RubyGems - logstash-filter-useragent - Versions diffs - 3.2.2-java → 3.3.2-java - Mend

logstash-filter-useragent 3.2.2-java → 3.3.2-java

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (11) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +28 -0
data/LICENSE +199 -10
data/README.md +1 -1
data/docs/index.asciidoc +95 -11
data/lib/logstash/filters/useragent.rb +146 -55
data/logstash-filter-useragent.gemspec +1 -0
data/spec/filters/useragent_spec.rb +429 -69
data/vendor/jar-dependencies/org/logstash/filters/logstash-filter-useragent/{3.2.2/logstash-filter-useragent-3.2.2.jar → 3.3.2/logstash-filter-useragent-3.3.2.jar} +0 -0
data/version +1 -1
metadata +18 -5

data/spec/filters/useragent_spec.rb CHANGED Viewed

@@ -1,105 +1,448 @@
 # encoding: utf-8
 require "logstash/devutils/rspec/spec_helper"
+require 'logstash/plugin_mixins/ecs_compatibility_support/spec_helper'
 require "logstash/filters/useragent"
 describe LogStash::Filters::UserAgent do
-  describe "defaults" do
-    config <<-CONFIG
-      filter {
-        useragent {
-          source => "message"
-          target => "ua"
+  subject { LogStash::Filters::UserAgent.new(options) }
+  let(:options) { { 'source' => 'message' } }
+  let(:message) { "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.85 Safari/537.36" }
+  let(:event) { LogStash::Event.new('message' => message) }
+  context 'with target', :ecs_compatibility_support do
+    ecs_compatibility_matrix(:disabled, :v1, :v8 => :v1) do |ecs_select|
+      let(:ecs_compatibility?) { ecs_select.active_mode != :disabled }
+      before(:each) do
+        allow_any_instance_of(described_class).to receive(:ecs_compatibility).and_return(ecs_compatibility)
+      end
+      config <<-CONFIG
+        filter {
+          useragent {
+            source => "message"
+            target => "ua"
+          }
         }
-      }
-    CONFIG
+      CONFIG
+      sample "Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/26.0.1410.63 Safari/537.31" do
+        expect( subject.to_hash ).to include("ua")
+        expect( subject.get("[ua][name]") ).to eql "Chrome"
+        if ecs_compatibility?
+          expect( subject.get("[ua][os][name]") ).to eql "Linux"
+          expect( subject.get("[ua][os][full]") ).to eql "Linux"
+          expect( subject.get("[ua][device][name]") ).to eql "Other"
+          ua_metadata = subject.get("[@metadata][filter][user_agent]")
+          expect( ua_metadata ).to include 'version' => { 'major' => '26', 'minor' => '0', 'patch' => '1410' }
+          expect( subject.get("[ua][version]") ).to eql "26.0.1410.63"
+          expect( subject.get("[ua]").keys ).to_not include 'major'
+          expect( subject.get("[ua]").keys ).to_not include 'minor'
+        else
+          expect( subject.get("[ua][os_name]") ).to eql "Linux"
+          expect( subject.get("[ua][os_full]") ).to eql "Linux"
+          expect( subject.get("[ua][os]") ).to eql "Linux"
+          expect( subject.get("[ua][device]") ).to eql "Other"
+          expect( subject.get("[ua][major]") ).to eql "26"
+          expect( subject.get("[ua][minor]") ).to eql "0"
+        end
+        expect( subject.get("[ua][name]").encoding ).to eql Encoding::UTF_8
+      end
+      sample "MacOutlook/16.24.0.190414 (Intelx64 Mac OS X Version 10.14.4 (Build 18E226))" do
+        expect( subject.to_hash ).to include("ua")
+        expect( subject.get("[ua][name]") ).to eql "MacOutlook"
+        if ecs_compatibility?
