RubyGems - logstash-filter-public_ip - Versions diffs - 1.0.0 → 1.0.2 - Mend

logstash-filter-public_ip 1.0.0 → 1.0.2

Files changed (10) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +5 -0
data/README.md +38 -81
data/lib/logstash/filters/public_ip.rb +90 -16
data/logstash-filter-public_ip.gemspec +1 -1
data/spec/filters/public_ip_spec.rb +17 -0
metadata +2 -5
data/CONTRIBUTORS +0 -10
data/DEVELOPER.md +0 -2
data/lib/logstash/filters/ipvlookup.rb +0 -114

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 8ef725fbabc89b872a939bd726a4f0cb4aa0326966fc40c15132feecfe301a15
-  data.tar.gz: a73f1fdc599f715d1d2864140397f5fe83185a4667d9a055938466be3821af1f
+  metadata.gz: d8ad958c9975e1979ffd5c6ae16347bbbd47ca0c176b2de570488ca7365ec6ca
+  data.tar.gz: d0103de21ee835e76279455bcf05a1ee4fcf7005ca62a8b4fb3017b3a8667997
 SHA512:
-  metadata.gz: 13aac613c69dde633abadd03a6113b9f96466c49e00b7ad94856e110977aeb920ad0f6d742f54f74a40011112478c699b5536cdacfab006d1b479bf3e0a18e5e
-  data.tar.gz: 3367379b540aece4c03b7efbd630441ed142314fae44d643e2f8613feaad99d3aeb641506646978448a5dd91f7c735f4cbfba30a47f33446afb12992ed2d39c5
+  metadata.gz: 412020f4480f5967261c1b43d25cc22859fb1ce3e5bfecf6668b881bb0288b3fe77457751da09e0eb4941dbf0cd38559617f9f957d02f8da1e9640e633c92244
+  data.tar.gz: 171a671373fce9490b2c2fe82e4355491050cfc77593bebab3849625ee3c7300fd1a9ebe7443d5f1f5814c6546947fb5e35c5f941f0f8819672a10fac7924e3a

data/CHANGELOG.md CHANGED

@@ -1,3 +1,8 @@
+## 1.0.2
+ - fixed bad release of gem
+## 1.0.1
+  - removed ipvlookup class and placed code in main plugin
+  - improved speed on lookup
 ## 1.0.0
   - changed array lookup
 ## 0.1.1

