logstash-filter-jwt_decode 1.0.0

Sign up to get free protection for your applications and to get access to all the features.
@@ -0,0 +1,7 @@
1
+ ---
2
+ SHA256:
3
+ metadata.gz: 89c50db2aed9a821e7933d0530b5a157deb3e4989be3db0c884d05c232f46f9d
4
+ data.tar.gz: ae627c8231e5425e2e1bb50fb9bbc6f17327def0044f3b879c72b8bfaa81fa4d
5
+ SHA512:
6
+ metadata.gz: d538725cb6c65bc8e6c0c1eaad856e15102891af1e2a3ab82ec31c23e4c57fe366ea502d505b26f760ebafb76dbc147352d222ee832c4a9e7a01b3d0146b753e
7
+ data.tar.gz: 708ba7836cf32b1526235baf6d2c84e3d11410c4fd3f919be6df18b6e33fe3b96249aeb6707e4fc1d5ac1a55e806cf603ae2b252cfd8b1f951a7fa88f70bb132
@@ -0,0 +1,2 @@
1
+ ## 0.1.0
2
+ - Plugin created with the logstash plugin generator
@@ -0,0 +1,10 @@
1
+ The following is a list of people who have contributed ideas, code, bug
2
+ reports, or in general have helped logstash along its way.
3
+
4
+ Contributors:
5
+ * Bharat Raj Arutla - bharatraj.arutla@gmail.com
6
+
7
+ Note: If you've sent us patches, bug reports, or otherwise contributed to
8
+ Logstash, and you aren't on the list above and want to be, please let us know
9
+ and we'll make sure you're here. Contributions from folks like you are what make
10
+ open source awesome.
@@ -0,0 +1,2 @@
1
+ # logstash-filter-jwt_decode
2
+ Example filter plugin. This should help bootstrap your effort to write your own filter plugin!
data/Gemfile ADDED
@@ -0,0 +1,3 @@
1
+ source 'https://rubygems.org'
2
+ gemspec
3
+
data/LICENSE ADDED
@@ -0,0 +1,11 @@
1
+ Licensed under the Apache License, Version 2.0 (the "License");
2
+ you may not use this file except in compliance with the License.
3
+ You may obtain a copy of the License at
4
+
5
+ http://www.apache.org/licenses/LICENSE-2.0
6
+
7
+ Unless required by applicable law or agreed to in writing, software
8
+ distributed under the License is distributed on an "AS IS" BASIS,
9
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
10
+ See the License for the specific language governing permissions and
11
+ limitations under the License.
@@ -0,0 +1,86 @@
1
+ # Logstash Plugin
2
+
3
+ This is a plugin for [Logstash](https://github.com/elastic/logstash).
4
+
5
+ It is fully free and fully open source. The license is Apache 2.0, meaning you are pretty much free to use it however you want in whatever way.
6
+
7
+ ## Documentation
8
+
9
+ Logstash provides infrastructure to automatically generate documentation for this plugin. We use the asciidoc format to write documentation so any comments in the source code will be first converted into asciidoc and then into html. All plugin documentation are placed under one [central location](http://www.elastic.co/guide/en/logstash/current/).
10
+
11
+ - For formatting code or config example, you can use the asciidoc `[source,ruby]` directive
12
+ - For more asciidoc formatting tips, see the excellent reference here https://github.com/elastic/docs#asciidoc-guide
13
+
14
+ ## Need Help?
15
+
16
+ Need help? Try #logstash on freenode IRC or the https://discuss.elastic.co/c/logstash discussion forum.
17
+
18
+ ## Developing
19
+
20
+ ### 1. Plugin Developement and Testing
21
+
22
+ #### Code
23
+ - To get started, you'll need JRuby with the Bundler gem installed.
24
+
25
+ - Create a new plugin or clone and existing from the GitHub [logstash-plugins](https://github.com/logstash-plugins) organization. We also provide [example plugins](https://github.com/logstash-plugins?query=example).