+          expect( subject.get("[ua][version]") ).to eql "16.24.0.190414"
+          expect( subject.get("[ua][os][full]") ).to eql "Mac OS X 10.14.4"
+          expect( subject.get("[ua][os][name]") ).to eql "Mac OS X"
+          expect( subject.get("[ua][os][version]") ).to eql '10.14.4'
+          expect( subject.get("[ua][device][name]") ).to eql 'Mac'
+          expect( subject.get("[ua][os][name]").encoding ).to eql Encoding::UTF_8
+        else
+          expect( subject.get("[ua][major]") ).to eql "16"
+          expect( subject.get("[ua][minor]") ).to eql "24"
+          expect( subject.get("[ua][patch]") ).to eql "0"
+          expect( subject.get("[ua][os_full]") ).to eql "Mac OS X 10.14.4"
+          expect( subject.get("[ua][os_name]") ).to eql "Mac OS X"
+          expect( subject.get("[ua][os_major]") ).to eql '10'
+          expect( subject.get("[ua][os_minor]") ).to eql '14'
+          expect( subject.get("[ua][device]") ).to eql 'Mac'
+          expect( subject.get("[ua][os]") ).to eql "Mac OS X"
+          expect( subject.get("[ua][os]").encoding ).to eql Encoding::UTF_8
+        end
+      end
+      # Safari 12 on Mojave
+      sample "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0 Safari/605.1.15" do
+        expect( subject.to_hash ).to include("ua")
+        expect( subject.get("[ua][name]") ).to eql "Safari"
+        if ecs_compatibility?
+          expect( subject.get("[ua][version]") ).to eql "12.0"
+          expect( subject.get("[ua][os][full]") ).to eql "Mac OS X 10.14"
+          expect( subject.get("[ua][os][name]") ).to eql "Mac OS X"
+          expect( subject.get("[ua][os][version]") ).to eql '10.14'
+          ua_metadata = subject.get("[@metadata][filter][user_agent][os]")
+          expect( ua_metadata ).to include 'version' => { 'major' => '10', 'minor' => '14' }
+          expect( subject.get("[@metadata][filter][user_agent][os][version][major]").encoding ).to eql Encoding::UTF_8
+        else
+          expect( subject.get("[ua][major]") ).to eql "12"
+          expect( subject.get("[ua][minor]") ).to eql "0"
+          expect( subject.get("[ua][patch]") ).to be nil
+          expect( subject.get("[ua][os_full]") ).to eql "Mac OS X 10.14"
+          expect( subject.get("[ua][os_name]") ).to eql "Mac OS X"
+          expect( subject.get("[ua][os_major]") ).to eql '10'
+          expect( subject.get("[ua][os_minor]") ).to eql '14'
+          expect( subject.get("[ua][os_major]").encoding ).to eql Encoding::UTF_8
+        end
+      end
+      # Safari 7 on Mac OS X (Mavericks)
+      sample "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_3) AppleWebKit/537.75.14 (KHTML, like Gecko) Version/7.0.3 Safari/7046A194A" do
+        expect( subject.to_hash ).to include("ua")
+        expect( subject.get("[ua][name]") ).to eql "Safari"
+        if ecs_compatibility?
+          expect( subject.get("[ua][version]") ).to eql "7.0.3"
+          expect( subject.get("[ua][os][full]") ).to eql "Mac OS X 10.9.3"
+          expect( subject.get("[ua][os][name]") ).to eql "Mac OS X"
+          expect( subject.get("[ua][device][name]") ).to eql 'Mac'
+        else
+          expect( subject.get("[ua][major]") ).to eql "7"
+          expect( subject.get("[ua][minor]") ).to eql "0"
+          expect( subject.get("[ua][patch]") ).to eql "3"
+          expect( subject.get("[ua][os_full]") ).to eql "Mac OS X 10.9.3"
+          expect( subject.get("[ua][os_name]") ).to eql "Mac OS X"
+          expect( subject.get("[ua][os_major]") ).to eql '10'
+          expect( subject.get("[ua][os_minor]") ).to eql '9'
+          expect( subject.get("[ua][device]") ).to eql 'Mac'
+        end
+      end
+      sample "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:45.0) Gecko/20100101 Firefox/45.0" do
+        expect( subject.to_hash ).to include("ua")
+        expect( subject.get("[ua][name]") ).to eql "Firefox"
+        if ecs_compatibility?