data/README.md CHANGED

@@ -1,94 +1,51 @@
-# Logstash Plugin
+# Logstash Plugin - public_ip
 This is a plugin for [Logstash](https://github.com/elastic/logstash).
 It is fully free and fully open source. The license is Apache 2.0, meaning you are pretty much free to use it however you want in whatever way.
-## Documentation
 This Logstash filter plugin is used to determine ip version and if the ip address is public.
-This is a plugin for [Logstash](https://github.com/elastic/logstash).
-Logstash provides infrastructure to automatically generate documentation for this plugin. We use the asciidoc format to write documentation so any comments in the source code will be first converted into asciidoc and then into html. All plugin documentation are placed under one [central location](http://www.elastic.co/guide/en/logstash/current/).
-- For formatting code or config example, you can use the asciidoc `[source,ruby]` directive
-- For more asciidoc formatting tips, see the excellent reference here https://github.com/elastic/docs#asciidoc-guide
-## Need Help?
-Need help? Try #logstash on freenode IRC or the https://discuss.elastic.co/c/logstash discussion forum.
-## Developing
-### 1. Plugin Developement and Testing
-#### Code
-- To get started, you'll need JRuby with the Bundler gem installed.
-- Create a new plugin or clone and existing from the GitHub [logstash-plugins](https://github.com/logstash-plugins) organization. We also provide [example plugins](https://github.com/logstash-plugins?query=example).
-- Install dependencies
-```sh
-bundle install
-```
-#### Test
-- Update your dependencies
-```sh
-bundle install
-```
-- Run tests
-```sh
-bundle exec rspec
-```
-### 2. Running your unpublished Plugin in Logstash
-#### 2.1 Run in a local Logstash clone
-- Edit Logstash `Gemfile` and add the local plugin path, for example:
-```ruby
-gem "logstash-filter-awesome", :path => "/your/local/logstash-filter-awesome"
-```
-- Install plugin
-```sh
-bin/logstash-plugin install --no-verify
-```
-- Run Logstash with your plugin
-```sh
-bin/logstash -e 'filter {awesome {}}'
-```
-At this point any modifications to the plugin code will be applied to this local Logstash setup. After modifying the plugin, simply rerun Logstash.
-#### 2.2 Run in an installed Logstash
-You can use the same **2.1** method to run your plugin in an installed Logstash by editing its `Gemfile` and pointing the `:path` to your local plugin development directory or you can build the gem and install it using:
-- Build your plugin gem
-```sh
-gem build logstash-filter-awesome.gemspec
-```
-- Install the plugin from the Logstash home
-```sh
-bin/logstash-plugin install /your/local/plugin/logstash-filter-awesome.gem
+The plugin uses the following cidr ranges to determine if the ipaddress is in a non-public range.
+```
+# NON-PUBLIC REASONS
+# ---------------
+# 0.0.0.0/8 = RFC1700: reserved as a source address only
+# 10.0.0.0/8 = RFC1918: reserved for private networking
+# 100.64.0.0/10 = RFC6598: reserved for service provider shared address space but may be used in a manner similiar to RF1918
+# 127.0.0.0/8 = RFC1112: assigned for use as the Internet host loopback address
+# 169.254.0.0/16 = RFC3927: used for link-local addressing in Internet Protocol Version 4
+# 172.16.0.0/12 = RFC1918: reserved for private networking
+# 192.0.0.0/24 = RFC6890: IETF Protocol Assignments
+# 192.0.0.8/32 = RFC7600: IPv4 dummy address
+# 192.0.2.0/24 = RFC5737: Assigned as TEST-NET-1, documentation and examples
+# 192.31.196.0/24 = RFC7535: AS112-v4
+# 192.52.193.0/24 = RFC7450: AMT
+# 192.88.99.0/24 = RFC7526: Reserved. Formerly used for IPv6 to IPv4 relay (included IPv6 address block 2002::/16
+# 192.168.0.0/16 = RFC1918: reserved for private networking
+# 198.18.0.0/15 = RFC2544: Used for benchmark testing of inter-network communications between two separate subnets
+# 198.51.100.0/24 = RFC5737: Assigned as TEST-NET-2, documentation and examples
+# 203.0.113.0/24 = RFC5737: Assigned as TEST-NET-3, documentation and examples
+# 224.0.0.0/4 = RFC1112: In use for IP multicast (Former Class D network)
+# 240.0.0.0/4 = RFC6890: Reserved for future use. (Former Class E network)
+# 255.255.255.255/32 = RFC8190: Reserved for the limited broadcast destination address
+# fc00::/7 = RFC4193: Unique Local Address
+# fe80::/10 = RFC4291: Link-Local Address
+# ff00::/8 = RFC4291: Multicast Address
+# 2001:db8::/32 = RFC3849: Addresses used in documentation and example source code
+# 2001:20::/28 = RFC7343: Prefix for Overlay Routable Cryptographic Hash Identifiers Version 2
+# ::1/128 = RFC8190: Loopback address to local host
+# ::/128 = RFC8190: Unspecified address
+# 100::/64 = RFC6666: Discard Prefix
+# 64:ff9b::/96 = RFC6052: IPv4/IPv6 translation
+```
+## Installation
+```
+bin/logstash-plugin install logstash-filter-public_ip
 ```
 - Start Logstash and proceed to test the plugin
-## Contributing
-All contributions are welcome: ideas, patches, documentation, bug reports, complaints, and even something you drew up on a napkin.
-Programming is not a required skill. Whatever you've seen about open source and maintainers or community members  saying "send patches or die" - you will not see that here.
-It is more important to the community that you are able to contribute.
-For more information about contributing, see the [CONTRIBUTING](https://github.com/elastic/logstash/blob/master/CONTRIBUTING.md) file.
 #### USAGE
 ```
 filter {