26
+
27
+ - Install dependencies
28
+ ```sh
29
+ bundle install
30
+ ```
31
+
32
+ #### Test
33
+
34
+ - Update your dependencies
35
+
36
+ ```sh
37
+ bundle install
38
+ ```
39
+
40
+ - Run tests
41
+
42
+ ```sh
43
+ bundle exec rspec
44
+ ```
45
+
46
+ ### 2. Running your unpublished Plugin in Logstash
47
+
48
+ #### 2.1 Run in a local Logstash clone
49
+
50
+ - Edit Logstash `Gemfile` and add the local plugin path, for example:
51
+ ```ruby
52
+ gem "logstash-filter-awesome", :path => "/your/local/logstash-filter-awesome"
53
+ ```
54
+ - Install plugin
55
+ ```sh
56
+ bin/logstash-plugin install --no-verify
57
+ ```
58
+ - Run Logstash with your plugin
59
+ ```sh
60
+ bin/logstash -e 'filter {awesome {}}'
61
+ ```
62
+ At this point any modifications to the plugin code will be applied to this local Logstash setup. After modifying the plugin, simply rerun Logstash.
63
+
64
+ #### 2.2 Run in an installed Logstash
65
+
66
+ You can use the same **2.1** method to run your plugin in an installed Logstash by editing its `Gemfile` and pointing the `:path` to your local plugin development directory or you can build the gem and install it using:
67
+
68
+ - Build your plugin gem
69
+ ```sh
70
+ gem build logstash-filter-awesome.gemspec
71
+ ```
72
+ - Install the plugin from the Logstash home
73
+ ```sh
74
+ bin/logstash-plugin install /your/local/plugin/logstash-filter-awesome.gem
75
+ ```
76
+ - Start Logstash and proceed to test the plugin
77
+
78
+ ## Contributing
79
+
80
+ All contributions are welcome: ideas, patches, documentation, bug reports, complaints, and even something you drew up on a napkin.
81
+
82
+ Programming is not a required skill. Whatever you've seen about open source and maintainers or community members saying "send patches or die" - you will not see that here.
83
+
84
+ It is more important to the community that you are able to contribute.
85
+
86
+ For more information about contributing, see the [CONTRIBUTING](https://github.com/elastic/logstash/blob/master/CONTRIBUTING.md) file.
@@ -0,0 +1,86 @@
1
+ # encoding: utf-8
2
+ require "logstash/filters/base"
3
+ require "logstash/namespace"
4
+ require "jwt"
5
+
6
+ # This filter will decode the jwt token in your message event and retrievs the values
7
+ # as specified in `extract_fields` and adds the extracted values to the event.
8
+ #
9
+ # It is only intended to be used as an .
10
+ class LogStash::Filters::JWTDecode < LogStash::Filters::Base
11
+
12
+ # Setting the config_name here is required. This is how you
13
+ # configure this filter from your Logstash config.