+          expect( subject.get("[ua][version]") ).to eql "45.0"
+          expect( subject.get("[ua][os][full]") ).to eql "Mac OS X 10.11"
+          expect( subject.get("[ua][os][name]") ).to eql "Mac OS X"
+          expect( subject.get("[ua][os][version]") ).to eql '10.11'
+          expect( subject.get("[ua][device][name]") ).to eql 'Mac'
+        else
+          expect( subject.get("[ua][major]") ).to eql "45"
+          expect( subject.get("[ua][minor]") ).to eql "0"
+          expect( subject.get("[ua][patch]") ).to be nil
+          expect( subject.get("[ua][os_full]") ).to eql "Mac OS X 10.11"
+          expect( subject.get("[ua][os_name]") ).to eql "Mac OS X"
+          expect( subject.get("[ua][os_major]") ).to eql '10'
+          expect( subject.get("[ua][os_minor]") ).to eql '11'
+          expect( subject.get("[ua][device]") ).to eql 'Mac'
+        end
+      end
+      # IE7 Vista
+      sample "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)" do
+        expect( subject.to_hash ).to include("ua")
+        if ecs_compatibility?
+          expect( subject.get("[ua][os][name]") ).to eql "Windows"
+          expect( subject.get("[ua][os][version]") ).to eql 'Vista'
+          expect( subject.get("[ua][device][name]") ).to eql 'Other'
+          expect( subject.get("[ua][device][name]").encoding ).to eql Encoding::UTF_8
+        else
+          expect( subject.get("[ua][os_name]") ).to eql "Windows"
+          expect( subject.get("[ua][os_major]") ).to eql 'Vista'
+          expect( subject.get("[ua][os_minor]") ).to be nil
+          expect( subject.get("[ua][device]") ).to eql 'Other'
+          expect( subject.get("[ua][device]").encoding ).to eql Encoding::UTF_8
+        end
+      end
+      # IE8 XP
+      sample "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.5.30729)" do
+        expect( subject.to_hash ).to include("ua")
+        expect( subject.get("[ua][name]") ).to eql 'IE'
+        if ecs_compatibility?
+          expect( subject.get("[ua][os][name]") ).to eql 'Windows'
+          expect( subject.get("[ua][os][version]") ).to eql 'XP'
+          expect( subject.get("[ua][device][name]") ).to eql 'Other'
+        else
+          expect( subject.get("[ua][os_name]") ).to eql 'Windows'
+          expect( subject.get("[ua][os_major]") ).to eql 'XP'
+          expect( subject.get("[ua][os_minor]") ).to be nil
+          expect( subject.get("[ua][device]") ).to eql 'Other'
+        end
+      end
+      # # Windows 8.1
+      sample "Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Safari/537.36 Edge/12.246" do
+        expect( subject.to_hash ).to include("ua")
+        expect( subject.get("[ua][name]") ).to eql 'Edge'
+        if ecs_compatibility?
+          expect( subject.get("[ua][os][name]") ).to eql 'Windows'
+          expect( subject.get("[ua][os][version]") ).to eql '8.1'
+        else
+          expect( subject.get("[ua][os_name]") ).to eql 'Windows'
+          expect( subject.get("[ua][os_major]") ).to eql '8'
+          expect( subject.get("[ua][os_minor]") ).to eql '1'
+        end
+      end
+      # Windows 10
+      sample "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.90 Safari/537.36 Edg/89.0.774.50" do
+        expect( subject.to_hash ).to include("ua")
+        expect( subject.get("[ua][name]") ).to eql "Edge"
+        if ecs_compatibility?