data/lib/logstash/filters/public_ip.rb CHANGED

@@ -1,15 +1,41 @@
 # encoding: utf-8
 require "logstash/filters/base"
-require "logstash/filters/public_ip"
-require "logstash/filters/ipvlookup"
+require "logstash/namespace"
+require 'ipaddr'
+# NON-PUBLIC CIDRS THIS PLUGIN USES TO VERIFY IF THE IP IS PUBLIC OR PRIVATE
+# ---------------
+# 0.0.0.0/8 = RFC1700: reserved as a source address only
+# 10.0.0.0/8 = RFC1918: reserved for private networking
+# 100.64.0.0/10 = RFC6598: reserved for service provider shared address space but may be used in a manner similiar to RF1918
+# 127.0.0.0/8 = RFC1112: assigned for use as the Internet host loopback address
+# 169.254.0.0/16 = RFC3927: used for link-local addressing in Internet Protocol Version 4
+# 172.16.0.0/12 = RFC1918: reserved for private networking
+# 192.0.0.0/24 = RFC6890: IETF Protocol Assignments
+# 192.0.0.8/32 = RFC7600: IPv4 dummy address
+# 192.0.2.0/24 = RFC5737: Assigned as TEST-NET-1, documentation and examples
+# 192.31.196.0/24 = RFC7535: AS112-v4
+# 192.52.193.0/24 = RFC7450: AMT
+# 192.88.99.0/24 = RFC7526: Reserved. Formerly used for IPv6 to IPv4 relay (included IPv6 address block 2002::/16
+# 192.168.0.0/16 = RFC1918: reserved for private networking
+# 198.18.0.0/15 = RFC2544: Used for benchmark testing of inter-network communications between two separate subnets
+# 198.51.100.0/24 = RFC5737: Assigned as TEST-NET-2, documentation and examples
+# 203.0.113.0/24 = RFC5737: Assigned as TEST-NET-3, documentation and examples
+# 224.0.0.0/4 = RFC1112: In use for IP multicast (Former Class D network)
+# 240.0.0.0/4 = RFC6890: Reserved for future use. (Former Class E network)
+# 255.255.255.255/32 = RFC8190: Reserved for the limited broadcast destination address
+# fc00::/7 = RFC4193: Unique Local Address
+# fe80::/10 = RFC4291: Link-Local Address
+# ff00::/8 = RFC4291: Multicast Address
+# 2001:db8::/32 = RFC3849: Addresses used in documentation and example source code
+# 2001:20::/28 = RFC7343: Prefix for Overlay Routable Cryptographic Hash Identifiers Version 2
+# ::1/128 = RFC8190: Loopback address to local host
+# ::/128 = RFC8190: Unspecified address
+# 100::/64 = RFC6666: Discard Prefix
+# 64:ff9b::/96 = RFC6052: IPv4/IPv6 translation
-# This  filter will replace the contents of the default
-# message field with whatever you specify in the configuration.
-#
-# It is only intended to be used as an .
 class LogStash::Filters::PublicIp < LogStash::Filters::Base
-  # Setting the config_name here is required. This is how you
   # configure this filter from your Logstash config.
   #
   # filter {
@@ -33,20 +59,68 @@ class LogStash::Filters::PublicIp < LogStash::Filters::Base
   public
   def register
-  end
+    # NON-PUBLIC CIDR ARRAY
+    @cidr = [
+      "0.0.0.0/8",
+      "10.0.0.0/8",
+      "100.64.0.0/10",
+      "127.0.0.0/8",
+      "169.254.0.0/16",
+      "172.16.0.0/12",
+      "192.0.0.0/24",
+      "192.0.0.8/32",
+      "192.0.2.0/24",
+      "192.31.196.0/24",
+      "192.52.193.0/24",
+      "192.88.99.0/24",
+      "192.168.0.0/16",
+      "198.18.0.0/15",
+      "198.51.100.0/24",
+      "203.0.113.0/24",
+      "224.0.0.0/4",
+      "240.0.0.0/4",
+      "255.255.255.255/32",
+      "fc00::/7",
+      "fe80::/10",
+      "ff00::/8",
+      "2001:db8::/32",
+      "2001:20::/28",
+      "::1/128",
+      "::/128",
+      "100::/64",
+      "64:ff9b::/96"
+    ]
+  end # def register
   public
   def filter(event)
-    ip = event.get(@source)
-    lookup = Ipvlookup.new(ip)
-    validip = lookup.validip
+    begin
+      ip = event.get(@source)
+      srcip = IPAddr.new(ip)
+      validip = true
+    rescue
+      validip = false
+    end
     if validip == true
-      ipv = lookup.ipversion
+      # ip version
+      if srcip.ipv4?
+        ipv = '4'
+      elsif srcip.ipv6?
+        ipv = '6'
+      end
       event.set("#{@target_ipv}", ipv)
-      pubip = lookup.pubip
+      # public ip check
+      pubip = true
+      @cidr.each do |p|
+        cidr = IPAddr.new(p)
+        if cidr.include?(srcip)
+          pubip = false
+        end
+      end
       event.set("#{@target_pub_ip}", pubip)
     end
     # Tag event if invalid ip
     tag_invalid_ip(event) if validip == false
     # filter_matched should go in the last line of our successful code
@@ -54,8 +128,8 @@ class LogStash::Filters::PublicIp < LogStash::Filters::Base
   end # def filter
   def tag_invalid_ip(event)
-    @logger.debug? && @logger.debug("Invalid IP #{event.get(@source)}", :event => event)
+    @logger.debug? && @logger.warn("Invalid IP #{event.get(@source)}", :event => event)
     @tag_on_invalid_ip.each{|tag| event.tag(tag)}
-  end
+  end # def tag_invalid_ip
 end # class LogStash::Filters::PublicIp