14
+ #
15
+ # jwt_decode {
16
+ # "match" => "token",
17
+ # "extract_fields" => {"user_id" => "user.id"}
18
+ # }
19
+ #
20
+ # Incase if there is any error during decoding, populates
21
+ # `JWT_PARSER_ERROR` in the event with the corresponding error
22
+ #
23
+ config_name "jwt_decode"
24
+
25
+ # Looks for a match in message which contains the token field
26
+ config :match, :validate => :string, :required => true
27
+ # Valid algorithms are defined here https://tools.ietf.org/html/rfc7518#section-3.1
28
+ config :signature_alg, :validate => :string, :required => false, :default => "HS256"
29
+ config :key, :validate => :string, :required => false, :default => nil
30
+ config :extract_fields, :validate => :hash, :required => true
31
+
32
+
33
+ public
34
+ def register
35
+ # Add instance variables
36
+ if @key && !@signature_alg
37
+ raise LogStash::ConfigurationError, "signature_alg has to be specified if key is present "
38
+ end
39
+ end # def register
40
+
41
+ public
42
+ def filter(event)
43
+ begin
44
+ if not @key
45
+ decoded_token = JWT.decode event.get(@match), nil, false
46
+ else
47
+ decoded_token = JWT.decode event.get(@match), @key, true, {algorithm: @signature_alg}
48
+ end
49
+
50
+ @extract_fields.each do |k, v|
51
+ event.set(k , getValueFromDecodedToken(v, decoded_token[0]))
52
+ end
53
+ rescue JWT::ExpiredSignature
54
+ event.set("JWT_PARSER_ERROR","ExpiredSignature")
55
+ rescue JWT::VerificationError
56
+ event.set("JWT_PARSER_ERROR","VerificationError")
57
+ rescue JWT::ImmatureSignature
58
+ event.set("JWT_PARSER_ERROR","ImmatureSignature")
59
+ rescue JWT::InvalidIssuerError
60
+ event.set("JWT_PARSER_ERROR","InvalidIssuerError")
61
+ rescue JWT::InvalidAudError
62
+ event.set("JWT_PARSER_ERROR","InvalidAudError")
63
+ rescue JWT::InvalidJtiError
64
+ event.set("JWT_PARSER_ERROR","InvalidJtiError")
65
+ rescue JWT::InvalidIatError
66
+ event.set("JWT_PARSER_ERROR","InvalidIatError")
67
+ rescue JWT::InvalidSubError
68
+ event.set("JWT_PARSER_ERROR","InvalidSubError")
69
+ rescue JWT::DecodeError
70
+ event.set("JWT_PARSER_ERROR","DecodeError")
71
+ end
72
+ # filter_matched should go in the last line of our successful code
73
+ filter_matched(event)
74
+ end # def filter
75
+
76
+ private
77
+ def getValueFromDecodedToken(key, decoded_token)
78
+ key.split(".").each do |val, index|
79
+ if decoded_token.nil?
80
+ return nil
81
+ end
82
+ decoded_token = decoded_token[val]
83
+ end
84
+ return decoded_token;
85
+ end
86
+ end # class LogStash::Filters::jwt_decode
@@ -0,0 +1,24 @@
1
+ Gem::Specification.new do |s|
2
+ s.name = 'logstash-filter-jwt_decode'
3
+ s.version = '1.0.0'
4
+ s.licenses = ['Apache-2.0']
5
+ s.summary = 'Logstash filter plugin for decoding JSON Web Token (JWT)'
6
+ s.description = 'Logstash filter plugin for decoding JSON Web Token (JWT)'
7
+ s.homepage = 'https://github.com/bharatraj88/logstash-filter-jwt_decode'
8
+ s.authors = ['Bharat Raj Arutla']
9
+ s.email = 'bharatraj.arutla@gmail.com'
10
+ s.require_paths = ['lib']
11
+
12
+ # Files
13
+ s.files = Dir['lib/**/*','spec/**/*','vendor/**/*','*.gemspec','*.md','CONTRIBUTORS','Gemfile','LICENSE','NOTICE.TXT']
14
+ # Tests
15