+          expect( subject.get("[ua][version]") ).to eql "89.0.774.50"
+          expect( subject.get("[ua][os][full]") ).to eql "Windows 10"
+          expect( subject.get("[ua][os][name]") ).to eql "Windows"
+          expect( subject.get("[ua][os][version]") ).to eql '10'
+          ua_metadata = subject.get("[@metadata][filter][user_agent][os]")
+          expect( ua_metadata ).to include 'version' => { 'major' => '10' }
+          expect( subject.get("[ua][device][name]") ).to eql 'Other'
+        else
+          expect( subject.get("[ua][os_name]") ).to eql "Windows"
+          expect( subject.get("[ua][os_major]") ).to eql '10'
+          expect( subject.get("[ua][os_minor]") ).to be nil
+          expect( subject.get("[ua][device]") ).to eql 'Other'
+        end
+      end
+      # Chrome on Linux
+      sample "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.90 Safari/537.36" do
+        expect( subject.to_hash ).to include("ua")
+        expect( subject.get("[ua][name]") ).to eql 'Chrome'
+        if ecs_compatibility?
+          expect( subject.get("[ua][os][name]") ).to eql "Linux"
+          expect( subject.get("[ua][os][version]") ).to be nil
+          expect( subject.get("[ua][device][name]") ).to eql 'Other'
+        else
+          expect( subject.get("[ua][os_name]") ).to eql "Linux"
+          expect( subject.get("[ua][os_major]") ).to be nil
+          expect( subject.get("[ua][os_minor]") ).to be nil
+          expect( subject.get("[ua][device]") ).to eql 'Other'
+        end
+      end
-    sample "Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/26.0.1410.63 Safari/537.31" do
-      insist { subject }.include?("ua")
-      insist { subject.get("[ua][name]") } == "Chrome"
-      insist { subject.get("[ua][os]") } == "Linux"
-      insist { subject.get("[ua][major]") } == "26"
-      insist { subject.get("[ua][minor]") } == "0"
     end
   end
-  describe "manually specified regexes file" do
-    config <<-CONFIG
-      filter {
-        useragent {
-          source => "message"
-          target => "ua"
-          regexes => "build/resources/main/regexes.yaml"
+  context "manually specified regexes file", :ecs_compatibility_support do
+    ecs_compatibility_matrix(:disabled, :v1, :v8 => :v1) do |ecs_select|
+      let(:ecs_compatibility?) { ecs_select.active_mode != :disabled }
+      before(:each) do
+        allow_any_instance_of(described_class).to receive(:ecs_compatibility).and_return(ecs_compatibility)
+      end
+      config <<-CONFIG
+        filter {
+          useragent {
+            source => "message"
+            target => "[ua]"
+            regexes => "build/resources/main/regexes.yaml"
+          }
         }
-      }
-    CONFIG
+      CONFIG
+      sample "Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/26.0.1410.63 Safari/537.31" do
+        expect( subject.to_hash ).to include("ua")
+        if ecs_compatibility?