data/logstash-filter-public_ip.gemspec CHANGED

@@ -1,6 +1,6 @@
 Gem::Specification.new do |s|
   s.name          = 'logstash-filter-public_ip'
-  s.version       = '1.0.0'
+  s.version       = '1.0.2'
   s.licenses      = ['Apache-2.0']
   s.summary       = 'IP version and Public check'
   s.description   = 'logstash plugin that checks ip version and if the ip is public'

data/spec/filters/public_ip_spec.rb CHANGED

@@ -71,4 +71,21 @@ describe LogStash::Filters::PublicIp do
     end
   end
+  describe "no valid source" do
+    let(:config) do <<-CONFIG
+      filter {
+        public_ip {
+          source => "ip"
+          target_ipv => "ipv"
+          target_pub_ip => "pubip"
+        }
+      }
+    CONFIG
+    end
+    sample("ip" => nil) do
+      expect(subject.get("tags")).to include("_invalid_ip")
+    end
+  end
 end

metadata CHANGED

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: logstash-filter-public_ip
 version: !ruby/object:Gem::Version
-  version: 1.0.0
+  version: 1.0.2
 platform: ruby
 authors:
 - Mike Pananen
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2019-01-29 00:00:00.000000000 Z
+date: 2019-03-22 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   requirement: !ruby/object:Gem::Requirement
@@ -45,12 +45,9 @@ extensions: []
 extra_rdoc_files: []
 files:
 - CHANGELOG.md
-- CONTRIBUTORS
-- DEVELOPER.md
 - Gemfile
 - LICENSE
 - README.md
-- lib/logstash/filters/ipvlookup.rb
 - lib/logstash/filters/public_ip.rb
 - logstash-filter-public_ip.gemspec
 - spec/filters/public_ip_spec.rb

data/CONTRIBUTORS DELETED

@@ -1,10 +0,0 @@
-The following is a list of people who have contributed ideas, code, bug
-reports, or in general have helped logstash along its way.
-Contributors:
-*  -
-Note: If you've sent us patches, bug reports, or otherwise contributed to
-Logstash, and you aren't on the list above and want to be, please let us know
-and we'll make sure you're here. Contributions from folks like you are what make
-open source awesome.

data/DEVELOPER.md DELETED

	@@ -1,2 +0,0 @@
1	- # logstash-filter-public_ip
2	- Example filter plugin. This should help bootstrap your effort to write your own filter plugin!