+ s.test_files = s.files.grep(%r{^(test|spec|features)/})
16
+
17
+ # Special flag to let us know this is actually a logstash plugin
18
+ s.metadata = { "logstash_plugin" => "true", "logstash_group" => "filter" }
19
+
20
+ # Gem dependencies
21
+ s.add_runtime_dependency "logstash-core-plugin-api", "~> 2.0"
22
+ s.add_development_dependency 'logstash-devutils'
23
+ s.add_runtime_dependency 'jwt',"=1.5.6"
24
+ end
@@ -0,0 +1,89 @@
1
+ # encoding: utf-8
2
+ require_relative '../spec_helper'
3
+ require "logstash/filters/jwt_decode"
4
+ require "jwt"
5
+
6
+ describe LogStash::Filters::JWTDecode do
7
+
8
+ context "Configuration Validations " do
9
+ describe " No match field" do
10
+ it "Expect LogStash::ConfigurationError" do
11
+ expect{
12
+ filter = setup_filter({
13
+ "extract_fields" => {"business_id" => "user.busId"}
14
+ })
15
+ }.to raise_error(LogStash::ConfigurationError)
16
+ end
17
+ end
18
+
19
+ describe " No extract_fields" do
20
+ it "Expect LogStash::ConfigurationError" do
21
+ expect{
22
+ filter = setup_filter({
23
+ "match" => "token"
24
+ })
25
+ }.to raise_error(LogStash::ConfigurationError)
26
+ end
27
+ end
28
+
29
+ describe " No signature_alg defined for key" do
30
+ it "Expect LogStash::ConfigurationError" do
31
+ expect{
32
+ filter = setup_filter({
33
+ "match" => "token",
34
+ "extract_fields" => {"name" => "user.name", "id" => "user.id"},
35
+ "key" => "SECRET",
36
+ "signature_alg"=> nil
37
+ })
38
+ }.to raise_error(LogStash::ConfigurationError)
39
+ end
40
+ end
41
+
42
+ describe " Invalid Key" do
43
+ it "Expect VerificationError" do
44
+ filter = setup_filter({
45
+ "match" => "token",
46
+ "extract_fields" => {"name" => "user.name", "id" => "user.id"},
47
+ "key" => "SECRET123",
48
+ "signature_alg"=>"HS256"
49
+ })
50
+ event = start_event({"token" => "eyJhbGciOiJIUzI1NiJ9.eyJ1c2VyIjp7Im5hbWUiOiJ0ZXN0TmFtZSIsImlkIjo0fX0.5fs1Ghwm9rtN2GaB66bhTLbYrEAuBxh4s46uOyX6Zos"})
51
+ filter.filter(event)
52
+ expect(event.get("JWT_PARSER_ERROR")).to eq("VerificationError")
53
+ end
54
+ end
55
+
56
+ end
57
+
58
+ context "Check Decode token" do
59
+ describe " Decode token with no key " do
60
+ it "Decode token with no key" do
61
+ filter = setup_filter({
62
+ "match" => "token",
63
+ "extract_fields" => {"name" => "user.name", "id" => "user.id"}
64
+ })
65
+ event = start_event({"token" => "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyIjp7Im5hbWUiOiJ0ZXN0TmFtZSIsImlkIjo0fX0.P_GRg4n5J7ka3SQKG308clou9OuyxLxAj6V7kb7NcQQ"})
66
+ filter.filter(event)
67
+ expect(event.get("id")).to eq(4)
68
+ expect(event.get("name")).to eq("testName")
69
+ end
70
+ end
71
+
72
+ describe " Decode token with key " do
73
+ it "Decode token with no key" do
74
+ filter = setup_filter({
75
+ "match" => "token",
76
+ "extract_fields" => {"name" => "user.name", "id" => "user.id"},
77
+ "key" => "SECRET",
78
+ "signature_alg"=>"HS256"
79
+ })
80
+ event = start_event({"token" => "eyJhbGciOiJIUzI1NiJ9.eyJ1c2VyIjp7Im5hbWUiOiJ0ZXN0TmFtZSIsImlkIjo0fX0.5fs1Ghwm9rtN2GaB66bhTLbYrEAuBxh4s46uOyX6Zos"})
81
+ filter.filter(event)
82
+ expect(event.get("id")).to eq(4)
83
+ expect(event.get("name")).to eq("testName")
84
+ end
85
+ end
86