+          expect( subject.get("[ua][name]") ).to eql "Chrome"
+          expect( subject.get("[ua][os][name]") ).to eql "Linux"
+          expect( subject.get("[ua][version]") ).to eql "26.0.1410.63"
+          expect( subject.get("[@metadata][filter][user_agent][version][major]") ).to eql "26"
+          expect( subject.get("[@metadata][filter][user_agent][version][minor]") ).to eql "0"
+        else
+          expect( subject.get("[ua][name]") ).to eql "Chrome"
+          expect( subject.get("[ua][os]") ).to eql "Linux"
+          expect( subject.get("[ua][major]") ).to eql "26"
+          expect( subject.get("[ua][minor]") ).to eql "0"
+        end
+      end
-    sample "Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/26.0.1410.63 Safari/537.31" do
-      insist { subject }.include?("ua")
-      insist { subject.get("[ua][name]") } == "Chrome"
-      insist { subject.get("[ua][os]") } == "Linux"
-      insist { subject.get("[ua][major]") } == "26"
-      insist { subject.get("[ua][minor]") } == "0"
     end
   end
-  describe "Without target field" do
-    config <<-CONFIG
-      filter {
-        useragent {
-          source => "message"
+  context "without target field", :ecs_compatibility_support do
+    ecs_compatibility_matrix(:disabled, :v1, :v8 => :v1) do |ecs_select|
+      let(:ecs_compatibility?) { ecs_select.active_mode != :disabled }
+      before(:each) do
+        allow_any_instance_of(described_class).to receive(:ecs_compatibility).and_return(ecs_compatibility)
+      end
+      config <<-CONFIG
+        filter {
+          useragent {
+            source => "message"
+          }
         }
-      }
-    CONFIG
+      CONFIG
+      sample "Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/26.0.1410.63 Safari/537.31" do
+        if ecs_compatibility? # [user_agent] default target in ECS
+          expect( subject.get("user_agent") ).to include 'name' => 'Chrome'
+          expect( subject.get("user_agent") ).to include 'os' => hash_including('name' => 'Linux')
+          expect( subject.get("user_agent") ).to include 'version' => '26.0.1410.63'
+        else
+          expect( subject.get("name") ).to eql "Chrome"
+          expect( subject.get("os_name") ).to eql "Linux"
+          expect( subject.get("os") ).to eql "Linux"
+          expect( subject.get("major") ).to eql "26"
+          expect( subject.get("minor") ).to eql "0"
+          expect( subject.get("patch") ).to eql "1410"
+          expect( subject.get("version") ).to eql "26.0.1410.63"
+        end
+      end
+    end
+  end
+  context "nested target field", :ecs_compatibility_support do
+    ecs_compatibility_matrix(:disabled, :v1, :v8 => :v1) do
+      before(:each) do
+        allow_any_instance_of(described_class).to receive(:ecs_compatibility).and_return(ecs_compatibility)
+      end
+      config <<-CONFIG
+        filter {
+          useragent {
+            source => "message"
+            target => "[foo][bar]"
+          }
+        }
+      CONFIG
+      # Facebook App User Agent
+      sample "Mozilla/5.0 (iPhone; CPU iPhone OS 13_3_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) " +
+             "Mobile/15E148 [FBAN/FBIOS;FBDV/iPhone11,8;FBMD/iPhone;FBSN/iOS;FBSV/13.3.1;FBSS/2;FBID/phone;FBLC/en_US;FBOP/5;FBCR/]" do
+        expect( subject ).to include 'foo'
+        expect( subject.get('foo') ).to include 'bar'
+        expect( subject.get('foo')['bar'] ).to include "name" => "Facebook"
+      end
+    end
+  end
+  context "without user agent", :ecs_compatibility_support do
+    ecs_compatibility_matrix(:disabled, :v1, :v8 => :v1) do |ecs_select|
+      let(:ecs_compatibility?) { ecs_select.active_mode != :disabled }
+      before(:each) do
+        allow_any_instance_of(described_class).to receive(:ecs_compatibility).and_return(ecs_compatibility)
+      end
+      config <<-CONFIG
+        filter {
+          useragent {
+            source => "message"
+            target => "ua"
+          }
+        }
+      CONFIG
