Event.new(data)
7
+ end
8
+
9
+ def start_event(data = {})
10
+ event(data)
11
+ end
12
+
13
+ def setup_filter(config = {})
14
+ filter = LogStash::Filters::JWTDecode.new(config)
15
+ filter.register()
16
+ return filter
17
+ end
metadata ADDED
@@ -0,0 +1,98 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: logstash-filter-jwt-skw
3
+ version: !ruby/object:Gem::Version
4
+ version: 1.0.0
5
+ platform: ruby
6
+ authors:
7
+ - ''
8
+ autorequire:
9
+ bindir: bin
10
+ cert_chain: []
11
+ date: 2023-02-08 00:00:00.000000000 Z
12
+ dependencies:
13
+ - !ruby/object:Gem::Dependency
14
+ requirement: !ruby/object:Gem::Requirement
15
+ requirements:
16
+ - - "~>"
17
+ - !ruby/object:Gem::Version
18
+ version: '2.0'
19
+ name: logstash-core-plugin-api
20
+ prerelease: false
21
+ type: :runtime
22
+ version_requirements: !ruby/object:Gem::Requirement
23
+ requirements:
24
+ - - "~>"
25
+ - !ruby/object:Gem::Version
26
+ version: '2.0'
27
+ - !ruby/object:Gem::Dependency
28
+ requirement: !ruby/object:Gem::Requirement
29
+ requirements:
30
+ - - ">="
31
+ - !ruby/object:Gem::Version
32
+ version: '0'
33
+ name: logstash-devutils
34
+ prerelease: false
35
+ type: :development
36
+ version_requirements: !ruby/object:Gem::Requirement
37
+ requirements:
38
+ - - ">="
39
+ - !ruby/object:Gem::Version
40
+ version: '0'
41
+ - !ruby/object:Gem::Dependency
42
+ requirement: !ruby/object:Gem::Requirement
43
+ requirements:
44
+ - - '='
45
+ - !ruby/object:Gem::Version
46
+ version: 2.5.0
47
+ name: jwt
48
+ prerelease: false
49
+ type: :runtime
50
+ version_requirements: !ruby/object:Gem::Requirement
51
+ requirements:
52
+ - - '='
53
+ - !ruby/object:Gem::Version
54
+ version: 2.5.0
55
+ description: Logstash filter plugin
56
+ email: thallesrv1@gmail.com
57
+ executables: []
58
+ extensions: []
59
+ extra_rdoc_files: []
60
+ files:
61
+ - CHANGELOG.md
62
+ - CONTRIBUTORS
63
+ - DEVELOPER.md
64
+ - Gemfile
65
+ - LICENSE
66
+ - README.md
67
+ - lib/logstash/filters/jwt_decode.rb
68
+ - logstash-filter-jwt_decode.gemspec
69
+ - spec/filters/jwt_decode_spec.rb
70
+ - spec/spec_helper.rb
71
+ homepage: ''
72
+ licenses:
73
+ - Apache-2.0
74
+ metadata:
75
+ logstash_plugin: 'true'
76
+ logstash_group: filter
77
+ post_install_message:
78
+ rdoc_options: []
79
+ require_paths:
80
+ - lib
81
+ required_ruby_version: !ruby/object:Gem::Requirement
82
+ requirements:
83
+ - - ">="
84
+ - !ruby/object:Gem::Version
85
+ version: '0'
86
+ required_rubygems_version: !ruby/object:Gem::Requirement
87
+ requirements:
88
+ - - ">="
89
+ - !ruby/object:Gem::Version
90
+ version: '0'
91
+ requirements: []
92
+ rubygems_version: 3.3.25
93
+ signing_key:
94
+ specification_version: 4
95
+ summary: Logstash filter plugin
96
+ test_files:
97
+ - spec/filters/jwt_decode_spec.rb
98
+ - spec/spec_helper.rb