+
87
+ end
88
+
89
+ end
@@ -0,0 +1,17 @@
1
+ # encoding: utf-8
2
+ require "logstash/devutils/rspec/spec_helper"
3
+ require "logstash/filters/jwt_decode"
4
+
5
+ def event(data = {})
6
+ LogStash::Event.new(data)
7
+ end
8
+
9
+ def start_event(data = {})
10
+ event(data)
11
+ end
12
+
13
+ def setup_filter(config = {})
14
+ filter = LogStash::Filters::JWTDecode.new(config)
15
+ filter.register()
16
+ return filter
17
+ end
metadata ADDED
@@ -0,0 +1,99 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: logstash-filter-jwt_decode
3
+ version: !ruby/object:Gem::Version
4
+ version: 1.0.0
5
+ platform: ruby
6
+ authors:
7
+ - Bharat Raj Arutla
8
+ autorequire:
9
+ bindir: bin
10
+ cert_chain: []
11
+ date: 2019-07-25 00:00:00.000000000 Z
12
+ dependencies:
13
+ - !ruby/object:Gem::Dependency
14
+ requirement: !ruby/object:Gem::Requirement
15
+ requirements:
16
+ - - "~>"
17
+ - !ruby/object:Gem::Version
18
+ version: '2.0'
19
+ name: logstash-core-plugin-api
20
+ prerelease: false
21
+ type: :runtime
22
+ version_requirements: !ruby/object:Gem::Requirement
23
+ requirements:
24
+ - - "~>"
25
+ - !ruby/object:Gem::Version
26
+ version: '2.0'
27
+ - !ruby/object:Gem::Dependency
28
+ requirement: !ruby/object:Gem::Requirement
29
+ requirements:
30
+ - - ">="
31
+ - !ruby/object:Gem::Version
32
+ version: '0'
33
+ name: logstash-devutils
34
+ prerelease: false
35
+ type: :development
36
+ version_requirements: !ruby/object:Gem::Requirement
37
+ requirements:
38
+ - - ">="
39
+ - !ruby/object:Gem::Version
40
+ version: '0'
41
+ - !ruby/object:Gem::Dependency
42
+ requirement: !ruby/object:Gem::Requirement
43
+ requirements:
44
+ - - '='
45
+ - !ruby/object:Gem::Version
46
+ version: 1.5.6
47
+ name: jwt
48
+ prerelease: false
49
+ type: :runtime
50
+ version_requirements: !ruby/object:Gem::Requirement
51
+ requirements:
52
+ - - '='
53
+ - !ruby/object:Gem::Version
54
+ version: 1.5.6
55
+ description: Logstash filter plugin for decoding JSON Web Token (JWT)
56
+ email: bharatraj.arutla@gmail.com
57
+ executables: []
58
+ extensions: []
59
+ extra_rdoc_files: []
60
+ files:
61
+ - CHANGELOG.md
62
+ - CONTRIBUTORS
63
+ - DEVELOPER.md
64
+ - Gemfile
65
+ - LICENSE
66
+ - README.md
67
+ - lib/logstash/filters/jwt_decode.rb
68
+ - logstash-filter-jwt_decode.gemspec
69
+ - spec/filters/jwt_decode_spec.rb
70
+ - spec/spec_helper.rb
71
+ homepage: https://github.com/bharatraj88/logstash-filter-jwt_decode
72
+ licenses:
73
+ - Apache-2.0
74
+ metadata:
75
+ logstash_plugin: 'true'
76
+ logstash_group: filter
77
+ post_install_message:
78
+ rdoc_options: []
79
+ require_paths:
80
+ - lib
81
+ required_ruby_version: !ruby/object:Gem::Requirement
82
+ requirements:
83
+ - - ">="
84
+ - !ruby/object:Gem::Version
85
+ version: '0'
86
+ required_rubygems_version: !ruby/object:Gem::Requirement
87
+ requirements:
88
+ - - ">="
89
+ - !ruby/object:Gem::Version
90
+ version: '0'
91
+ requirements: []
92
+ rubyforge_project:
93
+ rubygems_version: 2.7.6
94
+ signing_key:
95
+ specification_version: 4
96
+ summary: Logstash filter plugin for decoding JSON Web Token (JWT)
97
+ test_files:
98
+ - spec/filters/jwt_decode_spec.rb
99
+ - spec/spec_helper.rb