+      sample "foo" => "bar" do
+        expect( subject.to_hash ).to_not include("ua")
+      end
+      sample "" do
+        expect( subject.to_hash ).to_not include("ua")
+      end
-    sample "Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/26.0.1410.63 Safari/537.31" do
-      insist { subject.get("name") } == "Chrome"
-      insist { subject.get("os") } == "Linux"
-      insist { subject.get("major") } == "26"
-      insist { subject.get("minor") } == "0"
     end
   end
-  describe "Without user agent" do
+  describe "non-exact UA data" do
     config <<-CONFIG
       filter {
         useragent {
           source => "message"
-          target => "ua"
+          target => "user_agent"
         }
       }
     CONFIG
-    sample "foo" => "bar" do
-      reject { subject }.include?("ua")
+    sample 'Prefix DATA! Mozilla/5.0 (Android 11; Mobile; rv:68.0) Gecko/68.0 Firefox/86.0' do
+      expect( subject.to_hash ).to include("user_agent")
+      expect( subject.get('user_agent') ).to include "name" => "Firefox Mobile", "version" => '86.0', "os_name" => "Android"
     end
-    sample "" do
-      reject { subject }.include?("ua")
+  end
+  context "with prefix", :ecs_compatibility_support do
+    ecs_compatibility_matrix(:disabled, :v1, :v8 => :v1) do |ecs_select|
+      let(:message) { 'Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Firefox/78.0' }
+      let(:options) { super().merge('prefix' => 'pre_') }
+      before(:each) do
+        allow_any_instance_of(described_class).to receive(:ecs_compatibility).and_return(ecs_compatibility)
+      end
+      it 'works in legacy mode with prefix (without a warning)' do
+        expect( subject.logger ).to_not receive(:warn)
+        subject.register
+        subject.filter(event)
+        expect( event.to_hash ).to include('pre_name' => 'Firefox', 'pre_version' => '78.0')
+      end if ecs_select.active_mode == :disabled
+      it 'warns in ECS mode (and ignores prefix)' do
+        expect( subject.logger ).to receive(:warn).with %r{Field prefix isn't supported in ECS compatibility mode}
+        subject.register
+        subject.filter(event)
+        expect( event.to_hash.keys.find { |key| key.index('pre_') } ).to be nil
+        expect( event.get('user_agent').keys.find { |key| key.index('pre_') } ).to be nil
+        expect( event.get('user_agent') ).to include('name' => 'Firefox', 'version' => '78.0')
+      end if ecs_select.active_mode != :disabled
     end
   end
-  describe "LRU object identity" do
-    let(:ua_string) { "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.85 Safari/537.36" }
-    let(:uafilter) { LogStash::Filters::UserAgent.new("source" => "foo") }
-    let(:ua_data) { uafilter.lookup_useragent(ua_string) }
+  context "no prefix", :ecs_compatibility_support do
+    ecs_compatibility_matrix(:disabled, :v1, :v8 => :v1) do
-    subject(:target) { LogStash::Event.new("foo" => ua_string) }
+      let(:message) { 'Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Firefox/78.0' }
-    before do
-      uafilter.register
+      before(:each) do
+        allow_any_instance_of(described_class).to receive(:ecs_compatibility).and_return(ecs_compatibility)
+      end
+      it 'does not warn' do
+        expect( subject.logger ).to_not receive(:warn)
+        subject.register
+      end
-      # Stub this out because this UA doesn't have this field
-      allow(ua_data.userAgent).to receive(:patchMinor).and_return("foo")
+    end
+  end
+  describe "LRU object identity" do
-      # expect(event).receive(:lookup_useragent)
-      uafilter.filter(target)
+    let(:ua_data) { subject.send :lookup_useragent, message }
+    before do
+      subject.register
+      subject.filter(event)
     end
     {
       "name" => lambda {|uad| uad.userAgent.family},
-      "os" => lambda {|uad| uad.os.family},
       "os_name" => lambda {|uad| uad.os.family},
       "os_major" => lambda {|uad| uad.os.major},
       "os_minor" => lambda {|uad| uad.os.minor},