data/lib/logstash/filters/ipvlookup.rb DELETED

@@ -1,114 +0,0 @@
-# encoding: utf-8
-require 'ipaddr'
-# NON-PUBLIC REASONS
-# ---------------
-# 0.0.0.0/8 = RFC1700: reserved as a source address only
-# 10.0.0.0/8 = RFC1918: reserved for private networking
-# 100.64.0.0/10 = RFC6598: reserved for service provider shared address space but may be used in a manner similiar to RF1918
-# 127.0.0.0/8 = RFC1112: assigned for use as the Internet host loopback address
-# 169.254.0.0/16 = RFC3927: used for link-local addressing in Internet Protocol Version 4
-# 172.16.0.0/12 = RFC1918: reserved for private networking
-# 192.0.0.0/24 = RFC6890: IETF Protocol Assignments
-# 192.0.0.8/32 = RFC7600: IPv4 dummy address
-# 192.0.2.0/24 = RFC5737: Assigned as TEST-NET-1, documentation and examples
-# 192.31.196.0/24 = RFC7535: AS112-v4
-# 192.52.193.0/24 = RFC7450: AMT
-# 192.88.99.0/24 = RFC7526: Reserved. Formerly used for IPv6 to IPv4 relay (included IPv6 address block 2002::/16
-# 192.168.0.0/16 = RFC1918: reserved for private networking
-# 198.18.0.0/15 = RFC2544: Used for benchmark testing of inter-network communications between two separate subnets
-# 198.51.100.0/24 = RFC5737: Assigned as TEST-NET-2, documentation and examples
-# 203.0.113.0/24 = RFC5737: Assigned as TEST-NET-3, documentation and examples
-# 224.0.0.0/4 = RFC1112: In use for IP multicast (Former Class D network)
-# 240.0.0.0/4 = RFC6890: Reserved for future use. (Former Class E network)
-# 255.255.255.255/32 = RFC8190: Reserved for the limited broadcast destination address
-# fc00::/7 = RFC4193: Unique Local Address
-# fe80::/10 = RFC4291: Link-Local Address
-# ff00::/8 = RFC4291: Multicast Address
-# 2001:db8::/32 = RFC3849: Addresses used in documentation and example source code
-# 2001:20::/28 = RFC7343: Prefix for Overlay Routable Cryptographic Hash Identifiers Version 2
-# ::1/128 = RFC8190: Loopback address to local host
-# ::/128 = RFC8190: Unspecified address
-# 100::/64 = RFC6666: Discard Prefix
-# 64:ff9b::/96 = RFC6052: IPv4/IPv6 translation
-class Ipvlookup
-  def initialize(ipaddress)
-    @ipaddress = ipaddress
-    @cidr = [
-      "0.0.0.0/8",
-      "10.0.0.0/8",
-      "100.64.0.0/10",
-      "127.0.0.0/8",
-      "169.254.0.0/16",
-      "172.16.0.0/12",
-      "192.0.0.0/24",
-      "192.0.0.8/32",
-      "192.0.2.0/24",
-      "192.31.196.0/24",
-      "192.52.193.0/24",
-      "192.88.99.0/24",
-      "192.168.0.0/16",
-      "198.18.0.0/15",
-      "198.51.100.0/24",
-      "203.0.113.0/24",
-      "224.0.0.0/4",
-      "240.0.0.0/4",
-      "255.255.255.255/32",
-      "fc00::/7",
-      "fe80::/10",
-      "ff00::/8",
-      "2001:db8::/32",
-      "2001:20::/28",
-      "::1/128",
-      "::/128",
-      "100::/64",
-      "64:ff9b::/96"
-    ]
-  end
-  def validip
-    begin
-      @src = IPAddr.new("#{@ipaddress}")
-      if @src.ipv4?
-        @valid = true
-        @ipv = '4'
-      elsif @src.ipv6?
-        @valid = true
-        @ipv = '6'
-      else
-        @valid = false
-      end
-    rescue
-      @valid = false
-    end
-    return @valid
-  end
-  def ipversion
-    if @valid == true
-      return "#{@ipv}"
-    end
-  end
-  def pubip
-    if @valid == true
-      prvip = @cidr.collect{|p|
-        cnet = IPAddr.new(p)
-        cnet.include?(@src)
-      }
-      if prvip.include? true
-        public_ip = false
-      else
-        public_ip = true
-      end
-      return public_ip
-      #public_ip = true
-      #for p in @cidr do
-      #  cidr = IPAddr.new(p)
-      #  if cidr.include?(@src) == true
-      #    public_ip = false
-      #  end
-      #end
-      #return public_ip
-    end
-  end
-end