@@ -107,11 +450,10 @@ describe LogStash::Filters::UserAgent do
       "major" => lambda {|uad| uad.userAgent.major},
       "minor" => lambda {|uad| uad.userAgent.minor},
       "patch" => lambda {|uad| uad.userAgent.patch},
-      "build" => lambda {|uad| uad.userAgent.patchMinor}
     }.each do |field, uad_getter|
       context "for the #{field} field" do
-        let(:value) {uad_getter.call(ua_data)}
-        let(:target_field) { target.get(field)}
+        let(:value) { uad_getter.call(ua_data) }
+        let(:target_field) { event.get(field) }
         it "should not have a nil value" do
           expect(target_field).to be_truthy
@@ -124,6 +466,10 @@ describe LogStash::Filters::UserAgent do
         it "should dup/clone the field to prevent cache corruption" do
           expect(target_field.object_id).not_to eql(value.object_id)
         end
+        it "should be an utf-8 string" do
+          expect(target_field.encoding.name).to eql 'UTF-8'
+        end
       end
     end
   end
@@ -139,11 +485,25 @@ describe LogStash::Filters::UserAgent do
     CONFIG
     sample "Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/26.0.1410.63 Safari/537.31" do
-      insist { subject.to_hash }.include?("message")
-      insist { subject.get("[message][name]") } == "Chrome"
-      insist { subject.get("[message][os]") } == "Linux"
-      insist { subject.get("[message][major]") } == "26"
-      insist { subject.get("[message][minor]") } == "0"
+      expect( subject.to_hash ).to include("message")
+      expect( subject.get("[message][name]") ).to eql "Chrome"
+      expect( subject.get("[message][os]") ).to eql "Linux"
+      expect( subject.get("[message][major]") ).to eql "26"
+      expect( subject.get("[message][minor]") ).to eql "0"
     end
   end
+  context 'exception handling' do
+    before do
+      subject.register
+      expect(subject).to receive(:lookup_useragent).and_raise RuntimeError.new('this is a test')
+    end
+    it 'errors do not propagate' do
+      expect(subject.logger).to receive(:error).with(/Unknown error while parsing user agent data/, hash_including(exception: RuntimeError, message: 'this is a test'))
+      expect { subject.filter(event) }.not_to raise_error
+    end
+  end
 end

data/vendor/jar-dependencies/org/logstash/filters/logstash-filter-useragent/{3.2.2/logstash-filter-useragent-3.2.2.jar → 3.3.2/logstash-filter-useragent-3.3.2.jar} RENAMED Viewed

Binary file

data/version CHANGED Viewed

	@@ -1 +1 @@
1	- 3.2.2
1	+ 3.3.2

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: logstash-filter-useragent
 version: !ruby/object:Gem::Version
-  version: 3.2.2
+  version: 3.3.2
 platform: java
 authors:
 - Elastic
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2017-11-07 00:00:00.000000000 Z
+date: 2021-11-10 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   requirement: !ruby/object:Gem::Requirement
@@ -30,6 +30,20 @@ dependencies:
     - - "<="
       - !ruby/object:Gem::Version
         version: '2.99'
+- !ruby/object:Gem::Dependency
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.3'
+  name: logstash-mixin-ecs_compatibility_support
+  prerelease: false
+  type: :runtime
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.3'
 - !ruby/object:Gem::Dependency
   requirement: !ruby/object:Gem::Requirement
     requirements:
@@ -63,7 +77,7 @@ files:
 - lib/logstash/filters/useragent.rb
 - logstash-filter-useragent.gemspec
 - spec/filters/useragent_spec.rb
-- vendor/jar-dependencies/org/logstash/filters/logstash-filter-useragent/3.2.2/logstash-filter-useragent-3.2.2.jar
+- vendor/jar-dependencies/org/logstash/filters/logstash-filter-useragent/3.3.2/logstash-filter-useragent-3.3.2.jar
 - version
 homepage: http://www.elastic.co/guide/en/logstash/current/index.html
 licenses:
@@ -87,8 +101,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project:
-rubygems_version: 2.6.11
+rubygems_version: 3.1.6
 signing_key:
 specification_version: 4
 summary: Parses user agent strings into fields